draft-ietf-roll-rpl-10.txt   draft-ietf-roll-rpl-11.txt 
ROLL T. Winter, Ed. ROLL T. Winter, Ed.
Internet-Draft Internet-Draft
Intended status: Standards Track P. Thubert, Ed. Intended status: Standards Track P. Thubert, Ed.
Expires: December 30, 2010 Cisco Systems Expires: January 29, 2011 Cisco Systems
RPL Author Team RPL Author Team
IETF ROLL WG IETF ROLL WG
Jun 28, 2010 July 28, 2010
RPL: IPv6 Routing Protocol for Low power and Lossy Networks RPL: IPv6 Routing Protocol for Low power and Lossy Networks
draft-ietf-roll-rpl-10 draft-ietf-roll-rpl-11
Abstract Abstract
Low power and Lossy Networks (LLNs) are a class of network in which Low power and Lossy Networks (LLNs) are a class of network in which
both the routers and their interconnect are constrained: LLN routers both the routers and their interconnect are constrained: LLN routers
typically operate with constraints on (any subset of) processing typically operate with constraints on (any subset of) processing
power, memory and energy (battery), and their interconnects are power, memory and energy (battery), and their interconnects are
characterized by (any subset of) high loss rates, low data rates and characterized by (any subset of) high loss rates, low data rates and
instability. LLNs are comprised of anything from a few dozen and up instability. LLNs are comprised of anything from a few dozen and up
to thousands of routers, and support point-to-point traffic (between to thousands of routers, and support point-to-point traffic (between
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 30, 2010. This Internet-Draft will expire on January 29, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 7
1.1. Design Principles . . . . . . . . . . . . . . . . . . . 6 1.1. Design Principles . . . . . . . . . . . . . . . . . . . 7
1.2. Expectations of Link Layer Type . . . . . . . . . . . . 7 1.2. Expectations of Link Layer Type . . . . . . . . . . . . 8
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 8 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 11 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 12
3.1. Topology . . . . . . . . . . . . . . . . . . . . . . . . 11 3.1. Topology . . . . . . . . . . . . . . . . . . . . . . . . 12
3.1.1. Topology Identifiers . . . . . . . . . . . . . . . . 11 3.1.1. RPL Identifiers . . . . . . . . . . . . . . . . . . . 12
3.2. Instances, DODAGs, and DODAG Versions . . . . . . . . . 11 3.2. Instances, DODAGs, and DODAG Versions . . . . . . . . . 12
3.3. Upward Routes and DODAG Construction . . . . . . . . . . 13 3.3. Upward Routes and DODAG Construction . . . . . . . . . . 14
3.3.1. Objective Function (OF) . . . . . . . . . . . . . . . 14 3.3.1. Objective Function (OF) . . . . . . . . . . . . . . . 15
3.3.2. DODAG Repair . . . . . . . . . . . . . . . . . . . . 14 3.3.2. DODAG Repair . . . . . . . . . . . . . . . . . . . . 15
3.3.3. Security . . . . . . . . . . . . . . . . . . . . . . 14 3.3.3. Security . . . . . . . . . . . . . . . . . . . . . . 15
3.3.4. Grounded and Floating DODAGs . . . . . . . . . . . . 14 3.3.4. Grounded and Floating DODAGs . . . . . . . . . . . . 16
3.3.5. Local DODAGs . . . . . . . . . . . . . . . . . . . . 14 3.3.5. Local DODAGs . . . . . . . . . . . . . . . . . . . . 16
3.3.6. Administrative Preference . . . . . . . . . . . . . . 15 3.3.6. Administrative Preference . . . . . . . . . . . . . . 16
3.3.7. Datapath Validation and Loop Detection . . . . . . . 15 3.3.7. Datapath Validation and Loop Detection . . . . . . . 16
3.3.8. Distributed Algorithm Operation . . . . . . . . . . . 15 3.3.8. Distributed Algorithm Operation . . . . . . . . . . . 17
3.4. Downward Routes and Destination Advertisement . . . . . 15 3.4. Downward Routes and Destination Advertisement . . . . . 17
3.5. Local DODAGs Route Discovery . . . . . . . . . . . . . . 16 3.5. Local DODAGs Route Discovery . . . . . . . . . . . . . . 17
3.6. Routing Metrics and Constraints Used By RPL . . . . . . 16 3.6. Rank Properties . . . . . . . . . . . . . . . . . . . . 18
3.6.1. Loop Avoidance . . . . . . . . . . . . . . . . . . . 17 3.6.1. Rank Comparison (DAGRank()) . . . . . . . . . . . . . 19
3.6.2. Rank Properties . . . . . . . . . . . . . . . . . . . 18 3.6.2. Rank Relationships . . . . . . . . . . . . . . . . . 19
3.7. Traffic Flows Supported by RPL . . . . . . . . . . . . . 20 3.7. Routing Metrics and Constraints Used By RPL . . . . . . 20
3.7.1. Multipoint-to-Point Traffic . . . . . . . . . . . . . 21 3.8. Loop Avoidance . . . . . . . . . . . . . . . . . . . . . 21
3.7.2. Point-to-Multipoint Traffic . . . . . . . . . . . . . 21 3.8.1. Greediness and Instability . . . . . . . . . . . . . 21
3.7.3. Point-to-Point Traffic . . . . . . . . . . . . . . . 21 3.8.2. DODAG Loops . . . . . . . . . . . . . . . . . . . . . 23
4. RPL Instance . . . . . . . . . . . . . . . . . . . . . . . . 22 3.8.3. DAO Loops . . . . . . . . . . . . . . . . . . . . . . 24
4.1. RPL Instance ID . . . . . . . . . . . . . . . . . . . . 22 4. Traffic Flows Supported by RPL . . . . . . . . . . . . . . . 25
5. ICMPv6 RPL Control Message . . . . . . . . . . . . . . . . . 24 4.1. Multipoint-to-Point Traffic . . . . . . . . . . . . . . 25
5.1. RPL Security Fields . . . . . . . . . . . . . . . . . . 25 4.2. Point-to-Multipoint Traffic . . . . . . . . . . . . . . 25
5.2. DODAG Information Solicitation (DIS) . . . . . . . . . . 30 4.3. Point-to-Point Traffic . . . . . . . . . . . . . . . . . 25
5.2.1. Format of the DIS Base Object . . . . . . . . . . . . 30 5. RPL Instance . . . . . . . . . . . . . . . . . . . . . . . . 26
5.2.2. Secure DIS . . . . . . . . . . . . . . . . . . . . . 31 5.1. RPL Instance ID . . . . . . . . . . . . . . . . . . . . 26
5.2.3. DIS Options . . . . . . . . . . . . . . . . . . . . . 31 6. ICMPv6 RPL Control Message . . . . . . . . . . . . . . . . . 28
5.3. DODAG Information Object (DIO) . . . . . . . . . . . . . 31 6.1. RPL Security Fields . . . . . . . . . . . . . . . . . . 29
5.3.1. Format of the DIO Base Object . . . . . . . . . . . . 31 6.2. DODAG Information Solicitation (DIS) . . . . . . . . . . 34
5.3.2. Secure DIO . . . . . . . . . . . . . . . . . . . . . 33 6.2.1. Format of the DIS Base Object . . . . . . . . . . . . 34
5.3.3. DIO Options . . . . . . . . . . . . . . . . . . . . . 33 6.2.2. Secure DIS . . . . . . . . . . . . . . . . . . . . . 34
5.4. Destination Advertisement Object (DAO) . . . . . . . . . 33 6.2.3. DIS Options . . . . . . . . . . . . . . . . . . . . . 34
5.4.1. Format of the DAO Base Object . . . . . . . . . . . . 34 6.3. DODAG Information Object (DIO) . . . . . . . . . . . . . 35
5.4.2. Secure DAO . . . . . . . . . . . . . . . . . . . . . 34 6.3.1. Format of the DIO Base Object . . . . . . . . . . . . 35
5.4.3. DAO Options . . . . . . . . . . . . . . . . . . . . . 35 6.3.2. Secure DIO . . . . . . . . . . . . . . . . . . . . . 37
5.5. Destination Advertisement Object Acknowledgement 6.3.3. DIO Options . . . . . . . . . . . . . . . . . . . . . 37
(DAO-ACK) . . . . . . . . . . . . . . . . . . . . . . . 35 6.4. Destination Advertisement Object (DAO) . . . . . . . . . 37
5.5.1. Format of the DAO-ACK Base Object . . . . . . . . . . 35 6.4.1. Format of the DAO Base Object . . . . . . . . . . . . 37
5.5.2. Secure DAO-ACK . . . . . . . . . . . . . . . . . . . 36 6.4.2. Secure DAO . . . . . . . . . . . . . . . . . . . . . 39
5.5.3. DAO-ACK Options . . . . . . . . . . . . . . . . . . . 36 6.4.3. DAO Options . . . . . . . . . . . . . . . . . . . . . 39
5.6. Consistency Check (CC) . . . . . . . . . . . . . . . . . 36 6.5. Destination Advertisement Object Acknowledgement
5.6.1. Format of the CC Base Object . . . . . . . . . . . . 36 (DAO-ACK) . . . . . . . . . . . . . . . . . . . . . . . 39
5.6.2. CC Options . . . . . . . . . . . . . . . . . . . . . 38 6.5.1. Format of the DAO-ACK Base Object . . . . . . . . . . 39
5.7. RPL Control Message Options . . . . . . . . . . . . . . 38 6.5.2. Secure DAO-ACK . . . . . . . . . . . . . . . . . . . 41
5.7.1. RPL Control Message Option Generic Format . . . . . . 38 6.5.3. DAO-ACK Options . . . . . . . . . . . . . . . . . . . 41
5.7.2. Pad1 . . . . . . . . . . . . . . . . . . . . . . . . 39 6.6. Consistency Check (CC) . . . . . . . . . . . . . . . . . 41
5.7.3. PadN . . . . . . . . . . . . . . . . . . . . . . . . 39 6.6.1. Format of the CC Base Object . . . . . . . . . . . . 41
5.7.4. Metric Container . . . . . . . . . . . . . . . . . . 40 6.6.2. CC Options . . . . . . . . . . . . . . . . . . . . . 42
5.7.5. Route Information . . . . . . . . . . . . . . . . . . 40 6.7. RPL Control Message Options . . . . . . . . . . . . . . 43
5.7.6. DODAG Configuration . . . . . . . . . . . . . . . . . 42 6.7.1. RPL Control Message Option Generic Format . . . . . . 43
5.7.7. RPL Target . . . . . . . . . . . . . . . . . . . . . 43 6.7.2. Pad1 . . . . . . . . . . . . . . . . . . . . . . . . 43
5.7.8. Transit Information . . . . . . . . . . . . . . . . . 45 6.7.3. PadN . . . . . . . . . . . . . . . . . . . . . . . . 44
5.7.9. Solicited Information . . . . . . . . . . . . . . . . 46 6.7.4. Metric Container . . . . . . . . . . . . . . . . . . 44
5.7.10. Prefix Information . . . . . . . . . . . . . . . . . 48 6.7.5. Route Information . . . . . . . . . . . . . . . . . . 45
6. Sequence Counters . . . . . . . . . . . . . . . . . . . . . . 51 6.7.6. DODAG Configuration . . . . . . . . . . . . . . . . . 47
7. Upward Routes . . . . . . . . . . . . . . . . . . . . . . . . 53 6.7.7. RPL Target . . . . . . . . . . . . . . . . . . . . . 49
7.1. DIO Base Rules . . . . . . . . . . . . . . . . . . . . . 53 6.7.8. Transit Information . . . . . . . . . . . . . . . . . 50
7.2. Upward Route Discovery and Maintenance . . . . . . . . . 53 6.7.9. Solicited Information . . . . . . . . . . . . . . . . 53
7.2.1. Neighbors and Parents within a DODAG Version . . . . 53 6.7.10. Prefix Information . . . . . . . . . . . . . . . . . 55
7.2.2. Neighbors and Parents across DODAG Versions . . . . . 54 6.7.11. RPL Target descriptor . . . . . . . . . . . . . . . . 57
7.2.3. DIO Message Communication . . . . . . . . . . . . . . 58 7. Sequence Counters . . . . . . . . . . . . . . . . . . . . . . 59
7.3. DIO Transmission . . . . . . . . . . . . . . . . . . . . 59 7.1. Sequence Counter Overview . . . . . . . . . . . . . . . 59
7.3.1. Trickle Parameters . . . . . . . . . . . . . . . . . 60 7.2. Sequence Counter Operation . . . . . . . . . . . . . . . 60
7.4. DODAG Selection . . . . . . . . . . . . . . . . . . . . 60 8. Upward Routes . . . . . . . . . . . . . . . . . . . . . . . . 62
7.5. Operation as a Leaf Node . . . . . . . . . . . . . . . . 60 8.1. DIO Base Rules . . . . . . . . . . . . . . . . . . . . . 62
7.6. Administrative Rank . . . . . . . . . . . . . . . . . . 61 8.2. Upward Route Discovery and Maintenance . . . . . . . . . 62
8. Downward Routes . . . . . . . . . . . . . . . . . . . . . . . 62 8.2.1. Neighbors and Parents within a DODAG Version . . . . 62
8.1. Destination Advertisement Parents . . . . . . . . . . . 62 8.2.2. Neighbors and Parents across DODAG Versions . . . . . 63
8.2. Downward Route Discovery and Maintenance . . . . . . . . 62 8.2.3. DIO Message Communication . . . . . . . . . . . . . . 68
8.3. DAO Base Rules . . . . . . . . . . . . . . . . . . . . . 63 8.3. DIO Transmission . . . . . . . . . . . . . . . . . . . . 69
8.4. DAO Transmission Scheduling . . . . . . . . . . . . . . 64 8.3.1. Trickle Parameters . . . . . . . . . . . . . . . . . 69
8.5. Triggering DAO Messages . . . . . . . . . . . . . . . . 64
8.6. Structure of DAO Messages . . . . . . . . . . . . . . . 65 8.4. DODAG Selection . . . . . . . . . . . . . . . . . . . . 70
8.7. Non-storing Mode . . . . . . . . . . . . . . . . . . . . 65 8.5. Operation as a Leaf Node . . . . . . . . . . . . . . . . 70
8.8. Storing Mode . . . . . . . . . . . . . . . . . . . . . . 66 8.6. Administrative Rank . . . . . . . . . . . . . . . . . . 71
8.9. Path Control . . . . . . . . . . . . . . . . . . . . . . 67 9. Downward Routes . . . . . . . . . . . . . . . . . . . . . . . 72
8.10. Multicast Destination Advertisement Messages . . . . . . 68 9.1. Destination Advertisement Parents . . . . . . . . . . . 72
9. Security Mechanisms . . . . . . . . . . . . . . . . . . . . . 69 9.2. Downward Route Discovery and Maintenance . . . . . . . . 73
9.1. Security Overview . . . . . . . . . . . . . . . . . . . 69 9.2.1. Maintenance of Path Sequence . . . . . . . . . . . . 73
9.2. Installing Keys . . . . . . . . . . . . . . . . . . . . 70 9.2.2. Generation of DAO Messages . . . . . . . . . . . . . 74
9.3. Joining a Secure Network . . . . . . . . . . . . . . . . 70 9.3. DAO Base Rules . . . . . . . . . . . . . . . . . . . . . 74
9.4. Counter and Counter Compression . . . . . . . . . . . . 71 9.4. DAO Transmission Scheduling . . . . . . . . . . . . . . 75
9.4.1. Timestamp Counters . . . . . . . . . . . . . . . . . 72 9.5. Triggering DAO Messages . . . . . . . . . . . . . . . . 75
9.5. Functional Description of Packet Protection . . . . . . 72 9.6. Structure of DAO Messages . . . . . . . . . . . . . . . 76
9.5.1. Transmission of Outgoing Packets . . . . . . . . . . 72 9.7. Non-storing Mode . . . . . . . . . . . . . . . . . . . . 78
9.5.2. Reception of Incoming Packets . . . . . . . . . . . . 74 9.8. Storing Mode . . . . . . . . . . . . . . . . . . . . . . 79
9.5.3. Cryptographic Mode of Operation . . . . . . . . . . . 76 9.9. Path Control . . . . . . . . . . . . . . . . . . . . . . 79
9.6. Coverage of Integrity and Confidentiality . . . . . . . 77 9.9.1. Path Control Example . . . . . . . . . . . . . . . . 81
10. Packet Forwarding and Loop Avoidance/Detection . . . . . . . 78 9.10. Multicast Destination Advertisement Messages . . . . . . 83
10.1. Suggestions for Packet Forwarding . . . . . . . . . . . 78 10. Security Mechanisms . . . . . . . . . . . . . . . . . . . . . 84
10.2. Loop Avoidance and Detection . . . . . . . . . . . . . . 79 10.1. Security Overview . . . . . . . . . . . . . . . . . . . 84
10.2.1. Source Node Operation . . . . . . . . . . . . . . . . 80 10.2. Joining a Secure Network . . . . . . . . . . . . . . . . 85
10.2.2. Router Operation . . . . . . . . . . . . . . . . . . 80 10.3. Installing Keys . . . . . . . . . . . . . . . . . . . . 86
11. Multicast Operation . . . . . . . . . . . . . . . . . . . . . 83 10.4. Consistency Checks . . . . . . . . . . . . . . . . . . . 86
12. Maintenance of Routing Adjacency . . . . . . . . . . . . . . 85 10.5. Counters . . . . . . . . . . . . . . . . . . . . . . . . 87
13. Guidelines for Objective Functions . . . . . . . . . . . . . 86 10.6. Transmission of Outgoing Packets . . . . . . . . . . . . 88
13.1. Objective Function Behavior . . . . . . . . . . . . . . 86 10.7. Reception of Incoming Packets . . . . . . . . . . . . . 89
14. Suggestions for Interoperation with Neighbor Discovery . . . 88 10.7.1. Timestamp Key Checks . . . . . . . . . . . . . . . . 90
15. RPL Constants and Variables . . . . . . . . . . . . . . . . . 89 10.8. Coverage of Integrity and Confidentiality . . . . . . . 91
16. Manageability Considerations . . . . . . . . . . . . . . . . 91 10.9. Cryptographic Mode of Operation . . . . . . . . . . . . 91
16.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 91 10.9.1. Nonce . . . . . . . . . . . . . . . . . . . . . . . . 91
16.2. Configuration Management . . . . . . . . . . . . . . . . 92 10.9.2. Signatures . . . . . . . . . . . . . . . . . . . . . 92
16.2.1. Initialization Mode . . . . . . . . . . . . . . . . . 92 11. Packet Forwarding and Loop Avoidance/Detection . . . . . . . 94
16.2.2. DIO and DAO Base Message and Options Configuration . 92 11.1. Suggestions for Packet Forwarding . . . . . . . . . . . 94
16.2.3. Protocol Parameters to be configured on every 11.2. Loop Avoidance and Detection . . . . . . . . . . . . . . 95
router in the LLN . . . . . . . . . . . . . . . . . . 93 11.2.1. Source Node Operation . . . . . . . . . . . . . . . . 96
16.2.4. Protocol Parameters to be configured on every 11.2.2. Router Operation . . . . . . . . . . . . . . . . . . 96
non-root router in the LLN . . . . . . . . . . . . . 93 12. Multicast Operation . . . . . . . . . . . . . . . . . . . . . 99
16.2.5. Parameters to be configured on the DODAG root . . . . 94 13. Maintenance of Routing Adjacency . . . . . . . . . . . . . . 101
16.2.6. Configuration of RPL Parameters related to 14. Guidelines for Objective Functions . . . . . . . . . . . . . 102
DAO-based mechanisms . . . . . . . . . . . . . . . . 95 14.1. Objective Function Behavior . . . . . . . . . . . . . . 102
16.2.7. Default Values . . . . . . . . . . . . . . . . . . . 96 15. Suggestions for Interoperation with Neighbor Discovery . . . 104
16.3. Monitoring of RPL Operation . . . . . . . . . . . . . . 96 16. RPL Constants and Variables . . . . . . . . . . . . . . . . . 105
16.3.1. Monitoring a DODAG parameters . . . . . . . . . . . . 96 17. Manageability Considerations . . . . . . . . . . . . . . . . 107
16.3.2. Monitoring a DODAG inconsistencies and loop 17.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 107
detection . . . . . . . . . . . . . . . . . . . . . . 97 17.2. Configuration Management . . . . . . . . . . . . . . . . 108
16.4. Monitoring of the RPL data structures . . . . . . . . . 98 17.2.1. Initialization Mode . . . . . . . . . . . . . . . . . 108
16.4.1. Candidate Neighbor Data Structure . . . . . . . . . . 98 17.2.2. DIO and DAO Base Message and Options Configuration . 109
16.4.2. Destination Oriented Directed Acyclic Graph (DAG) 17.2.3. Protocol Parameters to be configured on every
Table . . . . . . . . . . . . . . . . . . . . . . . . 98 router in the LLN . . . . . . . . . . . . . . . . . . 109
16.4.3. Routing Table and DAO Routing Entries . . . . . . . . 99
16.5. Fault Management . . . . . . . . . . . . . . . . . . . . 100 17.2.4. Protocol Parameters to be configured on every
16.6. Policy . . . . . . . . . . . . . . . . . . . . . . . . . 100 non-DODAG-root router in the LLN . . . . . . . . . . 110
16.7. Liveness Detection and Monitoring . . . . . . . . . . . 101 17.2.5. Parameters to be configured on the DODAG root . . . . 110
16.8. Fault Isolation . . . . . . . . . . . . . . . . . . . . 102 17.2.6. Configuration of RPL Parameters related to
16.9. Impact on Other Protocols . . . . . . . . . . . . . . . 102 DAO-based mechanisms . . . . . . . . . . . . . . . . 111
16.10. Performance Management . . . . . . . . . . . . . . . . . 102 17.2.7. Default Values . . . . . . . . . . . . . . . . . . . 112
17. Security Considerations . . . . . . . . . . . . . . . . . . . 104 17.3. Monitoring of RPL Operation . . . . . . . . . . . . . . 112
17.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 104 17.3.1. Monitoring a DODAG parameters . . . . . . . . . . . . 112
18. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 106 17.3.2. Monitoring a DODAG inconsistencies and loop
18.1. RPL Control Message . . . . . . . . . . . . . . . . . . 106 detection . . . . . . . . . . . . . . . . . . . . . . 113
18.2. New Registry for RPL Control Codes . . . . . . . . . . . 106 17.4. Monitoring of the RPL data structures . . . . . . . . . 114
18.3. New Registry for the Mode of Operation (MOP) DIO 17.4.1. Candidate Neighbor Data Structure . . . . . . . . . . 114
Control Field . . . . . . . . . . . . . . . . . . . . . 107 17.4.2. Destination Oriented Directed Acyclic Graph (DAG)
18.4. RPL Control Message Option . . . . . . . . . . . . . . . 107 Table . . . . . . . . . . . . . . . . . . . . . . . . 114
18.5. Objective Code Point (OCP) Registry . . . . . . . . . . 108 17.4.3. Routing Table and DAO Routing Entries . . . . . . . . 115
18.6. ICMPv6: Error in Source Routing Header . . . . . . . . . 108 17.5. Fault Management . . . . . . . . . . . . . . . . . . . . 116
18.7. Link-Local Scope multicast address . . . . . . . . . . . 108 17.6. Policy . . . . . . . . . . . . . . . . . . . . . . . . . 116
19. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 110 17.7. Liveness Detection and Monitoring . . . . . . . . . . . 118
20. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 111 17.8. Fault Isolation . . . . . . . . . . . . . . . . . . . . 118
21. References . . . . . . . . . . . . . . . . . . . . . . . . . 113 17.9. Impact on Other Protocols . . . . . . . . . . . . . . . 118
21.1. Normative References . . . . . . . . . . . . . . . . . . 113 17.10. Performance Management . . . . . . . . . . . . . . . . . 118
21.2. Informative References . . . . . . . . . . . . . . . . . 113 18. Security Considerations . . . . . . . . . . . . . . . . . . . 120
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 117 18.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . 120
19. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 122
19.1. RPL Control Message . . . . . . . . . . . . . . . . . . 122
19.2. New Registry for RPL Control Codes . . . . . . . . . . . 122
19.3. New Registry for the Mode of Operation (MOP) DIO
Control Field . . . . . . . . . . . . . . . . . . . . . 123
19.4. RPL Control Message Option . . . . . . . . . . . . . . . 123
19.5. Objective Code Point (OCP) Registry . . . . . . . . . . 124
19.6. New Registry for the Security Section Flags . . . . . . 124
19.7. New Registry for the Key Identification Mode . . . . . . 125
19.8. New Registry for the KIM levels . . . . . . . . . . . . 125
19.9. New Registry for the DIS (DODAG Informational
Solicitation) Flags . . . . . . . . . . . . . . . . . . 126
19.10. New Registry for the DODAG Information Object (DIO)
Flags . . . . . . . . . . . . . . . . . . . . . . . . . 127
19.11. New Registry for the Destination Advertisement Object
(DAO) Flags . . . . . . . . . . . . . . . . . . . . . . 127
19.12. New Registry for the Destination Advertisement Object
(DAO) Flags . . . . . . . . . . . . . . . . . . . . . . 128
19.13. New Registry for the Consistency Check (CC) Flags . . . 128
19.14. New Registry for the DODAG Configuration Option Flags . 129
19.15. New Registry for the RPL Target Option Flags . . . . . . 129
19.16. New Registry for the Transit Information Option Flags . 129
19.17. New Registry for the Solicited Information Option
Flags . . . . . . . . . . . . . . . . . . . . . . . . . 130
19.18. ICMPv6: Error in Source Routing Header . . . . . . . . . 131
19.19. Link-Local Scope multicast address . . . . . . . . . . . 131
20. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 132
21. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 133
22. References . . . . . . . . . . . . . . . . . . . . . . . . . 135
22.1. Normative References . . . . . . . . . . . . . . . . . . 135
22.2. Informative References . . . . . . . . . . . . . . . . . 136
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 139
1. Introduction 1. Introduction
Low power and Lossy Networks (LLNs) consist of largely of constrained Low power and Lossy Networks (LLNs) consist of largely of constrained
nodes (with limited processing power, memory, and sometimes energy nodes (with limited processing power, memory, and sometimes energy
when they are battery operated). These routers are interconnected by when they are battery operated or energy scavenging). These routers
lossy links, typically supporting only low data rates, that are are interconnected by lossy links, typically supporting only low data
usually unstable with relatively low packet delivery rates. Another rates, that are usually unstable with relatively low packet delivery
characteristic of such networks is that the traffic patterns are not rates. Another characteristic of such networks is that the traffic
simply point-to-point, but in many cases point-to-multipoint or patterns are not simply point-to-point, but in many cases point-to-
multipoint-to-point. Furthermore such networks may potentially multipoint or multipoint-to-point. Furthermore such networks may
comprise up to thousands of nodes. These characteristics offer potentially comprise up to thousands of nodes. These characteristics
unique challenges to a routing solution: the IETF ROLL Working Group offer unique challenges to a routing solution: the IETF ROLL Working
has defined application-specific routing requirements for a Low power Group has defined application-specific routing requirements for a Low
and Lossy Network (LLN) routing protocol, specified in [RFC5867], power and Lossy Network (LLN) routing protocol, specified in
[RFC5826], [RFC5673], and [RFC5548]. [RFC5867], [RFC5826], [RFC5673], and [RFC5548].
This document specifies the IPv6 Routing Protocol for Low power and This document specifies the IPv6 Routing Protocol for Low power and
lossy networks (RPL). Note that although RPL was specified according lossy networks (RPL). Note that although RPL was specified according
to the requirements set forth in the aforementioned requirement to the requirements set forth in the aforementioned requirement
documents, its use is in no way limited to these applications. documents, its use is in no way limited to these applications.
1.1. Design Principles 1.1. Design Principles
RPL was designed with the objective to meet the requirements spelled RPL was designed with the objective to meet the requirements spelled
out in [RFC5867], [RFC5826], [RFC5673], and [RFC5548]. out in [RFC5867], [RFC5826], [RFC5673], and [RFC5548].
skipping to change at page 7, line 10 skipping to change at page 8, line 10
A set of companion documents to this specification will provide A set of companion documents to this specification will provide
further guidance in the form of applicability statements specifying a further guidance in the form of applicability statements specifying a
set of operating points appropriate to the Building Automation, Home set of operating points appropriate to the Building Automation, Home
Automation, Industrial, and Urban application scenarios. Automation, Industrial, and Urban application scenarios.
1.2. Expectations of Link Layer Type 1.2. Expectations of Link Layer Type
In compliance with the layered architecture of IP, RPL does not rely In compliance with the layered architecture of IP, RPL does not rely
on any particular features of a specific link layer technology. RPL on any particular features of a specific link layer technology. RPL
is designed to be able to operate over a variety of different link is designed to be able to operate over a variety of different link
layers, including but not limited to, low power wireless or PLC layers, including ones that are constrained, potentially lossy, or
typically utilized in conjunction with highly constrained host or
router devices, such as but not limited to, low power wireless or PLC
(Power Line Communication) technologies. (Power Line Communication) technologies.
Implementers may find [RFC3819] a useful reference when designing a Implementers may find [RFC3819] a useful reference when designing a
link layer interface between RPL and a particular link layer link layer interface between RPL and a particular link layer
technology. technology.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
skipping to change at page 8, line 32 skipping to change at page 9, line 32
edge. Because the graph is acyclic, by definition all DAGs edge. Because the graph is acyclic, by definition all DAGs
must have at least one DAG root and all paths terminate at a must have at least one DAG root and all paths terminate at a
DAG root. DAG root.
Destination Oriented DAG (DODAG): A DAG rooted at a single Destination Oriented DAG (DODAG): A DAG rooted at a single
destination, i.e. at a single DAG root (the DODAG root) with no destination, i.e. at a single DAG root (the DODAG root) with no
outgoing edges. outgoing edges.
DODAG root: A DODAG root is the DAG root of a DODAG. DODAG root: A DODAG root is the DAG root of a DODAG.
Virtual DODAG root: A Virtual DODAG root is the result of two or
more RPL routers, most typically LBRs, coordinating to
synchronize DODAG state and act in concert as if they are a
single DODAG root (with multiple interfaces), with respect to
the LLN. The coordination most likely occurs between powered
devices over a reliable transit link, and the details of that
scheme are beyond the scope of this specification.
Up: Up refers to the direction from leaf nodes towards DODAG roots, Up: Up refers to the direction from leaf nodes towards DODAG roots,
following DODAG edges. This follows the common terminology following DODAG edges. This follows the common terminology
used in graphs and depth-first-search, where vertices further used in graphs and depth-first-search, where vertices further
from the root are "deeper," or "down," and vertices closer to from the root are "deeper," or "down," and vertices closer to
the root are "shallower," or "up." the root are "shallower," or "up".
Down: Down refers to the direction from DODAG roots towards leaf Down: Down refers to the direction from DODAG roots towards leaf
nodes, in the reverse direction of DODAG edges. This follows nodes, in the reverse direction of DODAG edges. This follows
the common terminology used in graphs and depth-first-search, the common terminology used in graphs and depth-first-search,
where vertices further from the root are "deeper," or "down," where vertices further from the root are "deeper," or "down,"
and vertices closer to the root are "shallower," or "up." and vertices closer to the root are "shallower," or "up".
Rank: A node's Rank defines the node's individual position relative Rank: A node's Rank defines the node's individual position relative
to other nodes with respect to a DODAG root. Rank strictly to other nodes with respect to a DODAG root. Rank strictly
increases in the down direction and strictly decreases in the increases in the Down direction and strictly decreases in the
up direction. The exact way Rank is computed depends on the Up direction. The exact way Rank is computed depends on the
DAG's Objective Function (OF). The Rank may analogously track DAG's Objective Function (OF). The Rank may analogously track
a simple topological distance, may be calculated as a function a simple topological distance, may be calculated as a function
of link metrics, and may consider other properties such as of link metrics, and may consider other properties such as
constraints. constraints.
Objective Function (OF): Defines which routing metrics, optimization Objective Function (OF): Defines how routing metrics, optimization
objectives, and related functions a DAG uses to compute Rank. objectives, and related functions are used to compute Rank.
Furthermore, the OF dictates how parents in the DODAG are
selected and thus the DODAG formation itself.
Objective Code Point (OCP): An identifier that indicates which Objective Code Point (OCP): An identifier that indicates which
Objective Function the DODAG uses. Objective Function the DODAG uses.
RPLInstanceID: A unique identifier within a network. Two DODAGs RPLInstanceID: A unique identifier within a network. DODAGs with
with the same RPLInstanceID share the same Objective Function. the same RPLInstanceID share the same Objective Function.
RPL Instance: A set of one or more DODAGs that share a RPL Instance: A set of one or more DODAGs that share a
RPLInstanceID. A RPL node can belong to at most one DODAG in a RPLInstanceID. A RPL node can belong to at most one DODAG in a
RPL Instance. Each RPL Instance operates independently of RPL Instance. Each RPL Instance operates independently of
other RPL Instances. This document describes operation within other RPL Instances. This document describes operation within
a single RPL Instance. a single RPL Instance.
DODAGID: The identifier of a DODAG root. The DODAGID must be unique DODAGID: The identifier of a DODAG root. The DODAGID is unique
within the scope of a RPL Instance in the LLN. The tuple within the scope of a RPL Instance in the LLN. The tuple
(RPLInstanceID, DODAGID) uniquely identifies a DODAG. (RPLInstanceID, DODAGID) uniquely identifies a DODAG.
DODAG Version: A specific sequence number iteration ("version") of a DODAG Version: A specific iteration ("Version") of a DODAG with a
DODAG with a given DODAGID. given DODAGID.
DODAGVersionNumber: A sequential counter that is incremented by the DODAGVersionNumber: A sequential counter that is incremented by the
root to form a new Version of a DODAG. A DODAG Version is root to form a new Version of a DODAG. A DODAG Version is
identified uniquely by the (RPLInstanceID, DODAGID, identified uniquely by the (RPLInstanceID, DODAGID,
DODAGVersionNumber) tuple. DODAGVersionNumber) tuple.
Goal: The Goal is a application specific goal that is defined outside Goal: The Goal is an application specific goal that is defined
the scope of RPL. Any node that roots a DODAG will need to outside the scope of RPL. Any node that roots a DODAG will
know about this Goal to decide if the Goal can be satisfied or need to know about this Goal to decide if the Goal can be
not. A typical Goal is to construct the DODAG according to a satisfied or not. A typical Goal is to construct the DODAG
specific objective function and to keep connectivity to a set according to a specific objective function and to keep
of hosts (e.g. to use an objective function that minimizes ETX connectivity to a set of hosts (e.g. to use an objective
and to be connected to a specific database host to store the function that minimizes a metric and to be connected to a
collected data). specific database host to store the collected data).
Grounded: A DODAG is grounded when the DODAG root can satisfy the Grounded: A DODAG is grounded when the DODAG root can satisfy the
Goal. Goal.
Floating: A DODAG is floating if is not Grounded. A floating DODAG Floating: A DODAG is floating if it is not Grounded. A floating
is not expected to have the properties required to satisfy the DODAG is not expected to have the properties required to
goal. It may, however, provide connectivity to other nodes satisfy the goal. It may, however, provide connectivity to
within the DODAG. other nodes within the DODAG.
DODAG parent: A parent of a node within a DODAG is one of the DODAG parent: A parent of a node within a DODAG is one of the
immediate successors of the node on a path towards the DODAG immediate successors of the node on a path towards the DODAG
root. A DODAG parent's Rank is lower than the node's. (See root. A DODAG parent's Rank is lower than the node's. (See
Section 3.6.2.1). Section 3.6.1).
Sub-DODAG The sub-DODAG of a node is the set of other nodes whose Sub-DODAG The sub-DODAG of a node is the set of other nodes whose
paths to the DODAG root pass through that node. Nodes in the paths to the DODAG root pass through that node. Nodes in the
sub-DODAG of a node have a greater Rank than that node itself. sub-DODAG of a node have a greater Rank than that node itself.
(See Section 3.6.2.1) (See Section 3.6.1).
Local DODAG: Local DODAGs contain one and only one root node, and
allows that single root node to allocate and manage a RPL
Instance, identified by a local RPLInstanceID, without
coordination with other nodes. This is typically done in order
to optimize routes to a destination withing the LLN. See
Section 5.
Global DODAG: A Global DODAG uses a global RPLInstanceID that may be
coordinated among several other nodes. See Section 5.
As they form networks, LLN devices often mix the roles of 'host' and As they form networks, LLN devices often mix the roles of 'host' and
'router' when compared to traditional IP networks. In this document, 'router' when compared to traditional IP networks. In this document,
'host' refers to an LLN device that can generate but does not forward 'host' refers to an LLN device that can generate but does not forward
RPL traffic, 'router' refers to an LLN device that can forward as RPL traffic, 'router' refers to an LLN device that can forward as
well as generate RPL traffic, and 'node' refers to any RPL device, well as generate RPL traffic, and 'node' refers to any RPL device,
either a host or a router. either a host or a router.
3. Protocol Overview 3. Protocol Overview
The aim of this section is to describe RPL in the spirit of The aim of this section is to describe RPL in the spirit of
[RFC4101]. Protocol details can be found in further sections. [RFC4101]. Protocol details can be found in further sections.
3.1. Topology 3.1. Topology
This section describes how the basic RPL topologies, and the rules by This section describes the basic RPL topologies that may be formed,
which these are constructed, i.e. the rules governing DODAG and the rules by which these are constructed, i.e. the rules
formation. governing DODAG formation.
3.1.1. Topology Identifiers 3.1.1. RPL Identifiers
RPL uses four identifiers to maintain the topology: RPL uses four values to identify and maintain a topology:
o The first is a RPLInstanceID. A RPLInstanceID identifies a set of o The first is a RPLInstanceID. A RPLInstanceID identifies a set of
one or more DODAGs. All DODAGs in the same RPL Instance use the one or more Destination Oriented DAGs (DODAGs). A network may
same Objective Function. A network may have multiple have multiple RPLInstanceIDs, each of which defines an independent
RPLInstanceIDs, each of which defines an independent set of set of DODAGs, which may be optimized for different Objective
DODAGs, which may be optimized for different OFs and/or Functions (OFs) and/or applications. The set of DODAGs identified
applications. The set of DODAGs identified by a RPLInstanceID is by a RPLInstanceID is called a RPL Instance. All DODAGs in the
called a RPL Instance. same RPL Instance use the same OF.
o The second is a DODAGID. The scope of a DODAGID is a RPL o The second is a DODAGID. The scope of a DODAGID is a RPL
Instance. The combination of RPLInstanceID and DODAGID uniquely Instance. The combination of RPLInstanceID and DODAGID uniquely
identifies a single DODAG in the network. A RPL Instance may have identifies a single DODAG in the network. A RPL Instance may have
multiple DODAGs, each of which has an unique DODAGID. multiple DODAGs, each of which has an unique DODAGID.
o The third is a DODAGVersionNumber. The scope of a o The third is a DODAGVersionNumber. The scope of a
DODAGVersionNumber is a DODAG. A DODAG is sometimes reconstructed DODAGVersionNumber is a DODAG. A DODAG is sometimes reconstructed
from the DODAG root, by incrementing the DODAGVersionNumber. The from the DODAG root, by incrementing the DODAGVersionNumber. The
combination of RPLInstanceID, DODAGID, and DODAGVersionNumber combination of RPLInstanceID, DODAGID, and DODAGVersionNumber
uniquely identifies a DODAG Version. uniquely identifies a DODAG Version.
o The fourth is Rank. The scope of Rank is a DODAG Version. Rank o The fourth is Rank. The scope of Rank is a DODAG Version. Rank
establishes a partial order over a DODAG Version, defining establishes a partial order over a DODAG Version, defining
individual node positions with respect to the DODAG root. individual node positions with respect to the DODAG root.
3.2. Instances, DODAGs, and DODAG Versions 3.2. Instances, DODAGs, and DODAG Versions
A RPL Instance contains one or more Destination Oriented DAG (DODAG) A RPL Instance contains one or more DODAG roots. A RPL Instance may
roots. A RPL Instance may provide routes to certain destination provide routes to certain destination prefixes, reachable via the
prefixes, reachable via the DODAG roots or alternate paths within the DODAG roots or alternate paths within the DODAG. These roots may
DODAG. These roots may operate independently, or may coordinate over operate independently, or may coordinate over a network that is not
a non-LLN backchannel. necessarily as constrained as a LLN.
A RPL Instance may comprise: A RPL Instance may comprise:
o a single DODAG with a single root o a single DODAG with a single root
* For example, a DODAG optimized to minimize latency rooted at a * For example, a DODAG optimized to minimize latency rooted at a
single centralized lighting controller in a home automation single centralized lighting controller in a home automation
application. application.
o multiple uncoordinated DODAGs with independent roots (differing o multiple uncoordinated DODAGs with independent roots (differing
DODAGIDs) DODAGIDs)
* For example, multiple data collection points in an urban data * For example, multiple data collection points in an urban data
collection application that do not have an always-on backbone collection application that do not have suitable connectivity
suitable to coordinate to form a single DODAG, and further use to coordinate with each other, or that use the formation of
the formation of multiple DODAGs as a means to dynamically and multiple DODAGs as a means to dynamically and autonomously
autonomously partition the network. partition the network.
o a single DODAG with a single virtual root coordinating LLN sinks o a single DODAG with a virtual root that coordinates LLN sinks
(with the same DODAGID) over some non-LLN backbone (with the same DODAGID) over a backbone network.
* For example, multiple border routers operating with a reliable * For example, multiple border routers operating with a reliable
backbone, e.g. in support of a 6LowPAN application, that are transit link, e.g. in support of a 6LowPAN application, that
capable to act as logically equivalent sinks to the same DODAG. are capable to act as logically equivalent interfaces to the
sink of the same DODAG.
o a combination of the above as suited to some application scenario. o a combination of the above as suited to some application scenario.
Each RPL packet has meta-data that associates it with a particular Each RPL packet is associated with a particular RPLInstanceID (see
RPLInstanceID and therefore RPL Instance.(Section 4). The Section 11.2) and therefore RPL Instance (Section 5). The
provisioning or automated discovery of a mapping between a provisioning or automated discovery of a mapping between a
RPLInstanceID and a type or service of application traffic is beyond RPLInstanceID and a type or service of application traffic is beyond
the scope of this specification. the scope of this specification.
Figure 1 depicts an example of a RPL Instance comprising three DODAGs Figure 1 depicts an example of a RPL Instance comprising three DODAGs
with DODAG Roots R1, R2, and R3. Figure 2 depicts how a DODAG with DODAG Roots R1, R2, and R3. Each of these DODAG Roots
version number increment leads to a new DODAG Version. advertises the same RPLInstanceID. The lines depict connectivity
between parents and children. Although tree-like DODAGs are depicted
for simplicity, the DODAG structure allows for each node to have
multiple parents when the connectivity supports it.
Figure 2 depicts how a DODAG Version number increment leads to a new
DODAG Version. This depiction illustrates a DODAG Version number
increment that results in a different DODAG topology. Note that a
new DODAG Version does not always imply a different DODAG topology.
To accommodate certain topology changes requires a new DODAG Version,
as described later in this specification.
+----------------------------------------------------------------+ +----------------------------------------------------------------+
| | | |
| +--------------+ | | +--------------+ |
| | | | | | | |
| | (R1) | (R2) (R3) | | | (R1) | (R2) (R3) |
| | / \ | /| \ / | \ | | | / \ | /| \ / | \ |
| | / \ | / | \ / | \ | | | / \ | / | \ / | \ |
| | (A) (B) | (C) | (D) ... (F) (G) (H) | | | (A) (B) | (C) | (D) ... (F) (G) (H) |
| | /|\ |\ | / | |\ | | | | | | /|\ |\ | / | |\ | | | |
skipping to change at page 13, line 45 skipping to change at page 14, line 45
| | | |\ | | | | |\ |
| | | : : | | | | : : |
| | | | | | | |
+----------------+ +----------------+ +----------------+ +----------------+
Version N Version N+1 Version N Version N+1
Figure 2: DODAG Version Figure 2: DODAG Version
3.3. Upward Routes and DODAG Construction 3.3. Upward Routes and DODAG Construction
RPL provisions routes up towards DODAG roots, forming a DODAG RPL provisions routes Up towards DODAG roots, forming a DODAG
optimized according to an Objective Function (OF). RPL nodes optimized according to an Objective Function (OF). RPL nodes
construct and maintain these DODAGs through DODAG Information Object construct and maintain these DODAGs through DODAG Information Object
(DIO) messages. (DIO) messages.
3.3.1. Objective Function (OF) 3.3.1. Objective Function (OF)
The Objective Function (OF) defines how RPL nodes select and optimize The Objective Function (OF) defines how RPL nodes select and optimize
routes within a RPL Instance. The OF is identified by an Objective routes within a RPL Instance. The OF is identified by an Objective
Code Point (OCP) within the DIO Configuration option. An OF defines Code Point (OCP) within the DIO Configuration option. An OF defines
how nodes translate one or more metrics and constraints, which are how nodes translate one or more metrics and constraints, which are
themselves defined in [I-D.ietf-roll-routing-metrics], into a value themselves defined in [I-D.ietf-roll-routing-metrics], into a value
called Rank, which approximates the node's distance from a DODAG called Rank, which approximates the node's distance from a DODAG
root. An OF also defines how nodes select parents. Further details root. An OF also defines how nodes select parents. Further details
may be found in Section 13, [I-D.ietf-roll-routing-metrics], may be found in Section 14, [I-D.ietf-roll-routing-metrics],
[I-D.ietf-roll-of0], and related companion specifications. [I-D.ietf-roll-of0], and related companion specifications.
3.3.2. DODAG Repair 3.3.2. DODAG Repair
A DODAG Root institutes a global repair operation by incrementing the A DODAG Root institutes a global repair operation by incrementing the
DODAG Version Number. This initiates a new DODAG version. Nodes in DODAG Version Number. This initiates a new DODAG Version. Nodes in
the new DODAG version can choose a new position whose Rank is not the new DODAG Version can choose a new position whose Rank is not
constrained by their Rank within the old DODAG Version. constrained by their Rank within the old DODAG Version.
RPL also supports mechanisms which may be used for local repair RPL also supports mechanisms which may be used for local repair
within the DODAG version. The DIO message specifies the necessary within the DODAG Version. The DIO message specifies the necessary
parameters as configured from the DODAG root, as controlled by policy parameters as configured from and controlled by policy at the DODAG
at the root. root.
3.3.3. Security 3.3.3. Security
RPL supports message confidentiality and integrity. It is designed RPL supports message confidentiality and integrity. It is designed
such that link-layer mechanisms can be used when available and such that link-layer mechanisms can be used when available and
appropriate, yet in their absence RPL can use its own mechanisms. appropriate, yet in their absence RPL can use its own mechanisms.
RPL has three basic security modes.
In the first, called "unsecured," RPL control messages are sent
without any additional security mechanisms. Unsecured mode does not
imply that the RPL network is unsecure: it could be using other
present security primitives (e.g. link-layer security) to meet
application security requirements.
In the second, called "pre-installed," nodes joining a RPL Instance
have pre-installed keys that enable them to process and generate
secured RPL messages.
The third mode is called "authenticated." In authenticated mode,
nodes have pre-installed keys as in pre-installed mode, but the pre-
installed key may only be used to join a RPL Instance as a leaf.
Joining an authenticated RPL Instance as a router requires obtaining
a key from an authentication authority. The process by which this
key is obtained is outside the scope of this specification.
3.3.4. Grounded and Floating DODAGs 3.3.4. Grounded and Floating DODAGs
DODAGs can be grounded or floating: the DODAG root advertises which DODAGs can be grounded or floating: the DODAG root advertises which
is the case. A grounded DODAG offers connectivity to hosts that are is the case. A grounded DODAG offers connectivity to hosts that are
required for satisfying the application-defined goal. A floating required for satisfying the application-defined goal. A floating
DODAG is not expected to satisfy the goal and in most cases only DODAG is not expected to satisfy the goal and in most cases only
provides routes to nodes within the DODAG. Floating DODAGs may be provides routes to nodes within the DODAG. Floating DODAGs may be
used, for example, to preserve inner connectivity during repair. used, for example, to preserve inner connectivity during repair.
skipping to change at page 15, line 15 skipping to change at page 16, line 32
3.3.6. Administrative Preference 3.3.6. Administrative Preference
An implementation/deployment may specify that some DODAG roots should An implementation/deployment may specify that some DODAG roots should
be used over others through an administrative preference. be used over others through an administrative preference.
Administrative preference offers a way to control traffic and Administrative preference offers a way to control traffic and
engineer DODAG formation in order to better support application engineer DODAG formation in order to better support application
requirements or needs. requirements or needs.
3.3.7. Datapath Validation and Loop Detection 3.3.7. Datapath Validation and Loop Detection
RPL uses a hop-by-hop IPv6 header to detect possible loops within a RPL carries routing information in a RPL Option contained in an IPv6
DODAG. Each data packet includes the Rank of the transmitter. An Hop-by-Hop Option as specified in [I-D.ietf-6man-rpl-option]. Such
routing information is used, for example, for loop detection within a
DODAG as discussed in Section 11.2 and may be extended in future
documents for additional features.
Each data packet includes the Rank of the transmitter. An
inconsistency between the routing decision for a packet (upward or inconsistency between the routing decision for a packet (upward or
downward) and the Rank relationship between the two nodes indicates a downward) and the Rank relationship between the two nodes indicates a
possible loop. On receiving such a packet, a node institutes a local possible loop. On receiving such a packet, a node institutes a local
repair operation. repair operation.
For example, if a node receives a packet flagged as moving in the
upward direction, and if that packet records that the transmitter is
of a lower (lesser) Rank than the receiving node, then the receiving
node is able to conclude that the packet has not progressed in the
upward direction and that the DODAG is inconsistent.
3.3.8. Distributed Algorithm Operation 3.3.8. Distributed Algorithm Operation
A high level overview of the distributed algorithm, which constructs A high level overview of the distributed algorithm, which constructs
the DODAG, is as follows: the DODAG, is as follows:
o Some nodes are configured to be DODAG roots, with associated DODAG o Some nodes are configured to be DODAG roots, with associated DODAG
configurations. configurations.
o Nodes advertise their presence, affiliation with a DODAG, routing o Nodes advertise their presence, affiliation with a DODAG, routing
cost, and related metrics by sending link-local multicast DIO cost, and related metrics by sending link-local multicast DIO
messages. messages to all-RPL-nodes.
o Nodes listen for DIOs and use their information to join a new o Nodes listen for DIOs and use their information to join a new
DODAG, or to maintain an existing DODAG, as according to the DODAG, or to maintain an existing DODAG, according to the
specified Objective Function and Rank of their neighbors. specified Objective Function and Rank of their neighbors.
o Nodes provision routing table entries, for the destinations o Nodes provision routing table entries, for the destinations
specified by the DIO, via their DODAG parents in the DODAG specified by the DIO message, via their DODAG parents in the DODAG
version. Nodes MUST provision a DODAG parent as a default route Version. Nodes that decide to join a DODAG MUST provision a DODAG
for the associated instance. It is up to the end-to-end parent as a default route for the associated instance. It is up
application to select the RPL instance to be associated to its to the end-to-end application to select the RPL instance to be
traffic (should there be more than one instance) and thus the associated to its traffic (should there be more than one instance)
default route upwards when no longer-match exists. and thus the default route upwards when no longer-match exists.
3.4. Downward Routes and Destination Advertisement 3.4. Downward Routes and Destination Advertisement
RPL uses Destination Advertisement Object (DAO) messages to establish RPL uses Destination Advertisement Object (DAO) messages to establish
downward routes from DODAG roots. DAO messages are an optional downward routes. DAO messages are an optional feature for
feature for applications that require P2MP or P2P traffic. RPL applications that require P2MP or P2P traffic. RPL supports two
supports two modes of downward traffic: storing (fully stateful) or modes of downward traffic: storing (fully stateful) or non-storing
non-storing (fully source routed). Any given RPL Instance is either (fully source routed). Any given RPL Instance is either storing or
storing or non-storing. In both cases, P2P packets travel up to a non-storing. In both cases, P2P packets travel Up toward a DODAG
DODAG Root then down to the final destination (unless the destination Root then Down to the final destination (unless the destination is on
is on the upward route). the upward route). In the non-storing case the packet will travel
all the way to a DODAG root before traveling Down. In the storing
case the packet may be directed Down towards the destination by a
common ancestor of the source and the destination prior to reaching a
DODAG Root.
This specification describes a basic mode of operation in support of
P2P traffic. Note that more optimized P2P solutions may be described
in companion specifications.
3.5. Local DODAGs Route Discovery 3.5. Local DODAGs Route Discovery
A RPL network can optionally support on-demand discovery of DODAGs to A RPL network can optionally support on-demand discovery of DODAGs to
specific destinations within an LLN. Such local DODAGs behave specific destinations within an LLN. Such local DODAGs behave
slightly differently than global DODAGs. slightly differently than global DODAGs: they are uniquely defined by
the combination of DODAGID and RPLInstanceID. The RPLInstanceID
denotes whether a DODAG is a local DODAG.
3.6. Routing Metrics and Constraints Used By RPL 3.6. Rank Properties
The rank of a node is a scalar representation of the location of that
node within a DODAG Version. The rank is used to avoid and detect
loops, and as such must demonstrate certain properties. The exact
calculation of the rank is left to the Objective Function, and may
depend on parents, link metrics, node metrics, and the node
configuration and policies.
The rank is not a path cost, although its value can be derived from
and influenced by path metrics. The rank has properties of its own
that are not necessarily those of all metrics:
Type: The rank is an abstract numeric value.
Function: The rank is the expression of a relative position within a
DODAG Version with regard to neighbors and is not necessarily
a good indication or a proper expression of a distance or a
path cost to the root.
Stability: The stability of the rank determines the stability of the
routing topology. Some dampening or filtering is RECOMMENDED
to keep the topology stable, and thus the rank does not
necessarily change as fast as some link or node metrics
would. A new DODAG Version would be a good opportunity to
reconcile the discrepancies that might form over time between
metrics and ranks within a DODAG Version.
Properties: The rank is incremented in a strictly monotonic fashion,
and can be used to validate a progression from or towards the
root. A metric, like bandwidth or jitter, does not
necessarily exhibit this property.
Abstract: The rank does not have a physical unit, but rather a range
of increment per hop, where the assignment of each increment
is to be determined by the Objective Function.
The rank value feeds into DODAG parent selection, according to the
RPL loop-avoidance strategy. Once a parent has been added, and a
rank value for the node within the DODAG has been advertised, the
nodes further options with regard to DODAG parent selection and
movement within the DODAG are restricted in favor of loop avoidance.
3.6.1. Rank Comparison (DAGRank())
Rank may be thought of as a fixed point number, where the position of
the radix point between the integer part and the fractional part is
determined by MinHopRankIncrease. MinHopRankIncrease is the minimum
increase in rank between a node and any of its DODAG parents. A
DODAG Root provisions MinHopRankIncrease. MinHopRankIncrease creates
a tradeoff between hop cost precision and the maximum number of hops
a network can support. A very large MinHopRankIncrease, for example,
allows precise characterization of a given hop's affect on Rank but
cannot support many hops.
When an objective function computes rank, the objective function
operates on the entire (i.e. 16-bit) rank quantity. When rank is
compared, e.g. for determination of parent relationships or loop
detection, the integer portion of the rank is to be used. The
integer portion of the Rank is computed by the DAGRank() macro as
follows, where floor(x) is the function that evaluates to the
greatest integer less than or equal to x:
DAGRank(rank) = floor(rank/MinHopRankIncrease)
For example, if a 16-bit rank quantity is decimal 27, and the
MinHopRankIncrease is decimal 16, then DAGRank(27) = floor(1.6875) =
1. The integer part of the rank is 1 and the fractional part is
11/16.
By convention in this document, using the macro DAGRank(node) may be
interpreted as DAGRank(node.rank), where node.rank is the rank value
as maintained by the node.
A node A has a rank less than the rank of a node B if DAGRank(A) is
less than DAGRank(B).
A node A has a rank equal to the rank of a node B if DAGRank(A) is
equal to DAGRank(B).
A node A has a rank greater than the rank of a node B if DAGRank(A)
is greater than DAGRank(B).
3.6.2. Rank Relationships
Rank computations maintain the following properties for any nodes M
and N that are neighbors in the LLN:
DAGRank(M) is less than DAGRank(N): In this case, the position of M
is closer to the DODAG root than the position of N. Node M
may safely be a DODAG parent for Node N without risk of
creating a loop. Further, for a node N, all parents in the
DODAG parent set must be of rank less than DAGRank(N). In
other words, the rank presented by a node N MUST be greater
than that presented by any of its parents.
DAGRank(M) equals DAGRank(N): In this case the positions of M and N
within the DODAG and with respect to the DODAG root are
similar (identical). Routing through a node with equal Rank
may cause a routing loop (i.e., if that node chooses to route
through a node with equal Rank as well).
DAGRank(M) is greater than DAGRank(N): In this case, the position of
M is farther from the DODAG root than the position of N.
Further, Node M may in fact be in the sub-DODAG of Node N. If
node N selects node M as DODAG parent there is a risk to
create a loop.
As an example, the rank could be computed in such a way so as to
closely track ETX (Expected Transmission Count, a fairly common
routing metric used in LLN and defined in
[I-D.ietf-roll-routing-metrics]) when the metric that an objective
function minimizes is ETX, or latency, or in a more complicated way
as appropriate to the objective function being used within the DODAG.
3.7. Routing Metrics and Constraints Used By RPL
Routing metrics are used by routing protocols to compute shortest Routing metrics are used by routing protocols to compute shortest
paths. Interior Gateway Protocols (IGPs) such as IS-IS ([RFC5120]) paths. Interior Gateway Protocols (IGPs) such as IS-IS ([RFC5120])
and OSPF ([RFC4915]) use static link metrics. Such link metrics can and OSPF ([RFC4915]) use static link metrics. Such link metrics can
simply reflect the bandwidth or can also be computed according to a simply reflect the bandwidth or can also be computed according to a
polynomial function of several metrics defining different link polynomial function of several metrics defining different link
characteristics. Some routing protocols support more than one characteristics. Some routing protocols support more than one
metric: in the vast majority of the cases, one metric is used per metric: in the vast majority of the cases, one metric is used per
(sub)topology. Less often, a second metric may be used as a tie- (sub)topology. Less often, a second metric may be used as a tie-
breaker in the presence of Equal Cost Multiple Paths (ECMP). The breaker in the presence of Equal Cost Multiple Paths (ECMP). The
skipping to change at page 16, line 37 skipping to change at page 21, line 6
engine. engine.
In contrast, LLNs do require the support of both static and dynamic In contrast, LLNs do require the support of both static and dynamic
metrics. Furthermore, both link and node metrics are required. In metrics. Furthermore, both link and node metrics are required. In
the case of RPL, it is virtually impossible to define one metric, or the case of RPL, it is virtually impossible to define one metric, or
even a composite metric, that will satisfy all use cases. even a composite metric, that will satisfy all use cases.
In addition, RPL supports constrained-based routing where constraints In addition, RPL supports constrained-based routing where constraints
may be applied to both link and nodes. If a link or a node does not may be applied to both link and nodes. If a link or a node does not
satisfy a required constraint, it is 'pruned' from the candidate satisfy a required constraint, it is 'pruned' from the candidate
list, thus leading to a constrained shortest path. neighbor set, thus leading to a constrained shortest path.
An Objective Function specifies the objectives used to compute the An Objective Function specifies the objectives used to compute the
(constrained) path. Upstream and Downstream metrics may be merged or (constrained) path. Furthermore, nodes are configured to support a
set of metrics and constraints, and select their parents in the DODAG
according the the metrics and constraints advertised in the DIO
messages. Upstream and Downstream metrics may be merged or
advertised separately depending on the OF and the metrics. When they advertised separately depending on the OF and the metrics. When they
are advertised separately, it may happen that the set of DIO parents are advertised separately, it may happen that the set of DIO parents
is different from the set of DAO parents (a DAO parent is a node to is different from the set of DAO parents (a DAO parent is a node to
which unicast DAO messages are sent). Yet, all are DODAG parents which unicast DAO messages are sent). Yet, all are DODAG parents
with regards to the rules for Rank computation. with regards to the rules for Rank computation.
The Objective Function itself is decoupled from the routing metrics The Objective Function itself is decoupled from the routing metrics
and constraints used by RPL. Indeed, whereas the OF dictates rules and constraints used by RPL. Indeed, whereas the OF dictates rules
such as DODAG parents selection, load balancing and so on, the set of such as DODAG parents selection, load balancing and so on, the set of
metrics and/or constraints used to select a DODAG parent and thus metrics and/or constraints used, and thus determine the preferred
determine the preferred path are based on the information carried path, are based on the information carried within the DAG container
within the DAG container option in DIO messages. option in DIO messages.
The set of supported link/node constraints and metrics is specified The set of supported link/node constraints and metrics is specified
in [I-D.ietf-roll-routing-metrics]. in [I-D.ietf-roll-routing-metrics].
Example 1: Shortest path: path offering the shortest end-to-end delay Example 1: Shortest path: path offering the shortest end-to-end
delay.
Example 2: Constrained shortest path: the path that does not traverse Example 2: Shortest Constrained path: the path that does not traverse
any battery-operated node and that optimizes the path any battery-operated node and that optimizes the path
reliability reliability.
3.6.1. Loop Avoidance 3.8. Loop Avoidance
RPL guarantees neither loop free path selection nor tight delay RPL avoids creating loops when undergoing topology changes and
convergence times. In order to reduce control overhead, however,
such as the cost of the count-to-infinity problem, RPL avoids
creating loops when undergoing topology changes. Furthermore, RPL
includes rank-based datapath validation mechanisms for detecting includes rank-based datapath validation mechanisms for detecting
loops when they do occur. RPL uses this loop detection to ensure loops when they do occur (see Section 11 for more details). In
that packets make forward progress within the DODAG version and practice, this means that RPL guarantees neither loop free path
trigger repairs when necessary. selection nor tight delay convergence times, but can detect and
repair a loop as soon as it is used. RPL uses this loop detection to
3.6.1.1. Greediness and Rank-based Instabilities ensure that packets make forward progress within the DODAG Version
and trigger repairs when necessary.
A node is greedy if it attempts to move deeper in the DODAG version, 3.8.1. Greediness and Instability
in order to increase the size of the parent set or improve some other
metric. Moving deeper in within a DODAG version in this manner could
result in instability and be detrimental to other nodes.
Once a node has joined a DODAG version, RPL disallows certain A node is greedy if it attempts to move deeper (increase Rank) in the
behaviors, including greediness, in order to prevent resulting DODAG Version in order to increase the size of the parent set or
instabilities in the DODAG version. improve some other metric. Once a node has joined a DODAG Version,
RPL disallows certain behaviors, including greediness, in order to
prevent resulting instabilities in the DODAG Version.
Suppose a node is willing to receive and process a DIO messages from Suppose a node is willing to receive and process a DIO message from a
a node in its own sub-DODAG, and in general a node deeper than node in its own sub-DODAG, and in general a node deeper than itself.
itself. In this case, a possibility exists that a feedback loop is In this case, a possibility exists that a feedback loop is created,
created, wherein two or more nodes continue to try and move in the wherein two or more nodes continue to try and move in the DODAG
DODAG version while attempting to optimize against each other. In Version while attempting to optimize against each other. In some
some cases, this will result in instability. It is for this reason cases, this will result in instability. It is for this reason that
that RPL limits the cases where a node may process DIO messages from RPL limits the cases where a node may process DIO messages from
deeper nodes to some forms of local repair. This approach creates an deeper nodes to some forms of local repair. This approach creates an
'event horizon', whereby a node cannot be influenced beyond some 'event horizon', whereby a node cannot be influenced beyond some
limit into an instability by the action of nodes that may be in its limit into an instability by the action of nodes that may be in its
own sub-DODAG. own sub-DODAG.
3.6.1.2. DODAG Loops 3.8.1.1. Example: Greedy Parent Selection and Instability
A DODAG loop may occur when a node detaches from the DODAG and
reattaches to a device in its prior sub-DODAG. This may happen in
particular when DIO messages are missed. Strict use of the DODAG
Version Number can eliminate this type of loop, but this type of loop
may possibly be encountered when using some local repair mechanisms.
3.6.1.3. DAO Loops
A DAO loop may occur when the parent has a route installed upon
receiving and processing a DAO message from a child, but the child
has subsequently cleaned up the related DAO state. This loop happens
when a No-Path (a DAO message that invalidates a previously announced
prefix) was missed and persists until all state has been cleaned up.
RPL includes an optional mechanism to acknowledge DAO messages, which
may mitigate the impact of a single DAO message being missed. RPL
includes loop detection mechanisms that may mitigate the impact of
DAO loops and trigger their repair.
3.6.2. Rank Properties
The rank of a node is a scalar representation of the location of that
node within a DODAG version. The rank is used to avoid and detect
loops, and as such must demonstrate certain properties. The exact
calculation of the rank is left to the Objective Function, and may
depend on parents, link metrics, and the node configuration and
policies.
The rank is not a cost metric, although its value can be derived from
and influenced by metrics. The rank has properties of its own that
are not necessarily those of all metrics:
Type: The rank is an abstract numeric value. (A) (A) (A)
|\ |\ |\
| `-----. | `-----. | `-----.
| \ | \ | \
(B) (C) (B) \ | (C)
\ | | /
`-----. | | .-----'
\| |/
(C) (B)
Function: The rank is the expression of a relative position within a -1- -2- -3-
DODAG version with regard to neighbors and is not necessarily
a good indication or a proper expression of a distance or a
cost to the root.
Stability: The stability of the rank determines the stability of the Figure 3: Greedy DODAG Parent Selection
routing topology. Some dampening or filtering might be
applied to keep the topology stable, and thus the rank does
not necessarily change as fast as some physical metrics
would. A new DODAG version would be a good opportunity to
reconcile the discrepancies that might form over time between
metrics and ranks within a DODAG version.
Properties: The rank is strictly monotonic, and can be used to Figure 3 depicts a DODAG in 3 different configurations. A usable
validate a progression from or towards the root. A metric, link between (B) and (C) exists in all 3 configurations. In
like bandwidth or jitter, does not necessarily exhibit this Figure 3-1, Node (A) is a DODAG parent for Nodes (B) and (C). In
property. Figure 3-2, Node (A) is a DODAG parent for Nodes (B) and (C), and
Node (B) is also a DODAG parent for Node (C). In Figure 3-3, Node
(A) is a DODAG parent for Nodes (B) and (C), and Node (C) is also a
DODAG parent for Node (B).
Abstract: The rank does not have a physical unit, but rather a range If a RPL node is too greedy, in that it attempts to optimize for an
of increment per hop, where the assignment of each increment additional number of parents beyond its most preferred parents, then
is to be determined by the Objective Function. an instability can result. Consider the DODAG illustrated in
Figure 3-1. In this example, Nodes (B) and (C) may most prefer Node
(A) as a DODAG parent, but we will consider the case when they are
operating under the greedy condition that will try to optimize for 2
parents.
The rank value feeds into DODAG parent selection, according to the o Let Figure 3-1 be the initial condition.
RPL loop-avoidance strategy. Once a parent has been added, and a
rank value for the node within the DODAG has been advertised, the
nodes further options with regard to DODAG parent selection and
movement within the DODAG are restricted in favor of loop avoidance.
3.6.2.1. Rank Comparison (DAGRank()) o Suppose Node (C) first is able to leave the DODAG and rejoin at a
lower rank, taking both Nodes (A) and (B) as DODAG parents as
depicted in Figure 3-2. Now Node (C) is deeper than both Nodes
(A) and (B), and Node (C) is satisfied to have 2 DODAG parents.
Rank may be thought of as a fixed point number, where the position of o Suppose Node (B), in its greediness, is willing to receive and
the radix point between the integer part and the fractional part is process a DIO message from Node (C) (against the rules of RPL),
determined by MinHopRankIncrease. MinHopRankIncrease is the minimum and then Node (B) leaves the DODAG and rejoins at a lower rank,
increase in rank between a node and any of its DODAG parents. When taking both Nodes (A) and (C) as DODAG parents. Now Node (B) is
an objective function computes rank, the objective function operates deeper than both Nodes (A) and (C) and is satisfied with 2 DAG
on the entire (i.e. 16-bit) rank quantity. When rank is compared, parents.
e.g. for determination of parent relationships or loop detection, the
integer portion of the rank is to be used. The integer portion of
the Rank is computed by the DAGRank() macro as follows, where
floor(x) is the function that evaluates to the greatest integer less
than or equal to x:
DAGRank(rank) = floor(rank/MinHopRankIncrease) o Then Node (C), because it is also greedy, will leave and rejoin
deeper, to again get 2 parents and have a lower rank then both of
them.
MinHopRankIncrease is provisioned at the DODAG Root and propagated in o Next Node (B) will again leave and rejoin deeper, to again get 2
the DIO message. The default value of MinHopRankIncrease is parents
DEFAULT_MIN_HOP_RANK_INCREASE. For efficient implementation the
MinHopRankIncrease MUST be a power of 2. An implementation may
configure a value MinHopRankIncrease as appropriate to balance
between the loop avoidance logic of RPL (i.e. selection of eligible
parents) and the metrics in use. A further effect of
MinHopRankIncrease is to impact the number increments that are
allowed before INFINITE_RANK is reached, i.e. to control how long it
may take to count-to-infinity.
By convention in this document, using the macro DAGRank(node) may be o And again Node (C) leaves and rejoins deeper...
interpreted as DAGRank(node.rank), where node.rank is the rank value
as maintained by the node.
A node A has a rank less than the rank of a node B if DAGRank(A) is o The process will repeat, and the DODAG will oscillate between
less than DAGRank(B). Figure 3-2 and Figure 3-3 until the nodes count to infinity and
restart the cycle again.
A node A has a rank equal to the rank of a node B if DAGRank(A) is o This cycle can be averted through mechanisms in RPL:
equal to DAGRank(B).
A node A has a rank greater than the rank of a node B if DAGRank(A) * Nodes (B) and (C) stay at a rank sufficient to attach to their
is greater than DAGRank(B). most preferred parent (A) and don't go for any deeper (worse)
alternate parents (Nodes are not greedy)
3.6.2.2. Rank Relationships * Nodes (B) and (C) do not process DIO messages from nodes deeper
than themselves (because such nodes are possibly in their own
sub-DODAGs)
The computation of the rank MUST be done in such a way so as to 3.8.2. DODAG Loops
maintain the following properties for any nodes M and N that are
neighbors in the LLN:
DAGRank(M) is less than DAGRank(N): In this case, the position of M A DODAG loop may occur when a node detaches from the DODAG and
is closer to the DODAG root than the position of N. Node M reattaches to a device in its prior sub-DODAG. This may happen in
may safely be a DODAG parent for Node N without risk of particular when DIO messages are missed. Strict use of the DODAG
creating a loop. Further, for a node N, all parents in the Version Number can eliminate this type of loop, but this type of loop
DODAG parent set must be of rank less than DAGRank(N). In may possibly be encountered when using some local repair mechanisms.
other words, the rank presented by a node N MUST be greater
than that presented by any of its parents.
DAGRank(M) equals DAGRank(N): In this case the positions of M and N For example, consider the local repair mechanism that allows a node
within the DODAG and with respect to the DODAG root are to detach from the DODAG, advertise a rank of INFINITE_RANK (in order
similar (identical). In some cases, Node M may be used as a to poison its routes / inform its sub-DODAG), and then to re-attach
successor by Node N, which however entails the chance of to the DODAG. In that case the node may in some cases re-attach to
creating a loop (which must be detected and resolved by some its own prior-sub-DODAG, causing a DODAG loop, because the poisoning
other means). may fail if the INFINITE_RANK advertisements are lost in the LLN
environment. (In this case the rank-based datapath validation
mechanisms would eventually detect and trigger correction of the
loop)
DAGRank(M) is greater than DAGRank(N): In this case, the position of 3.8.3. DAO Loops
M is farther from the DODAG root than the position of N.
Further, Node M may in fact be in the sub-DODAG of Node N. If
node N selects node M as DODAG parent there is a risk to
create a loop.
As an example, the rank could be computed in such a way so as to A DAO loop may occur when the parent has a route installed upon
closely track ETX (Expected Transmission Count, a fairly common receiving and processing a DAO message from a child, but the child
routing metric used in LLN and defined in has subsequently cleaned up the related DAO state. This loop happens
[I-D.ietf-roll-routing-metrics]) when the objective function is to when a No-Path (a DAO message that invalidates a previously announced
minimize ETX, or latency when the objective function is to minimize prefix) was missed and persists until all state has been cleaned up.
latency, or in a more complicated way as appropriate to the objective RPL includes an optional mechanism to acknowledge DAO messages, which
function being used within the DODAG. may mitigate the impact of a single DAO message being missed. RPL
includes loop detection mechanisms that may mitigate the impact of
DAO loops and trigger their repair.
3.7. Traffic Flows Supported by RPL 4. Traffic Flows Supported by RPL
RPL supports three basic traffic flows: Multipoint-to-Point (MP2P), RPL supports three basic traffic flows: Multipoint-to-Point (MP2P),
Point-to-Multipoint (P2MP), and Point-to-Point (P2P). Point-to-Multipoint (P2MP), and Point-to-Point (P2P).
3.7.1. Multipoint-to-Point Traffic 4.1. Multipoint-to-Point Traffic
Multipoint-to-Point (MP2P) is a dominant traffic flow in many LLN Multipoint-to-Point (MP2P) is a dominant traffic flow in many LLN
applications ([RFC5867], [RFC5826], [RFC5673], [RFC5548]). The applications ([RFC5867], [RFC5826], [RFC5673], [RFC5548]). The
destinations of MP2P flows are designated nodes that have some destinations of MP2P flows are designated nodes that have some
application significance, such as providing connectivity to the application significance, such as providing connectivity to the
larger Internet or core private IP network. RPL supports MP2P larger Internet or core private IP network. RPL supports MP2P
traffic by allowing MP2P destinations to be reached via DODAG roots. traffic by allowing MP2P destinations to be reached via DODAG roots.
3.7.2. Point-to-Multipoint Traffic 4.2. Point-to-Multipoint Traffic
Point-to-multipoint (P2MP) is a traffic pattern required by several Point-to-multipoint (P2MP) is a traffic pattern required by several
LLN applications ([RFC5867], [RFC5826], [RFC5673], [RFC5548]). RPL LLN applications ([RFC5867], [RFC5826], [RFC5673], [RFC5548]). RPL
supports P2MP traffic by using a destination advertisement mechanism supports P2MP traffic by using a destination advertisement mechanism
that provisions routes toward destinations (prefixes, addresses, or that provisions Down routes toward destinations (prefixes, addresses,
multicast groups), and away from roots. Destination advertisements or multicast groups), and away from roots. Destination
can update routing tables as the underlying DODAG topology changes. advertisements can update routing tables as the underlying DODAG
topology changes.
3.7.3. Point-to-Point Traffic 4.3. Point-to-Point Traffic
RPL DODAGs provide a basic structure for point-to-point (P2P) RPL DODAGs provide a basic structure for point-to-point (P2P)
traffic. For a RPL network to support P2P traffic, a root must be traffic. For a RPL network to support P2P traffic, a root must be
able to route packets to a destination. Nodes within the network may able to route packets to a destination. Nodes within the network may
also have routing tables to destinations. A packet flows towards a also have routing tables to destinations. A packet flows towards a
root until it reaches an ancestor that has a known route to the root until it reaches an ancestor that has a known route to the
destination. As pointed out later in this document, in the most destination. As pointed out later in this document, in the most
constrained case (when nodes cannot store routes), that common constrained case (when nodes cannot store routes), that common
ancestor may be the DODAG root. In other cases it may be a node ancestor may be the DODAG root. In other cases it may be a node
closer to both the source and destination. closer to both the source and destination.
RPL also supports the case where a P2P destination is a 'one-hop' RPL also supports the case where a P2P destination is a 'one-hop'
neighbor. neighbor.
RPL neither specifies nor precludes additional mechanisms for RPL neither specifies nor precludes additional mechanisms for
computing and installing potentially more optimal routes to support computing and installing potentially more optimal routes to support
arbitrary P2P traffic. arbitrary P2P traffic.
4. RPL Instance 5. RPL Instance
Within a given LLN, there may be multiple, logically independent RPL Within a given LLN, there may be multiple, logically independent RPL
instances. A RPL node may belong to multiple RPL instances, and may instances. A RPL node may belong to multiple RPL instances, and may
act as a router in some and as a leaf in others. This document act as a router in some and as a leaf in others. This document
describes how a single instance behaves. describes how a single instance behaves.
There are two types of RPL Instances: local and global. Local RPL There are two types of RPL Instances: local and global. RPL divides
Instances are always a single DODAG whose singular root owns the the RPLInstanceID space between Global and Local instances to allow
corresponding DODAGID. Local RPL Instances can be used for for both coordinated and unilateral allocation of RPLInstanceIDs.
constructing DODAGs that may be used by future on-demand routing Global RPL Instances are coordinated, have one or more DODAGs, and
solutions that are outside of the scope of this document. Global RPL are typically long-lived. Local RPL Instances are always a single
Instances have one or more DODAGs and are typically long-lived. RPL DODAG whose singular root owns the corresponding DODAGID and
divides the RPLInstanceID space between global and local instances to allocates the Local RPLInstanceID in a unilateral manner. Local RPL
allow for both coordinated and unilateral allocation of Instances can be used, for example, for constructing DODAGs in
RPLInstanceIDs. support of a future on-demand routing solution. The mode of
operation of Local RPL Instances is outside of the scope of this
document and may be described in other companion specifications.
The definition and provisioning of RPL instances are beyond the scope The definition and provisioning of RPL instances are beyond the scope
of this specification. Those operations are expected to be such that of this specification. Those operations are expected to be such that
data packets coming from the outside of the RPL network can data packets coming from the outside of the RPL network can
unambiguously be associated to at least one RPL instance, and be unambiguously be associated to at least one RPL instance, and be
safely routed over any instance that would match the packet. safely routed over any instance that would match the packet.
Information used to match a packet to a RPL instance can typically be Information used to match a packet to a RPL instance can typically be
taken from fields in the IPv6 header, like the flow label, TOS bits, taken from fields in the IPv6 header, like the flow label,
or destination address. differentiated services (DS) field, or destination address.
Control and data packets within RPL network are tagged to Control and data packets within RPL network are tagged to
unambiguously identify what RPL Instance they are part of. unambiguously identify what RPL Instance they are part of.
Every RPL control message has a RPLInstanceID field. Some RPL Every RPL control message has a RPLInstanceID field. Some RPL
control messages, when referring to a local RPLInstanceID as defined control messages, when referring to a local RPLInstanceID as defined
below, may also include a DODAGID. below, may also include a DODAGID.
For data packets, the RPLInstanceID may be indicated in the flow Data packets that flow within the RP network expose the RPLInstanceID
label by the source of the packet. If it is not, then it is inferred in the RPL option that is specified in [I-D.ietf-6man-rpl-option],
and added by the RPL network ingress router in the RPL Hop-by-hop and further described in Section 11.2. For data packets coming from
option ([I-D.hui-6man-rpl-option]) as further described in outside the RPL network, the RPLInstanceID is determined by the RPL
Section 10.2 network ingress router and placed in the RPL option that is added to
the packet.
4.1. RPL Instance ID 5.1. RPL Instance ID
A global RPLInstanceID MUST be unique to the whole LLN. Mechanisms A global RPLInstanceID MUST be unique to the whole LLN. Mechanisms
for allocating and provisioning global RPLInstanceID are out of scope for allocating and provisioning global RPLInstanceID are out of scope
for this document. There can be up to 128 global instance in the for this document. There can be up to 128 global instance in the
whole network, and up 64 local instances per DODAGID. whole network. Local instances are always used in conjunction with a
DODAGID (which is either given explicitly or implicitly in some
cases), and up 64 local instances per DODAGID can be supported.
Local instances are allocated and managed by the node that owns the
DODAGID, without any explicit coordination with other nodes, as
further detailed below.
A global RPLinstanceID is encoded in a RPLinstanceID field as A global RPLinstanceID is encoded in a RPLinstanceID field as
follows: follows:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
|0| ID | Global RPLinstanceID in 0..127 |0| ID | Global RPLinstanceID in 0..127
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 3: RPL Instance ID field format for global instances Figure 4: RPL Instance ID field format for global instances
A local RPLInstanceID is autoconfigured by the node that owns the A local RPLInstanceID is autoconfigured by the node that owns the
DODAGID and it MUST be unique for that DODAGID. In that case, the DODAGID and it MUST be unique for that DODAGID. The DODAGID used to
DODAGID MUST be a valid address of the root that is used as an configure the local RPLInstanceID MUST be a reachable IPv6 address of
endpoint of all communications within that instance. the node, and MUST be used as an endpoint of all communications
within that local instance.
A local RPLinstanceID is encoded in a RPLinstanceID field as follows: A local RPLinstanceID is encoded in a RPLinstanceID field as follows:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
|1|D| ID | Local RPLInstanceID in 0..63 |1|D| ID | Local RPLInstanceID in 0..63
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 4: RPL Instance ID field format for local instances Figure 5: RPL Instance ID field format for local instances
The D flag in a Local RPLInstanceID is always set to 0 in RPL control The D flag in a Local RPLInstanceID is always set to 0 in RPL control
messages. It is used in data packets to indicate whether the DODAGID messages. It is used in data packets to indicate whether the DODAGID
is the source or the destination of the packet. If the D flag is set is the source or the destination of the packet. If the D flag is set
to 1 then the destination address of the IPv6 packet MUST be the to 1 then the destination address of the IPv6 packet MUST be the
DODAGID. If the D flag is clear then the source address of the IPv6 DODAGID. If the D flag is cleared then the source address of the
packet MUST be the DODAGID. IPv6 packet MUST be the DODAGID.
5. ICMPv6 RPL Control Message For example, consider a node A that is the DODAG Root of a local RPL
Instance, and has allocated a local RPLInstanceID. By definition,
all traffic traversing that local RPL Instance will either originate
or terminate at node A. The DODAGID in this case will be the
reachable IPv6 address of node A, and all traffic will contain the
address of node A, thus the DODAGID, in either the source or
destination address. Thus the Local RPLInstanceID may indicate that
the DODAGID is equivalent to either the source address or the
destination address by setting the D flag appropriately.
6. ICMPv6 RPL Control Message
This document defines the RPL Control Message, a new ICMPv6 message. This document defines the RPL Control Message, a new ICMPv6 message.
A RPL Control Message is identified by a code, and composed of a base A RPL Control Message is identified by a code, and composed of a base
that depends on the code, and a series of options. that depends on the code, and a series of options.
A RPL Control Message has the scope of a link. The source address is A RPL Control Message has the scope of a link. The source address is
a link local address. The destination address is either the RPL a link local address. The destination address is either the RPL
routers multicast address or a link local address. The RPL routers nodes multicast address or a unicast address. The all-RPL-nodes
multicast address is a new address with a requested value of multicast address is a new address with a requested value of FF02::1A
FF02::1:A (to be confirmed by IANA). (to be confirmed by IANA).
In accordance with [RFC4443], the RPL Control Message consists of an In accordance with [RFC4443], the RPL Control Message consists of an
ICMPv6 header followed by a message body. The message body is ICMPv6 header followed by a message body. The message body is
comprised of a message base and possibly a number of options as comprised of a message base and possibly a number of options as
illustrated in Figure 5. illustrated in Figure 6.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Base . . Base .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Option(s) . . Option(s) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 5: RPL Control Message Figure 6: RPL Control Message
The RPL Control message is an ICMPv6 information message with a The RPL Control message is an ICMPv6 information message with a
requested Type of 155 (to be confirmed by IANA). requested Type of 155 (to be confirmed by IANA).
The Code field identifies the type of RPL Control Message. This The Code field identifies the type of RPL Control Message. This
document defines codes for the following RPL Control Message types document defines codes for the following RPL Control Message types
(all codes are to be confirmed by the IANA Section 18.2): (all codes are to be confirmed by IANA Section 19.2):
o 0x00: DODAG Information Solicitation (Section 5.2) o 0x00: DODAG Information Solicitation (Section 6.2)
o 0x01: DODAG Information Object (Section 5.3) o 0x01: DODAG Information Object (Section 6.3)
o 0x02: Destination Advertisement Object (Section 5.4) o 0x02: Destination Advertisement Object (Section 6.4)
o 0x03: Destination Advertisement Object Acknowledgment o 0x03: Destination Advertisement Object Acknowledgment
(Section 5.5) (Section 6.5)
o 0x80: Secure DODAG Information Solicitation (Section 5.2.2) o 0x80: Secure DODAG Information Solicitation (Section 6.2.2)
o 0x81: Secure DODAG Information Object (Section 5.3.2) o 0x81: Secure DODAG Information Object (Section 6.3.2)
o 0x82: Secure Destination Advertisement Object (Section 5.4.2) o 0x82: Secure Destination Advertisement Object (Section 6.4.2)
o 0x83: Secure Destination Advertisement Object Acknowledgment o 0x83: Secure Destination Advertisement Object Acknowledgment
(Section 5.5.2) (Section 6.5.2)
o 0x8A: Consistency Check (Section 5.6) o 0x8A: Consistency Check (Section 6.6)
The high order bit (0x80) of the code denotes whether the RPL message The high order bit (0x80) of the code denotes whether the RPL message
has security enabled. Secure RPL messages have a format to support has security enabled. Secure RPL messages have a format to support
confidentiality and integrity, illustrated in Figure 6. confidentiality and integrity, illustrated in Figure 7.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Security . . Security .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Base . . Base .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Option(s) . . Option(s) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6: Secure RPL Control Message Figure 7: Secure RPL Control Message
The remainder of this section describes the currently defined RPL The remainder of this section describes the currently defined RPL
Control Message Base formats followed by the currently defined RPL Control Message Base formats followed by the currently defined RPL
Control Message Options. Control Message Options.
5.1. RPL Security Fields 6.1. RPL Security Fields
Each RPL message has a secure version. The secure versions provide Each RPL message has a secure variant. The secure variants provide
integrity and replay protection as well as optional confidentiality integrity and replay protection as well as optional confidentiality
and delay protection. Because security covers the base message as and delay protection. Because security covers the base message as
well as options, in secured messages the security information lies well as options, in secured messages the security information lies
between the checksum and base, as shown in Figure Figure 6. between the checksum and base, as shown in Figure 7.
The format of the security section is as follows: The level of security and the algorithms in use are indicated in the
protocol messages as described below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|C|T| Rsrvd |Sec|KIM|Rsrvd| LVL | | |T| Level | Algorithm | KIM |Reserved | Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| Counter |
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | Counter |
. Message Authentication Code .
. .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Key Identifier . . Key Identifier .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 7: Security Section Figure 8: Security Section
All fields are considered as packet payload from a security
processing perspective. The exact placement and format of message
integrity/authentication codes has not yet been determined.
Use of the Security section is further detailed in Section 17. Message authentication codes (MACs) and signatures cover the entire
ICMPv6 RPL message, while encryption starts after the Security
section. Use of the Security section is further detailed in
Section 18.
Security Control Field: The Security Control Field has one flag and Security Control Field: The Security Control Field has one flag and
three fields: three fields:
Counter Compression (C): If the Counter Compression flag is
set then the Counter field is compressed from 4 bytes
into 1 byte. If the Counter Compression flag is clear
then the Counter field is 4 bytes and uncompressed.
Counter is Time (T): If the Counter is Time flag is set then Counter is Time (T): If the Counter is Time flag is set then
the Counter field is a timestamp. If the flag is cleared the Counter field is a timestamp. If the flag is cleared
then the Counter is an incrementing counter. Section 9.4 then the Counter is an incrementing counter.
describes the details of the 'T' flag and Counter field. Section 10.5 describes the details of the 'T' flag and
Counter field.
Security Mode (Sec): The security algorithm field specifies Security Level (Level): The Security Level field indicates the
what security mode and algorithms the network uses. provided packet protection. This value can be adapted on
Supported values of this field are as follows: a per-packet basis and allows for varying levels of data
authenticity and, optionally, for data confidentiality.
The KIM field indicates whether signatures are used and
the meaning of the Level field. The Security Level is
set to one of the non-reserved values in the tables
below:
+----+-----+-------------------+ +---------------------------+
| ID | Sec | Algorithm | | KIM=0,1,2 |
+----+-----+-------------------+ +-------+--------------------+------+
| 0 | 00 | CCM* with AES-128 | | LVL | Attributes | MAC |
| 1 | 01 | Reserved | | | | Len |
| 2 | 10 | Reserved | +-------+--------------------+------+
| 3 | 11 | Reserved | | 0 | MAC-32 | 4 |
+----+-----+-------------------+ | 1 | ENC-MAC-32 | 4 |
| 2 | MAC-64 | 8 |
| 3 | ENC-MAC-64 | 8 |
| 4-127 | Reserved | N/A |
+-------+--------------------+------+
Security Mode (Sec) Encoding +---------------------+
| KIM=3 |
+-------+---------------+-----+
| LVL | Attributes | Sig |
| | | Len |
+-------+---------------+-----+
| 0 | Sign-3072 | 384 |
| 1 | ENC-Sign-3072 | 384 |
| 2-127 | Reserved | N/A |
+-------+---------------+-----+
Figure 9: Security Level (LVL) Encoding
The MAC attribute indicates that the message has a
Message Authentication Code of the specified length. The
ENC attribute indicates that the message is encrypted.
The Sign attribute indicates that the message has a
signature of the specified length.
Security Algorithm (Algorithm): The Security Algorithm field
specifies the encryption, MAC, and signature scheme the
network uses. Supported values of this field are as
follows:
+-----------+-------------------+------------------------+
| Algorithm | Encryption/MAC | Signature |
+-----------+-------------------+------------------------+
| 0 | CCM* with AES-128 | RSA with SHA2 |
| 1-255 | Reserved | Reserved |
+-------+-------------------+----------------------------+
Figure 10: Security Algorithm (Algorithm) Encoding
Section 10.9 describes the algorithms in greater detail.
Key Identifier Mode (KIM): The Key Identifier Mode field Key Identifier Mode (KIM): The Key Identifier Mode field
indicates whether the key used for packet protection is indicates whether the key used for packet protection is
determined implicitly or explicitly and indicates the determined implicitly or explicitly and indicates the
particular representation of the Key Identifier field. particular representation of the Key Identifier field.
The Key Identifier Mode is set one of the non-reserved The Key Identifier Mode is set one of the non-reserved
values from the table below: values from the table below:
+------+-----+-----------------------------+------------+ +------+-----+-----------------------------+------------+
| Mode | KIM | Meaning | Key | | Mode | KIM | Meaning | Key |
skipping to change at page 28, line 34 skipping to change at page 32, line 41
+------+-----+-----------------------------+------------+ +------+-----+-----------------------------+------------+
| 2 | 10 | Group key used. | 9 | | 2 | 10 | Group key used. | 9 |
| | | Key determined by Key Index | | | | | Key determined by Key Index | |
| | | and Key Source Identifier. | | | | | and Key Source Identifier. | |
| | | | | | | | | |
| | | Key Source is present. | | | | | Key Source is present. | |
| | | Key Index is present. | | | | | Key Index is present. | |
+------+-----+-----------------------------+------------+ +------+-----+-----------------------------+------------+
| 3 | 11 | Node's signature key used. | 0/9 | | 3 | 11 | Node's signature key used. | 0/9 |
| | | If packet is encrypted, | | | | If packet is encrypted, |
| | | group key used. Group key | | | | | it uses a group key, Key | |
| | | determined by Key Index and | | | | | Index and Key Source | |
| | | Key Source Identifier. | | | | | specify key. | |
| | | | | | | | | |
| | | Key Source may be present. | | | | | Key Source may be present. | |
| | | Key Index may be present. | | | | | Key Index may be present. | |
+------+-----+-----------------------------+------------+ +------+-----+-----------------------------+------------+
Key Identifier Mode (KIM) Encoding Figure 11: Key Identifier Mode (KIM)
Encoding
Security Level (LVL): The Security Level field indicates the
provided packet protection. This value can be adapted on
a per-packet basis and allows for varying levels of data
authenticity and, optionally, for data confidentiality.
The KIM field indicates whether signatures are used. The
Security Level is set to one of the non-reserved values
in the table below:
+---------------------------+--------------------+ In Mode 3 (KIM=11), the presence or absence of the Key
| Without Signatures | With Signatures | Source and Key Identifier depends on the Security Level
+----+-----+--------------------+------+--------------+-----+ (LVL) described below. If the Security Level indicates
| ID | LVL | Attributes | Auth | Attributes | Sig | there is encryption, then the fields are present; if it
| | | | Len | | Len | indicates there is no encryption, then the fields are not
+----+-----+--------------------+------+--------------+-----+ present.
| 0 | 000 | Reserved | N/A | Reserved | N/A |
| 1 | 001 | MAC-32 | 4 | Sign-32 | 40 |
| 2 | 010 | MAC-64 | 8 | Sign-64 | 44 |
| 3 | 011 | Reserved | N/A | Sign-128 | 52 |
| 4 | 100 | Reserved | N/A | Reserved | N/A |
| 5 | 101 | ENC-MAC-32 | 4 | ENC-Sign-32 | 40 |
| 6 | 110 | ENC-MAC-64 | 8 | ENC-Sign-64 | 44 |
| 7 | 111 | Reserved | N/A | ENC-Sign-128 | 52 |
+----+-----+--------------------+------+-------------+------+
Security Level (LVL) Encoding Reserved: 5-bit unused field. The field MUST be initialized to zero
by the sender and MUST be ignored by the receiver.
Counter: The Counter field indicates the non-repeating value (nonce) Flags: 8-bit unused field reserved for flags. The field MUST be
used with the cryptographic mechanism that implements packet initialized to zero by the sender and MUST be ignored by the
protection and allows for the provision of semantic security. receiver.
This value is compressed from 4 octets to 1 octet if the
Counter Compression field of the Security Control Field is set
to one.
Message Authentication Code: The Message Authentication Code field Counter: The Counter field indicates the non-repeating 4-octet value
contains a cryptographic MAC. The length of the MAC is defined (nonce) used with the cryptographic mechanism that implements
by a combination of the LVL and Sec fields: it can be 0, 4, or packet protection and allows for the provision of semantic
8 octets long. In the case of Security Modes where the MAC is security.
computed as part of the ciphertext (as in Security Mode 0,
CCM*), the MAC field is zero bytes long.
Key Identifier: The Key Identifier field indicates which key was Key Identifier: The Key Identifier field indicates which key was
used to protect the packet. This field provides various levels used to protect the packet. This field provides various levels
of granularity of packet protection, including peer-to-peer of granularity of packet protection, including peer-to-peer
keys, group keys, and signature keys. This field is keys, group keys, and signature keys. This field is
represented as indicated by the Key Identifier Mode field and represented as indicated by the Key Identifier Mode field and
is formatted as follows: is formatted as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Key Source . . Key Source .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Key Index . . Key Index .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 8: Key Identifier Figure 12: Key Identifier
Key Source: The Key Source field, when present, indicates the Key Source: The Key Source field, when present, indicates the
logical identifier of the originator of a group key. logical identifier of the originator of a group key.
When present this field is 8 bytes in length. When present this field is 8 bytes in length.
Key Index: The Key Index field, when present, allows unique Key Index: The Key Index field, when present, allows unique
identification of different keys with the same identification of different keys with the same
originator. It is the responsibility of each key originator. It is the responsibility of each key
originator to make sure that actively used keys that it originator to make sure that actively used keys that it
issues have distinct key indices and that all key indices issues have distinct key indices and that all key indices
have a value unequal to 0x00. Value 0x00 is reserved for have a value unequal to 0x00. Value 0x00 is reserved for
a pre-installed, shared key. When present this field is a pre-installed, shared key. When present this field is
1 byte in length. 1 byte in length.
Unassigned bits of the Security section are reserved. They MUST be Unassigned bits of the Security section are reserved. They MUST be
set to zero on transmission and MUST be ignored on reception. set to zero on transmission and MUST be ignored on reception.
5.2. DODAG Information Solicitation (DIS) 6.2. DODAG Information Solicitation (DIS)
The DODAG Information Solicitation (DIS) message may be used to The DODAG Information Solicitation (DIS) message may be used to
solicit a DODAG Information Object from a RPL node. Its use is solicit a DODAG Information Object from a RPL node. Its use is
analogous to that of a Router Solicitation as specified in IPv6 analogous to that of a Router Solicitation as specified in IPv6
Neighbor Discovery; a node may use DIS to probe its neighborhood for Neighbor Discovery; a node may use DIS to probe its neighborhood for
nearby DODAGs. Section 7.3 describes how nodes respond to a DIS. nearby DODAGs. Section 8.3 describes how nodes respond to a DIS.
5.2.1. Format of the DIS Base Object 6.2.1. Format of the DIS Base Object
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Option(s)... | Flags | Reserved | Option(s)...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 9: The DIS Base Object
Figure 13: The DIS Base Object
Flags: 8-bit unused field reserved for flags. The field MUST be
initialized to zero by the sender and MUST be ignored by the
receiver.
Reserved: 8-bit unused field. The field MUST be initialized to zero
by the sender and MUST be ignored by the receiver.
Unassigned bits of the DIS Base are reserved. They MUST be set to Unassigned bits of the DIS Base are reserved. They MUST be set to
zero on transmission and MUST be ignored on reception. zero on transmission and MUST be ignored on reception.
5.2.2. Secure DIS 6.2.2. Secure DIS
A Secure DIS message follows the format in Figure Figure 6, where the A Secure DIS message follows the format in Figure 7, where the base
base format is the DIS message shown in Figure Figure 9. format is the DIS message shown in Figure 13.
5.2.3. DIS Options 6.2.3. DIS Options
The DIS message MAY carry valid options. The DIS message MAY carry valid options.
This specification allows for the DIS message to carry the following This specification allows for the DIS message to carry the following
options: options:
0x00 Pad1 0x00 Pad1
0x01 PadN 0x01 PadN
0x07 Solicited Information 0x07 Solicited Information
5.3. DODAG Information Object (DIO) 6.3. DODAG Information Object (DIO)
The DODAG Information Object carries information that allows a node The DODAG Information Object carries information that allows a node
to discover a RPL Instance, learn its configuration parameters, to discover a RPL Instance, learn its configuration parameters,
select a DODAG parent set, and maintain the upward routing topology. select a DODAG parent set, and maintain the DODAG.
5.3.1. Format of the DIO Base Object 6.3.1. Format of the DIO Base Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RPLInstanceID | Version | Rank | | RPLInstanceID |Version Number | Rank |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|G|0| MOP | Prf | DTSN | Reserved | |G|0| MOP | Prf | DTSN | Flags | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ DODAGID + + DODAGID +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option(s)... | Option(s)...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 10: The DIO Base Object Figure 14: The DIO Base Object
Control Field: The DAG Control Field has three flags and two fields: Control Field: The DAG Control Field has three flags and two fields:
Grounded (G): The Grounded (G) flag indicates whether the Grounded (G): The Grounded (G) flag indicates whether the
DODAG advertised can satisfy the application-defined DODAG advertised can satisfy the application-defined
goal. If the flag is set, the DODAG is grounded. If the goal. If the flag is set, the DODAG is grounded. If the
flag is cleared, the DODAG is floating. flag is cleared, the DODAG is floating.
Mode of Operation (MOP): The Mode of Operation (MOP) field Mode of Operation (MOP): The Mode of Operation (MOP) field
identifies the mode of operation of the RPL Instance as identifies the mode of operation of the RPL Instance as
administratively provisioned at and distributed by the administratively provisioned at and distributed by the
DODAG Root. All nodes who join the DODAG must be able to DODAG Root. All nodes who join the DODAG must be able to
honor the MOP in order to fully participate as a router, honor the MOP in order to fully participate as a router,
or else they must only join as a leaf. MOP is encoded as or else they must only join as a leaf. MOP is encoded as
in the table below: in the figure below:
+-----+-------------------------------------------------+ +-----+-------------------------------------------------+
| MOP | Meaning | | MOP | Meaning |
+-----+-------------------------------------------------+ +-----+-------------------------------------------------+
| 000 | No downward routes maintained by RPL | | 000 | No downward routes maintained by RPL |
| 001 | Non storing mode | | 001 | Non storing mode |
| 010 | Storing without multicast support | | 010 | Storing without multicast support |
| 011 | Storing with multicast support | | 011 | Storing with multicast support |
| | | | | |
| | All other values are reserved | | | All other values are reserved |
+-----+-------------------------------------------------+ +-----+-------------------------------------------------+
A value of 000 indicates that destination advertisement A value of 000 indicates that destination advertisement
messages are disabled and the DODAG maintains only upward messages are disabled and the DODAG maintains only upward
routes routes
Mode of Operation (MOP) Encoding Figure 15: Mode of Operation (MOP) Encoding
DODAGPreference (Prf): A 3-bit unsigned integer that defines DODAGPreference (Prf): A 3-bit unsigned integer that defines
how preferable the root of this DODAG is compared to how preferable the root of this DODAG is compared to
other DODAG roots within the instance. DAGPreference other DODAG roots within the instance. DAGPreference
ranges from 0x00 (least preferred) to 0x07 (most ranges from 0x00 (least preferred) to 0x07 (most
preferred). The default is 0 (least preferred). preferred). The default is 0 (least preferred).
Section 7.2 describes how DAGPreference affects DIO Section 8.2 describes how DAGPreference affects DIO
processing. processing.
Version Number: 8-bit unsigned integer set by the DODAG root. Version Number: 8-bit unsigned integer set by the DODAG root to the
Section 7.2 describes the rules for version numbers and how DODAGVersionNumber. Section 8.2 describes the rules for DODAG
they affect DIO processing. Version numbers and how they affect DIO processing.
Rank: 16-bit unsigned integer indicating the DODAG rank of the node Rank: 16-bit unsigned integer indicating the DODAG rank of the node
sending the DIO message. Section 7.2 describes how Rank is set sending the DIO message. Section 8.2 describes how Rank is set
and how it affects DIO processing. and how it affects DIO processing.
RPLInstanceID: 8-bit field set by the DODAG root that indicates RPLInstanceID: 8-bit field set by the DODAG root that indicates
which RPL Instance the DODAG is part of. which RPL Instance the DODAG is part of.
Destination Advertisement Trigger Sequence Number (DTSN): 8-bit Destination Advertisement Trigger Sequence Number (DTSN): 8-bit
unsigned integer set by the node issuing the DIO message. The unsigned integer set by the node issuing the DIO message. The
Destination Advertisement Trigger Sequence Number (DTSN) flag Destination Advertisement Trigger Sequence Number (DTSN) flag
is used as part of the procedure to maintain downward routes. is used as part of the procedure to maintain downward routes.
The details of this process are described in Section 8. The details of this process are described in Section 9.
DODAGID: 128-bit unsigned integer set by a DODAG root which uniquely Flags: 8-bit unused field reserved for flags. The field MUST be
identifies a DODAG. Possibly derived from the IPv6 address of initialized to zero by the sender and MUST be ignored by the
the DODAG root. receiver.
Reserved: 8-bit unused field. The field MUST be initialized to zero
by the sender and MUST be ignored by the receiver.
DODAGID: 128-bit IPv6 address set by a DODAG root which uniquely
identifies a DODAG. The DODAGID MUST be a routable IPv6
address belonging to the DODAG root.
Unassigned bits of the DIO Base are reserved. They MUST be set to Unassigned bits of the DIO Base are reserved. They MUST be set to
zero on transmission and MUST be ignored on reception. zero on transmission and MUST be ignored on reception.
5.3.2. Secure DIO 6.3.2. Secure DIO
A Secure DIO message follows the format in Figure Figure 6, where the A Secure DIO message follows the format in Figure 7, where the base
base format is the DIS message shown in Figure Figure 10. format is the DIO message shown in Figure 14.
5.3.3. DIO Options 6.3.3. DIO Options
The DIO message MAY carry valid options. The DIO message MAY carry valid options.
This specification allows for the DIO message to carry the following This specification allows for the DIO message to carry the following
options: options:
0x00 Pad1 0x00 Pad1
0x01 PadN 0x01 PadN
0x02 Metric Container 0x02 Metric Container
0x03 Routing Information 0x03 Routing Information
0x04 DODAG Configuration 0x04 DODAG Configuration
0x08 Prefix Information 0x08 Prefix Information
5.4. Destination Advertisement Object (DAO) 6.4. Destination Advertisement Object (DAO)
The Destination Advertisement Object (DAO) is used to propagate The Destination Advertisement Object (DAO) is used to propagate
destination information upwards along the DODAG. The DAO message is destination information upwards along the DODAG. In storing mode the
unicast by the child to the selected parent(s). The DAO message may DAO message is unicast by the child to the selected parent(s). In
optionally, upon explicit request or error, be acknowledged by the non-storing mode the DAO message is unicast to the DODAG root. The
parent with a Destination Advertisement Acknowledgement (DAO-ACK) DAO message may optionally, upon explicit request or error, be
message back to the child. acknowledged by its destination with a Destination Advertisement
Acknowledgement (DAO-ACK) message back to the sender of the DAO.
5.4.1. Format of the DAO Base Object
6.4.1. Format of the DAO Base Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RPLInstanceID |K|D| Reserved | DAOSequence | | RPLInstanceID |K|D| Flags | Reserved | DAOSequence |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ DODAGID* + + DODAGID* +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option(s)... | Option(s)...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 11: The DAO Base Object The '*' denotes that the DODAGID is not always present, as described
below.
Figure 16: The DAO Base Object
RPLInstanceID: 8-bit field indicating the topology instance RPLInstanceID: 8-bit field indicating the topology instance
associated with the DODAG, as learned from the DIO. associated with the DODAG, as learned from the DIO.
K: The 'K' flag indicates that the parent is expected to send a K: The 'K' flag indicates that the recipient is expected to send a
DAO-ACK back. DAO-ACK back. (See Section 9.3
D: The 'D' flag indicates that the DODAGID field is present. This D: The 'D' flag indicates that the DODAGID field is present. This
flag MUST be set when a local RPLInstanceID is used. flag MUST be set when a local RPLInstanceID is used.
DAOSequence: Incremented at each unique DAO message, echoed in the Flags: 6-bit unused field reserved for flags. The field MUST be
DAO-ACK message. initialized to zero by the sender and MUST be ignored by the
receiver.
Reserved: 8-bit unused field. The field MUST be initialized to zero
by the sender and MUST be ignored by the receiver.
DAOSequence: Incremented at each unique DAO message from a node and
echoed in the DAO-ACK message.
DODAGID (optional): 128-bit unsigned integer set by a DODAG root DODAGID (optional): 128-bit unsigned integer set by a DODAG root
which uniquely identifies a DODAG. This field is only present which uniquely identifies a DODAG. This field is only present
when the 'D' flag is set. This field is typically only present when the 'D' flag is set. This field is typically only present
when a local RPLInstanceID is in use, in order to identify the when a local RPLInstanceID is in use, in order to identify the
DODAGID that is associated with the RPLInstanceID. When a DODAGID that is associated with the RPLInstanceID. When a
global RPLInstanceID is in use this field need not be present. global RPLInstanceID is in use this field need not be present.
Unassigned bits of the DAO Base are reserved. They MUST be set to Unassigned bits of the DAO Base are reserved. They MUST be set to
zero on transmission and MUST be ignored on reception. zero on transmission and MUST be ignored on reception.
5.4.2. Secure DAO 6.4.2. Secure DAO
A Secure DAO message follows the format in Figure Figure 6, where the A Secure DAO message follows the format in Figure 7, where the base
base format is the DAO message shown in Figure Figure 11. format is the DAO message shown in Figure 16.
5.4.3. DAO Options 6.4.3. DAO Options
The DAO message MAY carry valid options. The DAO message MAY carry valid options.
This specification allows for the DAO message to carry the following This specification allows for the DAO message to carry the following
options: options:
0x00 Pad1 0x00 Pad1
0x01 PadN 0x01 PadN
0x05 RPL Target 0x05 RPL Target
0x06 Transit Information 0x06 Transit Information
0x09 RPL Target Descriptor
A special case of the DAO message, termed a No-Path, is used to clear A special case of the DAO message, termed a No-Path, is used in
downward routing state that has been provisioned through DAO storing mode to clear downward routing state that has been
operation. The No-Path carries a RPL Transit Information option, provisioned through DAO operation. The No-Path carries a Target
which identifies the destination to which the DAO is associated, with option and an associated Transit Information option with a lifetime
a lifetime of 0x00000000 to indicate a loss of reachability. of 0x00000000 to indicate a loss of reachability to that Target.
5.5. Destination Advertisement Object Acknowledgement (DAO-ACK)
The DAO-ACK message is sent as a unicast packet by a DAO parent in 6.5. Destination Advertisement Object Acknowledgement (DAO-ACK)
response to a unicast DAO message from a child.
5.5.1. Format of the DAO-ACK Base Object The DAO-ACK message is sent as a unicast packet by a DAO recipient (a
DAO parent or DODAG root) in response to a unicast DAO message.
6.5.1. Format of the DAO-ACK Base Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RPLInstanceID |D| Reserved | DAOSequence | Status | | RPLInstanceID |D| Reserved | DAOSequence | Status |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ DODAGID* + + DODAGID* +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option(s)... | Option(s)...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 12: The DAO ACK Base Object The '*' denotes that the DODAGID is not always present, as described
below.
Figure 17: The DAO ACK Base Object
RPLInstanceID: 8-bit field indicating the topology instance RPLInstanceID: 8-bit field indicating the topology instance
associated with the DODAG, as learned from the DIO. associated with the DODAG, as learned from the DIO.
D: The 'D' flag indicates that the DODAGID field is present. This D: The 'D' flag indicates that the DODAGID field is present. This
would typically only be set when a local RPLInstanceID is used. would typically only be set when a local RPLInstanceID is used.
DAOSequence: Incremented at each DAO message from a given child, Flags: 7-bit unused field reserved for flags. The field MUST be
echoed in the DAO-ACK by the parent. The DAOSequence serves in initialized to zero by the sender and MUST be ignored by the
the parent-child communication and is not to be confused with receiver.
the Transit Information option Sequence that is associated to a
given target down the DODAG.
Status: Indicates the completion. 0 is unqualified acceptance, above DAOSequence: Incremented at each DAO message from a node, and echoed
128 are rejection code indicating that the node should select in the DAO-ACK by the recipient. The DAOSequence is used to
an alternate parent. correlate a DAO message and a DAO ACK message and is not to be
confused with the Transit Information option Path Sequence that
is associated to a given target Down the DODAG.
Status: Indicates the completion. Status 0 is unqualified
acceptance, 1 to 127 are reserved and undetermined, and 128 and
greater are rejection codes used to indicate that the node
should select an alternate parent.
DODAGID (optional): 128-bit unsigned integer set by a DODAG root DODAGID (optional): 128-bit unsigned integer set by a DODAG root
which uniquely identifies a DODAG. This field is only present which uniquely identifies a DODAG. This field is only present
when the 'D' flag is set. This field is typically only present when the 'D' flag is set. This field is typically only present
when a local RPLInstanceID is in use, in order to identify the when a local RPLInstanceID is in use, in order to identify the
DODAGID that is associated with the RPLInstanceID. When a DODAGID that is associated with the RPLInstanceID. When a
global RPLInstanceID is in use this field need not be present. global RPLInstanceID is in use this field need not be present.
Unassigned bits of the DAO-ACK Base are reserved. They MUST be set Unassigned bits of the DAO-ACK Base are reserved. They MUST be set
to zero on transmission and MUST be ignored on reception. to zero on transmission and MUST be ignored on reception.
5.5.2. Secure DAO-ACK 6.5.2. Secure DAO-ACK
A Secure DAO-ACK message follows the format in Figure Figure 6, where A Secure DAO-ACK message follows the format in Figure 7, where the
the base format is the DAO-ACK message shown in Figure Figure 12. base format is the DAO-ACK message shown in Figure 17.
5.5.3. DAO-ACK Options 6.5.3. DAO-ACK Options
This specification does not define any options to be carried by the This specification does not define any options to be carried by the
DAO-ACK message. DAO-ACK message.
5.6. Consistency Check (CC) 6.6. Consistency Check (CC)
The CC message is used to check secure message counters and issue The CC message is used to check secure message counters and issue
challenge/responses. A CC message MUST be sent as a secured RPL challenge/responses. A CC message MUST be sent as a secured RPL
message. message.
A CC message (request or response) MUST NOT set the 'C' bit of the A CC message (request or response) MUST NOT set the 'C' bit of the
security section: CC messages always have full counters. security section: CC messages always have full counters.
5.6.1. Format of the CC Base Object 6.6.1. Format of the CC Base Object
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RPLInstanceID |R| Reserved | Nonce | | RPLInstanceID |R| Flags | Nonce |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ DODAGID + + DODAGID +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Counter | | Destination Counter |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Option(s)... | Option(s)...
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 13: The CC Base Object Figure 18: The CC Base Object
RPLInstanceID: 8-bit field indicating the topology instance RPLInstanceID: 8-bit field indicating the topology instance
associated with the DODAG, as learned from the DIO. associated with the DODAG, as learned from the DIO.
R: The 'R' flag indicates whether the CC message is a response. A R: The 'R' flag indicates whether the CC message is a response. A
message with the 'R' flag cleared is a request; a message with message with the 'R' flag cleared is a request; a message with
the 'R' flag set is a response. A CC message with the R bit the 'R' flag set is a response. A CC message with the R bit
set MUST NOT compress the security Counter field: the C bit of set MUST NOT compress the security Counter field: the C bit of
the security section MUST be 0. the security section MUST be 0.
Flags: 7-bit unused field reserved for flags. The field MUST be
initialized to zero by the sender and MUST be ignored by the
receiver.
Nonce: 16-bit unsigned integer set by a CC request. The Nonce: 16-bit unsigned integer set by a CC request. The
corresponding CC response includes the same nonce value as the corresponding CC response includes the same nonce value as the
request. request.
Destination Counter: 32-bit unsigned integer value indicating the Destination Counter: 32-bit unsigned integer value indicating the
sender's estimate of the destination's current security Counter sender's estimate of the destination's current security Counter
value. If the sender does not have an estimate, it SHOULD set value. If the sender does not have an estimate, it SHOULD set
the Destination Counter field to zero. the Destination Counter field to zero.
Unassigned bits of the CC Base are reserved. They MUST be set to Unassigned bits of the CC Base are reserved. They MUST be set to
skipping to change at page 38, line 9 skipping to change at page 42, line 42
ensure that a Counter value is not repeated for a given security key ensure that a Counter value is not repeated for a given security key
even in the event of devices recovering from a failure that created a even in the event of devices recovering from a failure that created a
loss of Counter state. For example, where a CC request or other RPL loss of Counter state. For example, where a CC request or other RPL
message is received with an initialized Counter within the message message is received with an initialized Counter within the message
security section, the provision of the Incoming Counter within the CC security section, the provision of the Incoming Counter within the CC
response message allows the requesting node to reset its Outgoing response message allows the requesting node to reset its Outgoing
Counter to a value greater than the last value received by the Counter to a value greater than the last value received by the
responding node; the Incoming Counter will also be updated from the responding node; the Incoming Counter will also be updated from the
received CC response. received CC response.
5.6.2. CC Options 6.6.2. CC Options
The CC message MAY carry valid options. In the scope of this The CC message MAY carry valid options. In the scope of this
specification, there are no valid options for a CC message. specification, there are no valid options for a CC message.
This specification allows for the CC message to carry the following This specification allows for the CC message to carry the following
options: options:
0x00 Pad1 0x00 Pad1
0x01 PadN 0x01 PadN
5.7. RPL Control Message Options 6.7. RPL Control Message Options
5.7.1. RPL Control Message Option Generic Format 6.7.1. RPL Control Message Option Generic Format
RPL Control Message Options all follow this format: RPL Control Message Options all follow this format:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
| Option Type | Option Length | Option Data | Option Type | Option Length | Option Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
Figure 14: RPL Option Generic Format Figure 19: RPL Option Generic Format
Option Type: 8-bit identifier of the type of option. The Option Option Type: 8-bit identifier of the type of option. The Option
Type values are to be confirmed by the IANA Section 18.4. Type values are to be confirmed by IANA Section 19.4.
Option Length: 8-bit unsigned integer, representing the length in Option Length: 8-bit unsigned integer, representing the length in
octets of the option, not including the Option Type and Length octets of the option, not including the Option Type and Length
fields. fields.
Option Data: A variable length field that contains data specific to Option Data: A variable length field that contains data specific to
the option. the option.
When processing a RPL message containing an option for which the When processing a RPL message containing an option for which the
Option Type value is not recognized by the receiver, the receiver Option Type value is not recognized by the receiver, the receiver
skipping to change at page 39, line 8 skipping to change at page 43, line 42
the following option, correctly handling any remaining options in the the following option, correctly handling any remaining options in the
message. message.
RPL message options may have alignment requirements. Following the RPL message options may have alignment requirements. Following the
convention in IPv6, options with alignment requirements are aligned convention in IPv6, options with alignment requirements are aligned
in a packet such that multi-octet values within the Option Data field in a packet such that multi-octet values within the Option Data field
of each option fall on natural boundaries (i.e., fields of width n of each option fall on natural boundaries (i.e., fields of width n
octets are placed at an integer multiple of n octets from the start octets are placed at an integer multiple of n octets from the start
of the header, for n = 1, 2, 4, or 8). of the header, for n = 1, 2, 4, or 8).
5.7.2. Pad1 6.7.2. Pad1
The Pad1 option may be present in DIS, DIO, DAO, and DAO-ACK The Pad1 option MAY be present in DIS, DIO, DAO, and DAO-ACK
messages, and its format is as follows: messages, and its format is as follows:
0 0
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
| Type = 0 | | Type = 0 |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 15: Format of the Pad 1 Option Figure 20: Format of the Pad 1 Option
The Pad1 option is used to insert one or two octets of padding into The Pad1 option is used to insert one or two octets of padding into
the message to enable options alignment. If more than one octet of the message to enable options alignment. If more than one octet of
padding is required, the PadN option should be used rather than padding is required, the PadN option should be used rather than
multiple Pad1 options. multiple Pad1 options.
NOTE! the format of the Pad1 option is a special case - it has NOTE! the format of the Pad1 option is a special case - it has
neither Option Length nor Option Data fields. neither Option Length nor Option Data fields.
5.7.3. PadN 6.7.3. PadN
The PadN option may be present in DIS, DIO, DAO, and DAO-ACK The PadN option MAY be present in DIS, DIO, DAO, and DAO-ACK
messages, and its format is as follows: messages, and its format is as follows:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
| Type = 1 | Option Length | 0x00 Padding... | Type = 1 | Option Length | 0x00 Padding...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
Figure 16: Format of the Pad N Option Figure 21: Format of the Pad N Option
The PadN option is used to insert two or more octets of padding into The PadN option is used to insert two or more octets of padding into
the message to enable options alignment. PadN Option data MUST be the message to enable options alignment. PadN Option data MUST be
ignored by the receiver. ignored by the receiver.
Option Type: 0x01 (to be confirmed by IANA) Option Type: 0x01 (to be confirmed by IANA)
Option Length: For N (N > 1) octets of padding, the Option Length Option Length: For N (N > 1) octets of padding, the Option Length
field contains the value N-2. field contains the value N-2.
Option Data: For N (N > 1) octets of padding, the Option Data Option Data: For N (N > 1) octets of padding, the Option Data
consists of N-2 zero-valued octets. consists of N-2 zero-valued octets.
5.7.4. Metric Container 6.7.4. Metric Container
The Metric Container option may be present in DIO messages, and its The Metric Container option MAY be present in DIO or DAO messages,
format is as follows: and its format is as follows:
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
| Type = 2 | Option Length | Metric Data | Type = 2 | Option Length | Metric Data
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - -
Figure 17: Format of the Metric Container Option Figure 22: Format of the Metric Container Option
The Metric Container is used to report metrics along the DODAG. The The Metric Container is used to report metrics along the DODAG. The
Metric Container may contain a number of discrete node, link, and Metric Container may contain a number of discrete node, link, and
aggregate path metrics and constraints specified in aggregate path metrics and constraints specified in
[I-D.ietf-roll-routing-metrics] as chosen by the implementer. [I-D.ietf-roll-routing-metrics] as chosen by the implementer.
The Metric Container MAY appear more than once in the same RPL The Metric Container MAY appear more than once in the same RPL
control message, for example to accommodate a use case where the control message, for example to accommodate a use case where the
Metric Data is longer than 256 bytes. More information is in Metric Data is longer than 256 bytes. More information is in
[I-D.ietf-roll-routing-metrics] [I-D.ietf-roll-routing-metrics].
The processing and propagation of the Metric Container is governed by The processing and propagation of the Metric Container is governed by
implementation specific policy functions. implementation specific policy functions.
Option Type: 0x02 (to be confirmed by IANA) Option Type: 0x02 (to be confirmed by IANA)
Option Length: The Option Length field contains the length in octets Option Length: The Option Length field contains the length in octets
of the Metric Data. of the Metric Data.
Metric Data: The order, content, and coding of the Metric Container Metric Data: The order, content, and coding of the Metric Container
data is as specified in [I-D.ietf-roll-routing-metrics]. data is as specified in [I-D.ietf-roll-routing-metrics].
5.7.5. Route Information 6.7.5. Route Information
The Route Information option may be present in DIO messages, and is The Route Information option MAY be present in DIO messages, and is
equivalent in function to the IPv6 ND Route Information option as equivalent in function to the IPv6 Neighbor Discovery (ND) Route
defined in [RFC4191]. The format of the option is modified slightly Information option as defined in [RFC4191]. The format of the option
(Type, Length, Prefix) in order to be carried as a RPL option as is modified slightly (Type, Length, Prefix) in order to be carried as
follows: a RPL option as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 3 | Option Length | Prefix Length |Resvd|Prf|Resvd| | Type = 3 | Option Length | Prefix Length |Resvd|Prf|Resvd|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Route Lifetime | | Route Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
. Prefix (Variable Length) . . Prefix (Variable Length) .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 18: Format of the Route Information Option Figure 23: Format of the Route Information Option
The Route Information option is used to indicate that connectivity to The Route Information option is used to indicate that connectivity to
the specified destination prefix is available from the DODAG root. the specified destination prefix is available from the DODAG root.
In the event that a RPL Control Message may need to specify In the event that a RPL Control Message may need to specify
connectivity to more than one destination, the Route Information connectivity to more than one destination, the Route Information
option may be repeated. option may be repeated.
[RFC4191] should be consulted as the authoritative reference with [RFC4191] should be consulted as the authoritative reference with
respect to the Route Information option. The field descriptions are respect to the Route Information option. The field descriptions are
skipping to change at page 41, line 49 skipping to change at page 46, line 47
the Prefix that are valid. The value ranges from 0 to 128. the Prefix that are valid. The value ranges from 0 to 128.
The Prefix field has the number of bytes inferred from the The Prefix field has the number of bytes inferred from the
Option Length field, that must be at least the Prefix Length. Option Length field, that must be at least the Prefix Length.
Note that in RPL this means that the Prefix field may have Note that in RPL this means that the Prefix field may have
lengths other than 0, 8, or 16. lengths other than 0, 8, or 16.
Prf: 2-bit signed integer. The Route Preference indicates whether Prf: 2-bit signed integer. The Route Preference indicates whether
to prefer the router associated with this prefix over others, to prefer the router associated with this prefix over others,
when multiple identical prefixes (for different routers) have when multiple identical prefixes (for different routers) have
been received. If the Reserved (10) value is received, the been received. If the Reserved (10) value is received, the
Route Information Option MUST be ignored. Route Information Option MUST be ignored. As per [RFC4191],
the Reserved (10) value MUST NOT be sent. ([RFC4191] restricts
the Preference to just three values to reinforce that it is not
a metric).
Resvd: Two 3-bit unused fields. They MUST be initialized to zero by Resvd: Two 3-bit unused fields. They MUST be initialized to zero by
the sender and MUST be ignored by the receiver. the sender and MUST be ignored by the receiver.
Route Lifetime 32-bit unsigned integer. The length of time in Route Lifetime 32-bit unsigned integer. The length of time in
seconds (relative to the time the packet is sent) that the seconds (relative to the time the packet is sent) that the
prefix is valid for route determination. A value of all one prefix is valid for route determination. A value of all one
bits (0xffffffff) represents infinity. bits (0xffffffff) represents infinity.
Prefix Variable-length field containing an IP address or a prefix of Prefix Variable-length field containing an IP address or a prefix of
an IP address. The Prefix Length field contains the number of an IPv6 address. The Prefix Length field contains the number
valid leading bits in the prefix. The bits in the prefix after of valid leading bits in the prefix. The bits in the prefix
the prefix length (if any) are reserved and MUST be initialized after the prefix length (if any) are reserved and MUST be
to zero by the sender and ignored by the receiver. Note that initialized to zero by the sender and ignored by the receiver.
in RPL this field may have lengths other than 0, 8, or 16. Note that in RPL this field may have lengths other than 0, 8,
or 16.
Unassigned bits of the Route Information option are reserved. They Unassigned bits of the Route Information option are reserved. They
MUST be set to zero on transmission and MUST be ignored on reception. MUST be set to zero on transmission and MUST be ignored on reception.
5.7.6. DODAG Configuration 6.7.6. DODAG Configuration
The DODAG Configuration option may be present in DIO messages, and The DODAG Configuration option MAY be present in DIO messages, and
its format is as follows: its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 4 | Option Length | Resrvd|A| PCS | DIOIntDoubl. | | Type = 4 |Opt Length = 14| Flags |A| PCS | DIOIntDoubl. |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| DIOIntMin. | DIORedun. | MaxRankIncrease | | DIOIntMin. | DIORedun. | MaxRankIncrease |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| MinHopRankIncrease | OCP | | MinHopRankIncrease | OCP |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved | Def. Lifetime | Lifetime Unit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 19: Format of the DODAG Configuration Option Figure 24: Format of the DODAG Configuration Option
The DODAG Configuration option is used to distribute configuration The DODAG Configuration option is used to distribute configuration
information for DODAG Operation through the DODAG. information for DODAG Operation through the DODAG.
The information communicated in this option is generally static and The information communicated in this option is generally static and
unchanging within the DODAG, therefore it is not necessary to include unchanging within the DODAG, therefore it is not necessary to include
in every DIO. This information is configured at the DODAG Root and in every DIO. This information is configured at the DODAG Root and
distributed throughout the DODAG with the DODAG Configuration Option. distributed throughout the DODAG with the DODAG Configuration Option.
Nodes other than the DODAG Root MUST NOT modify this information when Nodes other than the DODAG Root MUST NOT modify this information when
propagating the DODAG Configuration option. This option MAY be propagating the DODAG Configuration option. This option MAY be
included occasionally by the DODAG Root (as determined by the DODAG included occasionally by the DODAG Root (as determined by the DODAG
Root), and MUST be included in response to a unicast request, e.g. a Root), and MUST be included in response to a unicast request, e.g. a
unicast DODAG Information Solicitation (DIS) message. unicast DODAG Information Solicitation (DIS) message.
Option Type: 0x04 (to be confirmed by IANA) Option Type: 0x04 (to be confirmed by IANA)
Option Length: 8 bytes Option Length: 14
Authentication Enabled (A): One bit describing the security mode of Flags: 4-bit unused field reserved for flags. The field MUST be
the network. The bit describe whether a node must authenticate initialized to zero by the sender and MUST be ignored by the
with a key authority before joining the network as a router. receiver.
If the DIO is not a secure DIO, the 'A' bit MUST be zero.
Authentication Enabled (A): One bit flag describing the security
mode of the network. The bit describe whether a node must
authenticate with a key authority before joining the network as
a router. If the DIO is not a secure DIO, the 'A' bit MUST be
zero.
Path Control Size (PCS): 3-bit unsigned integer used to configure Path Control Size (PCS): 3-bit unsigned integer used to configure
the number of bits that may be allocated to the Path Control the number of bits that may be allocated to the Path Control
field (see Section 8.9). Note that as used a value of 1 is field (see Section 9.9). Note that when PCS is consulted to
added to this field, i.e. a PCS value of 0 results in 1 active determine the width of the Path Control field a value of 1 is
bit in the Path Control field. The default value of PCS is added, i.e. a PCS value of 0 results in 1 active bit in the
Path Control field. The default value of PCS is
DEFAULT_PATH_CONTROL_SIZE. DEFAULT_PATH_CONTROL_SIZE.
DIOIntervalDoublings: 8-bit unsigned integer used to configure Imax DIOIntervalDoublings: 8-bit unsigned integer used to configure Imax
of the DIO trickle timer (see Section 7.3.1). of the DIO trickle timer (see Section 8.3.1). The default
value of DIOIntervalDoublings is
DEFAULT_DIO_INTERVAL_DOUBLINGS.
DIOIntervalMin: 8-bit unsigned integer used to configure Imin of the DIOIntervalMin: 8-bit unsigned integer used to configure Imin of the
DIO trickle timer (see Section 7.3.1). DIO trickle timer (see Section 8.3.1). The default value of
DIOIntervalMin is DEFAULT_DIO_INTERVAL_MIN.
DIORedundancyConstant: 8-bit unsigned integer used to configure k of DIORedundancyConstant: 8-bit unsigned integer used to configure k of
the DIO trickle timer (see Section 7.3.1). the DIO trickle timer (see Section 8.3.1). The default value
of DIORedundancyConstant is DEFAULT_DIO_REDUNDANCY_CONSTANT.
MaxRankIncrease: 16-bit unsigned integer used to configure MaxRankIncrease: 16-bit unsigned integer used to configure
DAGMaxRankIncrease, the allowable increase in rank in support DAGMaxRankIncrease, the allowable increase in rank in support
of local repair. If DAGMaxRankIncrease is 0 then this of local repair. If DAGMaxRankIncrease is 0 then this
mechanism is disabled. mechanism is disabled.
MinHopRankInc 16-bit unsigned integer used to configure MinHopRankInc 16-bit unsigned integer used to configure
MinHopRankIncrease as described in Section 3.6.2.1. MinHopRankIncrease as described in Section 3.6.1. The default
value of MinHopRankInc is DEFAULT_MIN_HOP_RANK_INCREASE.
Default Lifetime: 8-bit unsigned integer. This is the lifetime that
is used as default for all RPL routes. It is expressed in
units of Lifetime Units, e.g. the default lifetime in seconds
is (Default Lifetime) * (Lifetime Unit).
Lifetime Unit: 16-bit unsigned integer. Provides the unit in
seconds that is used to express route lifetimes in RPL. For
very stable networks, it can be hours to days.
Objective Code Point (OCP) 16-bit unsigned integer. The OCP field Objective Code Point (OCP) 16-bit unsigned integer. The OCP field
identifies the OF and is managed by the IANA. identifies the OF and is managed by the IANA.
5.7.7. RPL Target 6.7.7. RPL Target
The RPL Target option format is as follows: The RPL Target option MAY be present in DAO messages, and its format
is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 5 | Option Length | Reserved | Prefix Length | | Type = 5 | Option Length | Flags | Prefix Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| Target Prefix (Variable Length) | | Target Prefix (Variable Length) |
. . . .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 20: Format of the RPL Target Option Figure 25: Format of the RPL Target Option
The RPL Target Option is used to indicate a target IPv6 address, The RPL Target Option is used to indicate a target IPv6 address,
prefix, or multicast group that is reachable or queried along the prefix, or multicast group that is reachable or queried along the
DODAG. In a DIO, the RPL Target Option identifies a resource that DODAG. In a DAO, the RPL Target option indicates reachability.
the root is trying to reach. In a DAO, the RPL Target option
indicates reachability.
A set of one or more Transit Information options MAY directly follow A RPL Target Option May optionally be paired with a RPL Target
the Target option in a DAO message in support of constructing source Descriptor Option (Figure 30) that qualifies the target.
routes in a non-storing mode of operation
[I-D.hui-6man-rpl-routing-header]. When the same set of Transit A set of one or more Transit Information options (Section 6.7.8) MAY
Information options apply equally to a set of DODAG Target options, directly follow a set of one or more Target option in a DAO message
the group of Target options MUST appear first, followed by the (where each Target Option MAY be paired with a RPL Target Descriptor
Transit Information options which apply to those Targets. Option as above). The structure of the DAO message, detailing how
Target options are used in conjunction with Transit Information
options, is further described in Section 9.6.
The RPL Target option may be repeated as necessary to indicate The RPL Target option may be repeated as necessary to indicate
multiple targets. multiple targets.
Option Type: 0x05 (to be confirmed by IANA) Option Type: 0x05 (to be confirmed by IANA)
Option Length: Variable, length of the option in octets excluding Option Length: Variable, length of the option in octets excluding
the Type and Length fields. the Type and Length fields.
Flags: 8-bit unused field reserved for flags. The field MUST be
initialized to zero by the sender and MUST be ignored by the
receiver.
Prefix Length: 8-bit unsigned integer. Number of valid leading bits Prefix Length: 8-bit unsigned integer. Number of valid leading bits
in the IPv6 Prefix. in the IPv6 Prefix.
Target Prefix: Variable-length field identifying an IPv6 destination Target Prefix: Variable-length field identifying an IPv6 destination
address, prefix, or multicast group. The Prefix Length field address, prefix, or multicast group. The Prefix Length field
contains the number of valid leading bits in the prefix. The contains the number of valid leading bits in the prefix. The
bits in the prefix after the prefix length (if any) are bits in the prefix after the prefix length (if any) are
reserved and MUST be set to zero on transmission and MUST be reserved and MUST be set to zero on transmission and MUST be
ignored on receipt. ignored on receipt.
5.7.8. Transit Information 6.7.8. Transit Information
The Transit Information option may be present in DAO messages, and The Transit Information option MAY be present in DAO messages, and
its format is as follows: its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 6 | Option Length | Path Sequence | Path Control | | Type = 6 | Option Length |E| Flags | Path Control |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Path Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Path Sequence | Path Lifetime | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +
| | | |
+ + + +
| | | |
+ Parent Address* + + Parent Address* +
| | | |
+ + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 21: Format of the Transit Information option The '*' denotes that the Parent Address is not always present, as
described below.
Figure 26: Format of the Transit Information option
The Transit Information option is used for a node to indicate The Transit Information option is used for a node to indicate
attributes for a path to one or more destinations. The destinations attributes for a path to one or more destinations. The destinations
are indicated as by one or more Target options that immediately are indicated by one or more Target options that immediately precede
precede the Transit Information option(s). the Transit Information option(s).
The Transit Information option can used for a node to indicate its The Transit Information option can be used for a node to indicate its
DODAG parents to an ancestor that is collecting DODAG routing DODAG parents to an ancestor that is collecting DODAG routing
information, typically for the purpose of constructing source routes. information, typically for the purpose of constructing source routes.
In the non-storing mode of operation this ancestor will be the DODAG In the non-storing mode of operation this ancestor will be the DODAG
Root, and this option is carried by the DAO message. The option Root, and this option is carried by the DAO message. In the storing
length is used to determine whether the Parent Address is present or mode of operation the Parent Address is not needed, since the DAO
not. message is sent directly to the parent. The option length is used to
determine whether the Parent Address is present or not.
A non-storing node that has more than one DAO parent MAY include a A non-storing node that has more than one DAO parent MAY include a
Transit Information option for each DAO parent as part of the non- Transit Information option for each DAO parent as part of the non-
storing Destination Advertisement operation. The node may code the storing destination advertisement operation. The node may distribute
Path Control field in order to signal a preference among parents. the bits in the Path Control field among different groups of DAO
parents in order to signal a preference among parents. That
preference may influence the decision of the DODAG root when
selecting among the alternate parents/paths for constructing downward
routes.
One or more Transit Information options MUST be preceded by one or One or more Transit Information options MUST be preceded by one or
more RPL Target options. In this manner the RPL Target option more RPL Target options. In this manner the RPL Target option
indicates the child node, and the Transit Information option(s) indicates the child node, and the Transit Information option(s)
enumerate the DODAG parents. enumerate the DODAG parents. The structure of the DAO message,
further detailing how Target options are used in conjunction with
Transit Information options, is further described in Section 9.6.
A typical non-storing node will use multiple Transit Information A typical non-storing node will use multiple Transit Information
options, and it will send the DAO thus formed to only one parent that options, and it will send the DAO message thus formed directly to the
will forward it to the root. A typical storing node with use one root. A typical storing node will use one Transit Information option
Transit Information option with no parent field, and will send the with no parent field, and will send the DAO message thus formed, with
DAO thus formed to multiple parents. additional adjustments to Path Control as detailed later, to one or
multiple parents.
For example, in a non-storing mode of operation let Tgt(T) denote a
Target option for a target T. Let Trnst(P) denote a Transit
Information option that contains a parent address P. Consider the
case of a non-storing node N that advertises the self-owned targets
N1 and N2 and has parents P1, P2, and P3. In that case the DAO
message would be expected to contain the sequence ( (Tgt(N1),
Tgt(N2)), (Trnst(P1), Trnst(P2), Trnst(P3)) ), such that the group of
Target options {N1, N2} are described by the Transit Information
options as having the parents {P1, P2, P3}. The non-storing node
would then address that DAO message directly to the DODAG root, and
forward that DAO message through one of the DODAG parents P1, P2, or
P3.
Option Type: 0x06 (to be confirmed by IANA) Option Type: 0x06 (to be confirmed by IANA)
Option Length: Variable, depending on whether or not Parent Address Option Length: Variable, depending on whether or not Parent Address
is present. is present.
Path-Sequence: 8-bit unsigned integer. When a RPL Target option is External (E): 1-bit flag. The 'E' flag is set to indicate that the
issued by the node that owns the Target Prefix (i.e. in a DAO parent router redistributes external targets into the RPL
message), that node sets the Path-Sequence and increments the network. An external target is a target that has been learned
Path-Sequence each time it issues a RPL Target option. through an alternate protocol. The external targets are listed
in the target options that immediately precede the Transit
Information option. An external target is not expected to
support RPL messages and options.
Flags: 7-bit unused field reserved for flags. The field MUST be
initialized to zero by the sender and MUST be ignored by the
receiver.
Path Control: 8-bit bitfield. The Path Control field limits the Path Control: 8-bit bitfield. The Path Control field limits the
number of DAO-Parents to which a DAO message advertising number of DAO-Parents to which a DAO message advertising
connectivity to a specific destination may be sent, as well as connectivity to a specific destination may be sent, as well as
providing some indication of relative preference. The limit providing some indication of relative preference. The limit
provides some bound on overall DAO fan-out in the LLN. The provides some bound on overall DAO message fan-out in the LLN.
leftmost bit is associated with a path that contains a most- The assignment and ordering of the bits in the path control
preferred link, and the subsequent bits are ordered down to the also serves to communicate preference. Not all of these bits
rightmost bit which is least preferred. may be enabled as according the the PCS in the DODAG
Configuration. The Path Control field is divided into four
subfields which contain two bits each: PC1, PC2, PC3, and PC4,
as illustrated in Figure 27. The subfields are ordered by
preference, with PC1 being the most preferred and PC4 being the
least preferred. Within a subfield there is no order of
preference. By grouping the parents (as in ECMP) and ordering
them, the parents may be associated with specific bits in the
Path Control field in a way that communicates preference.
Path Lifetime: 32-bit unsigned integer. The length of time in 0 1 2 3 4 5 6 7
seconds (relative to the time the packet is sent) that the +-+-+-+-+-+-+-+-+
prefix is valid for route determination. A value of all one |PC1|PC2|PC3|PC4|
bits (0xFFFFFFFF) represents infinity. A value of all zero +-+-+-+-+-+-+-+-+
bits (0x00000000) indicates a loss of reachability. This is
referred as a No-Path in this document. Figure 27: Path Control Preference Sub-field Encoding
Path Sequence: 8-bit unsigned integer. When a RPL Target option is
issued by the node that owns the Target Prefix (i.e. in a DAO
message), that node sets the Path Sequence and increments the
Path Sequence each time it issues a RPL Target option with
updated information.
Path Lifetime: 8-bit unsigned integer. The length of time in
Lifetime Units (obtained from the Configuration option) that
the prefix is valid for route determination. The period starts
when a new Path Sequence is seen. A value of all one bits
(0xFF) represents infinity. A value of all zero bits (0x00)
indicates a loss of reachability. A DAO message that contains
a Transit Information option with a Path Lifetime of 0x00 for a
Target is referred as a No-Path (for that Target) in this
document.
Parent Address (optional): IPv6 Address of the DODAG Parent of the Parent Address (optional): IPv6 Address of the DODAG Parent of the
node originally issuing the Transit Information Option. This node originally issuing the Transit Information Option. This
field may not be present, as according to the DODAG Mode of field may not be present, as according to the DODAG Mode of
Operation and indicated by the Transit Information option Operation (storing or non-storing) and indicated by the Transit
length. Information option length.
Unassigned bits of the Transit Information option are reserved. They Unassigned bits of the Transit Information option are reserved. They
MUST be set to zero on transmission and MUST be ignored on reception. MUST be set to zero on transmission and MUST be ignored on reception.
5.7.9. Solicited Information 6.7.9. Solicited Information
The Solicited Information option may be present in DIS messages, and The Solicited Information option MAY be present in DIS messages, and
its format is as follows: its format is as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 7 | Option Length | RPLInstanceID |V|I|D| Rsvd | | Type = 7 |Opt Length = 19| RPLInstanceID |V|I|D| Flags |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ DODAGID + + DODAGID +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | |Version Number |
+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+
Figure 22: Format of the Solicited Information Option Figure 28: Format of the Solicited Information Option
The Solicited Information option is used for a node to request DIO The Solicited Information option is used for a node to request DIO
messages from a subset of neighboring nodes. The Solicited messages from a subset of neighboring nodes. The Solicited
Information option may specify a number of predicate criteria to be Information option may specify a number of predicate criteria to be
matched by a receiving node. These predicates affect whether a node matched by a receiving node. This is used by the requester to limit
resets its DIO trickle timer, as described in Section 7.3 the number of replies from "non-interesting" nodes. These predicates
affect whether a node resets its DIO trickle timer, as described in
Section 8.3.
Option Type: 0x07 (to be confirmed by IANA) Option Type: 0x07 (to be confirmed by IANA)
Option Length: 19 bytes Option Length: 19
Control Field: The Solicited Information option Control Field has
three flags:
V: If the V flag is set then the Version field is valid and Control Field: The control field contains flags that indicate which
a node matches the predicate if its DODAGVersionNumber predicates a node should check when deciding whether to reset
matches the requested version. If the V flag is clear its Trickle timer. A node resets its Trickle timer when all
then the Version field is not valid and the Version field predicates are true. If a flag is set, then the RPL node MUST
MUST be set to zero on transmission and ignored upon check the associated predicate. If a flag is cleared, then the
receipt. RPL node MUST NOT check the associated predicate and assume the
predicate is true. The Solicited Information option Control
Field has three flags:
I: If the I flag is set then the RPLInstanceID field is V: The V flag is the Version predicate. The Version
valid and a node matches the predicate if it matches the predicate is true if the receiver's DODAGVersionNumber
requested RPLInstanceID. If the I flag is clear then the matches the requested Version Number. If the V flag is
RPLInstanceID field is not valid and the RPLInstanceID cleared then the Version field is not valid and the
field MUST be set to zero on transmission and ignored Version field MUST be set to zero on transmission and
upon receipt. ignored upon receipt.
D: If the D flag is set then the DODAGID field is valid and I: The I flag is the InstanceID predicate. The InstanceID
a node matches the predicate if it matches the requested predicate is true when the RPL node's current
DODAGID. If the D flag is clear then the DODAGID field RPLInstanceID matches the requested RPLInstanceID. If
is not valid and the DODAGID field MUST be set to zero on the I flag is cleared then the RPLInstanceID field is not
valid and the RPLInstanceID field MUST be set to zero on
transmission and ignored upon receipt. transmission and ignored upon receipt.
Version: 8-bit unsigned integer containing the DODAG Version number D: The D flag is the DODAGID predicate. The DODAGID
that is being solicited when valid. predicate is true if the RPL node's parent set has the
same DODAGID as the DODAGID field. If the D flag is
cleared then the DODAGID field is not valid and the
DODAGID field MUST be set to zero on transmission and
ignored upon receipt.
Flags: 5-bit unused field reserved for flags. The field MUST
be initialized to zero by the sender and MUST be ignored
by the receiver.
Version Number: 8-bit unsigned integer containing the value of
DODAGVersionNumber that is being solicited when valid.
RPLInstanceID: 8-bit unsigned integer containing the RPLInstanceID RPLInstanceID: 8-bit unsigned integer containing the RPLInstanceID
that is being solicited when valid. that is being solicited when valid.
DODAGID: 128-bit unsigned integer containing the DODAGID that is DODAGID: 128-bit unsigned integer containing the DODAGID that is
being solicited when valid. being solicited when valid.
Unassigned bits of the Solicited Information option are reserved. Unassigned bits of the Solicited Information option are reserved.
They MUST be set to zero on transmission and MUST be ignored on They MUST be set to zero on transmission and MUST be ignored on
reception. reception.
5.7.10. Prefix Information 6.7.10. Prefix Information
The Prefix Information option may be present in DIO messages, and is The Prefix Information option MAY be present in DIO messages, and is
equivalent in function to the IPv6 ND Prefix Information option as equivalent in function to the IPv6 ND Prefix Information option as
defined in [RFC4861]. The format of the option is modified slightly defined in [RFC4861]. The format of the option is modified slightly
(Type, Length, Prefix) in order to be carried as a RPL option as (Type, Length, Prefix) in order to be carried as a RPL option as
follows: follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 8 | Option Length | Prefix Length |L|A| Reserved1 | | Type = 8 |Opt Length = 30| Prefix Length |L|A|R|Reserved1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Valid Lifetime | | Valid Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preferred Lifetime | | Preferred Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Reserved2 | | Reserved2 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ + + +
| | | |
+ Prefix + + Prefix +
| | | |
+ + + +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 23: Format of the Prefix Information Option
Figure 29: Format of the Prefix Information Option
The Prefix Information option may be used to distribute the prefix in The Prefix Information option may be used to distribute the prefix in
use inside the DODAG, e.g. for address autoconfiguration. use inside the DODAG, e.g. for address autoconfiguration.
[RFC4861] should be consulted as the authoritative reference with [RFC4861] and [RFC3775] should be consulted as the authoritative
respect to the Prefix Information option. The field descriptions are reference with respect to the Prefix Information option. The field
transcribed here for convenience: descriptions are transcribed here for convenience:
Option Type: 0x08 (to be confirmed by IANA) Option Type: 0x08 (to be confirmed by IANA)
Option Length: 30. Note that this length is expressed in units of Option Length: 30. Note that this length is expressed in units of
single-octets, unlike in IPv6 ND. single-octets, unlike in IPv6 ND.
Prefix Length 8-bit unsigned integer. The number of leading bits in Prefix Length 8-bit unsigned integer. The number of leading bits in
the Prefix that are valid. The value ranges from 0 to 128. the Prefix that are valid. The value ranges from 0 to 128.
The prefix length field provides necessary information for on- The prefix length field provides necessary information for on-
link determination (when combined with the L flag in the prefix link determination (when combined with the L flag in the prefix
skipping to change at page 49, line 38 skipping to change at page 56, line 30
advertisement makes no statement about on-link or off-link advertisement makes no statement about on-link or off-link
properties of the prefix. In other words, if the L flag is not properties of the prefix. In other words, if the L flag is not
set a host MUST NOT conclude that an address derived from the set a host MUST NOT conclude that an address derived from the
prefix is off-link. That is, it MUST NOT update a previous prefix is off-link. That is, it MUST NOT update a previous
indication that the address is on-link. indication that the address is on-link.
A 1-bit autonomous address-configuration flag. When set A 1-bit autonomous address-configuration flag. When set
indicates that this prefix can be used for stateless address indicates that this prefix can be used for stateless address
configuration as specified in [RFC4862]. configuration as specified in [RFC4862].
Reserved1 6-bit unused field. It MUST be initialized to zero by the R 1-bit Router address flag. When set, indicates that the Prefix
field contains a complete IPv6 address assigned to the sending
router that can be used as parent in a target option. The
indicated prefix is the first Prefix Length bits of the Prefix
field. The router IPv6 address has the same scope and conforms
to the same lifetime values as the advertised prefix. This use
of the Prefix field is compatible with its use in advertising
the prefix itself, since Prefix Advertisement uses only the
leading bits. Interpretation of this flag bit is thus
independent of the processing required for the On-Link (L) and
Autonomous Address-Configuration (A) flag bits.
Reserved1 5-bit unused field. It MUST be initialized to zero by the
sender and MUST be ignored by the receiver. sender and MUST be ignored by the receiver.
Valid Lifetime 32-bit unsigned integer. The length of time in Valid Lifetime 32-bit unsigned integer. The length of time in
seconds (relative to the time the packet is sent) that the seconds (relative to the time the packet is sent) that the
prefix is valid for the purpose of on-link determination. A prefix is valid for the purpose of on-link determination. A
value of all one bits (0xffffffff) represents infinity. The value of all one bits (0xffffffff) represents infinity. The
Valid Lifetime is also used by [RFC4862]. Valid Lifetime is also used by [RFC4862].
Preferred Lifetime 32-bit unsigned integer. The length of time in Preferred Lifetime 32-bit unsigned integer. The length of time in
seconds (relative to the time the packet is sent) that seconds (relative to the time the packet is sent) that
skipping to change at page 50, line 4 skipping to change at page 57, line 10
seconds (relative to the time the packet is sent) that the seconds (relative to the time the packet is sent) that the
prefix is valid for the purpose of on-link determination. A prefix is valid for the purpose of on-link determination. A
value of all one bits (0xffffffff) represents infinity. The value of all one bits (0xffffffff) represents infinity. The
Valid Lifetime is also used by [RFC4862]. Valid Lifetime is also used by [RFC4862].
Preferred Lifetime 32-bit unsigned integer. The length of time in Preferred Lifetime 32-bit unsigned integer. The length of time in
seconds (relative to the time the packet is sent) that seconds (relative to the time the packet is sent) that
addresses generated from the prefix via stateless address addresses generated from the prefix via stateless address
autoconfiguration remain preferred [RFC4862]. A value of all autoconfiguration remain preferred [RFC4862]. A value of all
one bits (0xffffffff) represents infinity. See [RFC4862]. one bits (0xffffffff) represents infinity. See [RFC4862].
Note that the value of this field MUST NOT exceed the Valid Note that the value of this field MUST NOT exceed the Valid
Lifetime field to avoid preferring addresses that are no longer Lifetime field to avoid preferring addresses that are no longer
valid. valid.
Reserved2 This field is unused. It MUST be initialized to zero by Reserved2 This field is unused. It MUST be initialized to zero by
the sender and MUST be ignored by the receiver. the sender and MUST be ignored by the receiver.
Prefix An IP address or a prefix of an IP address. The Prefix Prefix An IPv6 address or a prefix of an IPv6 address. The Prefix
Length field contains the number of valid leading bits in the Length field contains the number of valid leading bits in the
prefix. The bits in the prefix after the prefix length are prefix. The bits in the prefix after the prefix length are
reserved and MUST be initialized to zero by the sender and reserved and MUST be initialized to zero by the sender and
ignored by the receiver. A router SHOULD NOT send a prefix ignored by the receiver. A router SHOULD NOT send a prefix
option for the link-local prefix and a host SHOULD ignore such option for the link-local prefix and a host SHOULD ignore such
a prefix option. A non-storing node SHOULD refrain from a prefix option. A non-storing node SHOULD refrain from
advertising a prefix till it owns an address of that prefix, advertising a prefix till it owns an address of that prefix,
and then it SHOULD advertise its full address in this field, to and then it SHOULD advertise its full address in this field,
be used by its children in the Parent Address field of the with the 'R' flag set. The children of a node that so
Transit Information Option advertises a full address with the 'R' flag set may then use
that address to determine the content of the Parent Address
field of the Transit Information Option.
Unassigned bits of the Prefix Information option are reserved. They Unassigned bits of the Prefix Information option are reserved. They
MUST be set to zero on transmission and MUST be ignored on reception. MUST be set to zero on transmission and MUST be ignored on reception.
6. Sequence Counters 6.7.11. RPL Target descriptor
The RPL Target option MAY be immediately followed by one opaque
descriptor that qualifies that specific target.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 9 |Opt Length = 4 | Descriptor |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Descriptor (cont.) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 30: Format of the RPL Target Descriptor Option
The RPL Target Descriptor Option is used to qualify a target,
something that is sometimes called tagging.
There can be at most one descriptor per target. The descriptor is
set by the node that injects the target in the RPL network. It MUST
be copied but not modified by routers that propagate the target Up
the DODAG in DAO messages.
Option Type: 0x09 (to be confirmed by IANA)
Option Length: 4
Descriptor: 32-bit unsigned integer. Opaque.
7. Sequence Counters
This section describes the general scheme for bootstrap and operation This section describes the general scheme for bootstrap and operation
of sequence counters in RPL, such as the DODAGVersionNumber in the of sequence counters in RPL, such as the DODAGVersionNumber in the
DIO message, the DAOSequence in the DAO message, and the Path- DIO message, the DAOSequence in the DAO message, and the Path
Sequence in the Transit Information option. Sequence in the Transit Information option.
7.1. Sequence Counter Overview
This specification utilizes three different sequence numbers to
validate the freshness and the synchronization of protocol
information:
DODAGVersionNumber: This sequence counter is present in the DIO
base to indicate the Version of the DODAG being formed. The
DODAGVersionNumber is monotonically incremented by the root
each time the root decides to form a new Version of the DODAG
in order to revalidate the integrity and allow a global repairs
to occur. The DODAGVersionNumber is propagated unchanged Down
the DODAG as routers join the new DODAG Version. The
DODAGVersionNumber is globally significant in a DODAG and
indicates the Version of the DODAG that a router is operating
in. An older (lesser) value indicates that the originating
router has not migrated to the new DODAG Version and can not be
used as a parent once the receiving node has migrated to the
newer DODAG Version.
DAOSequence: This sequence counter is present in the DAO base to
correlate a DAO message and a DAO ACK message. The DAOSequence
number is locally significant to the node that issues a DAO
message for its own consumption to detect the loss of a DAO
message and enable retries.
Path Sequence: This sequence counter is present in the Transit
Information option in a DAO message. The purpose of this
counter is to differentiate a movement where a newer route
supersedes a stale one from a route redundancy scenario where
multiple routes exist in parallel for a same target. The Path
Sequence is globally significant in a DODAG and indicates the
freshness of the route to the associated target. An older
(lesser) value received from an originating router indicates
that the originating router holds stale routing states and the
originating router should not be considered anymore as a
potential next-hop for the target. The Path Sequence is
computed by the node that advertises the target, that is the
target itself or a router that advertises a target on behalf of
a host, and is unchanged as the DAO content is propagated
towards the root by parent routers. If a host does not pass a
counter to its router, then the router is in charge of
computing the Path Sequence on behalf of the host and the host
can only register to one router for that purpose. If a DAO
message containing a same target is issued to multiple parents
at a given point of time for the purpose of route redundancy,
then the Path Sequence is the same in all the DAO messages for
that same target.
7.2. Sequence Counter Operation
RPL sequence counters are subdivided in a 'lollipop' fashion RPL sequence counters are subdivided in a 'lollipop' fashion
([Perlman83]), where the values from 128 and greater are used as a ([Perlman83]), where the values from 128 and greater are used as a
linear sequence to indicate a restart and bootstrap the counter, and linear sequence to indicate a restart and bootstrap the counter, and
the values less than or equal to 127 used as a circular sequence the values less than or equal to 127 used as a circular sequence
number space of size 128 as in [RFC1982]. Consideration is given to number space of size 128 as in [RFC1982]. Consideration is given to
the mode of operation when transitioning from the linear region to the mode of operation when transitioning from the linear region to
the circular region. Finally, when operating in the circular region, the circular region. Finally, when operating in the circular region,
if sequence numbers are detected to be too far apart then they are if sequence numbers are detected to be too far apart then they are
not comparable, as detailed below. not comparable, as detailed below.
A window of comparison, SEQUENCE_WINDOW = 16, is configured based on A window of comparison, SEQUENCE_WINDOW = 16, is configured based on
a value of 2^N, where N=4. a value of 2^N, where N is defined to be 4 in this specification.
For a given sequence counter, For a given sequence counter,
1. The sequence counter SHOULD be initialized to an implementation 1. The sequence counter SHOULD be initialized to an implementation
defined value which is 128 or greater prior to use. A defined value which is 128 or greater prior to use. A
recommended value is 240 (256 - SEQUENCE_WINDOW). recommended value is 240 (256 - SEQUENCE_WINDOW).
2. When a sequence counter increment would cause the sequence 2. When a sequence counter increment would cause the sequence
counter to increment beyond its maximum value, the sequence counter to increment beyond its maximum value, the sequence
counter MUST wrap back to zero. When incrementing a sequence counter MUST wrap back to zero. When incrementing a sequence
skipping to change at page 52, line 14 skipping to change at page 61, line 14
2. In the case where both sequence counters to be compared are 2. In the case where both sequence counters to be compared are
less than or equal to 127, and in the case where both less than or equal to 127, and in the case where both
sequence counters to be compared are greater than or equal to sequence counters to be compared are greater than or equal to
128: 128:
1. If the absolute magnitude of difference between the two 1. If the absolute magnitude of difference between the two
sequence counters is less than or equal to sequence counters is less than or equal to
SEQUENCE_WINDOW, then a comparison as described in SEQUENCE_WINDOW, then a comparison as described in
[RFC1982] is used to determine the relationships greater [RFC1982] is used to determine the relationships greater
than, less than, and equal than, less than, and equal.
2. If the absolute magnitude of difference of the two 2. If the absolute magnitude of difference of the two
sequence counters is greater than SEQUENCE_WINDOW, then a sequence counters is greater than SEQUENCE_WINDOW, then a
desynchronization has occurred and the two sequence desynchronization has occurred and the two sequence
numbers are not comparable. numbers are not comparable.
4. If two sequence numbers are determined to be not comparable, i.e. 4. If two sequence numbers are determined to be not comparable, i.e.
the results of the comparison are not defined, then a node should the results of the comparison are not defined, then a node should
consider the comparison as if it has evaluated in such a way so consider the comparison as if it has evaluated in such a way so
as to give precedence to the sequence number that has most as to give precedence to the sequence number that has most
recently been observed to increment. Failing this, the node recently been observed to increment. Failing this, the node
should consider the comparison as if it has evaluated in such a should consider the comparison as if it has evaluated in such a
way so as to minimize the resulting changes to its own state. way so as to minimize the resulting changes to its own state.
7. Upward Routes 8. Upward Routes
This section describes how RPL discovers and maintains upward routes. This section describes how RPL discovers and maintains upward routes.
It describes the use of DODAG Information Objects (DIOs), the It describes the use of DODAG Information Objects (DIOs), the
messages used to discover and maintain these routes. It specifies messages used to discover and maintain these routes. It specifies
how RPL generates and responds to DIOs. It also describes DODAG how RPL generates and responds to DIOs. It also describes DODAG
Information Solicitation (DIS) messages, which are used to trigger Information Solicitation (DIS) messages, which are used to trigger
DIO transmissions. DIO transmissions.
7.1. DIO Base Rules 8.1. DIO Base Rules
1. For the following DIO Base fields, a node that is not a DODAG 1. For the following DIO Base fields, a node that is not a DODAG
root MUST advertise the same values as its preferred DODAG parent root MUST advertise the same values as its preferred DODAG parent
(defined in Section 7.2.1). Therefore, if a DODAG root does not (defined in Section 8.2.1). In this way these values will
change these values, every node in a route to that DODAG root propagate Down the DODAG unchanged and advertised by every node
eventually advertises the same values for these fields. These that has a route to that DODAG root. These fields are:
fields are:
1. Grounded (G) 1. Grounded (G)
2. Mode of Operation (MOP) 2. Mode of Operation (MOP)
3. DAGPreference (Prf) 3. DAGPreference (Prf)
4. Version 4. Version
5. RPLInstanceID 5. RPLInstanceID
6. DODAGID 6. DODAGID
2. A node MAY update the following fields at each hop: 2. A node MAY update the following fields at each hop:
1. Rank 1. Rank
2. DTSN 2. DTSN
3. The DODAGID field each root sets MUST be unique within the RPL 3. The DODAGID field each root sets MUST be unique within the RPL
Instance. Instance and MUST be a routable IPv6 address belonging to the
root.
7.2. Upward Route Discovery and Maintenance 8.2. Upward Route Discovery and Maintenance
Upward route discovery allows a node to join a DODAG by discovering Upward route discovery allows a node to join a DODAG by discovering
neighbors that are members of the DODAG of interest and identifying a neighbors that are members of the DODAG of interest and identifying a
set of parents. The exact policies for selecting neighbors and set of parents. The exact policies for selecting neighbors and
parents is implementation-dependent and driven by the OF. This parents is implementation-dependent and driven by the OF. This
section specifies the set of rules those policies must follow for section specifies the set of rules those policies must follow for
interoperability. interoperability.
7.2.1. Neighbors and Parents within a DODAG Version 8.2.1. Neighbors and Parents within a DODAG Version
RPL's upward route discovery algorithms and processing are in terms RPL's upward route discovery algorithms and processing are in terms
of three logical sets of link-local nodes. First, the candidate of three logical sets of link-local nodes. First, the candidate
neighbor set is a subset of the nodes that can be reached via link- neighbor set is a subset of the nodes that can be reached via link-
local multicast. The selection of this set is implementation- local multicast. The selection of this set is implementation-
dependent and OF-dependent. Second, the parent set is a restricted dependent and OF-dependent. Second, the parent set is a restricted
subset of the candidate neighbor set. Finally, the preferred parent, subset of the candidate neighbor set. Finally, the preferred parent
a set of size one, is an element of the parent set that is the is a member of the parent set that is the preferred next hop in
preferred next hop in upward routes. upward routes. The preferred parent is conceptually a single parent
although it may be a set of multiple parents if those parents are
equally preferred and have identical rank.
More precisely: More precisely:
1. The DODAG parent set MUST be a subset of the candidate neighbor 1. The DODAG parent set MUST be a subset of the candidate neighbor
set. set.
2. A DODAG root MUST have a DODAG parent set of size zero. 2. A DODAG root MUST have a DODAG parent set of size zero.
3. A node that is not a DODAG root MAY maintain a DODAG parent set 3. A node that is not a DODAG root MAY maintain a DODAG parent set
of size greater than or equal to one. of size greater than or equal to one.
4. A node's preferred DODAG parent MUST be a member of its DODAG 4. A node's preferred DODAG parent MUST be a member of its DODAG
parent set. parent set.
5. A node's rank MUST be greater than all elements of its DODAG 5. A node's rank MUST be greater than all elements of its DODAG
parent set. parent set.
6. When Neighbor Unreachability Detection (NUD), or an equivalent 6. When Neighbor Unreachability Detection (NUD) [RFC4861], or an
mechanism, determines that a neighbor is no longer reachable, a equivalent mechanism, determines that a neighbor is no longer
RPL node MUST NOT consider this node in the candidate neighbor reachable, a RPL node MUST NOT consider this node in the
set when calculating and advertising routes until it determines candidate neighbor set when calculating and advertising routes
that it is again reachable. Routes through an unreachable until it determines that it is again reachable. Routes through
neighbor MUST be removed from the routing table. an unreachable neighbor MUST be removed from the routing table.
These rules ensure that there is a consistent partial order on nodes These rules ensure that there is a consistent partial order on nodes
within the DODAG. As long as node ranks do not change, following the within the DODAG. As long as node ranks do not change, following the
above rules ensures that every node's route to a DODAG root is loop- above rules ensures that every node's route to a DODAG root is loop-
free, as rank decreases on each hop to the root. free, as rank decreases on each hop to the root.
The OF can guide candidate neighbor set and parent set selection, as The OF can guide candidate neighbor set and parent set selection, as
discussed in [I-D.ietf-roll-routing-metrics] and [I-D.ietf-roll-of0]. discussed in [I-D.ietf-roll-of0].
7.2.2. Neighbors and Parents across DODAG Versions 8.2.2. Neighbors and Parents across DODAG Versions
The above rules govern a single DODAG version. The rules in this The above rules govern a single DODAG Version. The rules in this
section define how RPL operates when there are multiple DODAG section define how RPL operates when there are multiple DODAG
versions: Versions:
7.2.2.1. DODAG Version 8.2.2.1. DODAG Version
1. The tuple (RPLInstanceID, DODAGID, DODAGVersionNumber) uniquely 1. The tuple (RPLInstanceID, DODAGID, DODAGVersionNumber) uniquely
defines a DODAG Version. Every element of a node's DODAG parent defines a DODAG Version. Every element of a node's DODAG parent
set, as conveyed by the last heard DIO message from each DODAG set, as conveyed by the last heard DIO message from each DODAG
parent, MUST belong to the same DODAG version. Elements of a parent, MUST belong to the same DODAG Version. Elements of a
node's candidate neighbor set MAY belong to different DODAG node's candidate neighbor set MAY belong to different DODAG
Versions. Versions.
2. A node is a member of a DODAG version if every element of its 2. A node is a member of a DODAG Version if every element of its
DODAG parent set belongs to that DODAG version, or if that node DODAG parent set belongs to that DODAG Version, or if that node
is the root of the corresponding DODAG. is the root of the corresponding DODAG.
3. A node MUST NOT send DIOs for DODAG versions of which it is not a 3. A node MUST NOT send DIOs for DODAG Versions of which it is not a
member. member.
4. DODAG roots MAY increment the DODAGVersionNumber that they 4. DODAG roots MAY increment the DODAGVersionNumber that they
advertise and thus move to a new DODAG version. When a DODAG advertise and thus move to a new DODAG Version. When a DODAG
root increments its DODAGVersionNumber, it MUST follow the root increments its DODAGVersionNumber, it MUST follow the
conventions of Serial Number Arithmetic as described in conventions of Serial Number Arithmetic as described in
Section 6. Section 7. Events triggering the increment of the
DODAGVersionNumber are described later in this section and in
Section 17.
5. Within a given DODAG, a node that is a not a root MUST NOT 5. Within a given DODAG, a node that is a not a root MUST NOT
advertise a DODAGVersionNumber higher than the highest advertise a DODAGVersionNumber higher than the highest
DODAGVersionNumber it has heard. Higher is defined as the DODAGVersionNumber it has heard. Higher is defined as the
greater-than operator in Section 6. greater-than operator in Section 7.
6. Once a node has advertised a DODAG version by sending a DIO, it 6. Once a node has advertised a DODAG Version by sending a DIO, it
MUST NOT be member of a previous DODAG version of the same DODAG MUST NOT be a member of a previous DODAG Version of the same
(i.e. with the same RPLInstanceID, the same DODAGID, and a lower DODAG (i.e. with the same RPLInstanceID, the same DODAGID, and a
DODAGVersionNumber). Lower is defined as the less-than operator lower DODAGVersionNumber). Lower is defined as the less-than
in Section 6. operator in Section 7.
When the DODAG parent set becomes empty on a node that is not a root, When the DODAG parent set becomes empty on a node that is not a root,
(i.e. the last parent has been removed, causing the node to no longer (i.e. the last parent has been removed, causing the node to no longer
be associated with that DODAG), then the DODAG information should not be associated with that DODAG), then the DODAG information should not
be suppressed until after the expiration of an implementation- be suppressed until after the expiration of an implementation-
specific local timer in order to observe if the DODAGVersionNumber specific local timer in order to observe if the DODAGVersionNumber
has been incremented, should any new parents appear for the DODAG. has been incremented, should any new parents appear for the DODAG.
This will help protect against the possibility of loops that may This will help protect against the possibility of loops that may
occur of that node were to inadvertently rejoin the old DODAG version occur if that node were to inadvertently rejoin the old DODAG Version
in its own prior sub-DODAG. in its own prior sub-DODAG.
As the DODAGVersionNumber is incremented, a new DODAG Version spreads As the DODAGVersionNumber is incremented, a new DODAG Version spreads
outward from the DODAG root. A parent that advertises the new outward from the DODAG root. A parent that advertises the new
DODAGVersionNumber cannot belong to the sub-DODAG of a node DODAGVersionNumber cannot belong to the sub-DODAG of a node
advertising an older DODAGVersionNumber. Therefore a node can safely advertising an older DODAGVersionNumber. Therefore a node can safely
add a parent of any Rank with a newer DODAGVersionNumber without add a parent of any Rank with a newer DODAGVersionNumber without
forming a loop. forming a loop.
For example, suppose that a node has left a DODAG with
DODAGVersionNumber N. Suppose that node had a sub-DODAG, and did
attempt to poison that sub-DODAG by advertising a rank of
INFINITE_RANK, but those advertisements may have become lost in the
LLN. Then, if the node did observe a candidate neighbor advertising
a position in that original DODAG at DODAGVersionNumber N, that
candidate neighbor could possibly have been in the node's former sub-
DODAG and there is a possible case where to add that candidate
neighbor as a parent could cause a loop. If that candidate neighbor
in this case is observed to advertise a DODAGVersionNumber N+1, then
that candidate neighbor is certain to be safe, since it is certain
not to be in that original node's sub-DODAG as it has been able to
increment the DODAGVersionNumber by hearing from the DODAG root while
that original node was detached. It is for this reason that it is
useful for the detached node to remember the original DODAG
information, including the DODAGVersionNumber N.
Exactly when a DODAG Root increments the DODAGVersionNumber is Exactly when a DODAG Root increments the DODAGVersionNumber is
implementation and application-dependent and outside the scope of implementation and application-dependent and outside the scope of
this document. Examples include incrementing the DODAGVersionNumber this document. Examples include incrementing the DODAGVersionNumber
periodically, upon administrative intervention, or on application- periodically, upon administrative intervention, or on application-
level detection of lost connectivity or DODAG inefficiency. level detection of lost connectivity or DODAG inefficiency.
After a node transitions to and advertises a new DODAG Version, the After a node transitions to and advertises a new DODAG Version, the
rules above make it unable to advertise the previous DODAG Version rules above make it unable to advertise the previous DODAG Version
(prior DODAGVersionNumber) once it has committed to advertising the (prior DODAGVersionNumber) once it has committed to advertising the
new DODAG Version. new DODAG Version.
7.2.2.2. DODAG Roots 8.2.2.2. DODAG Roots
1. A DODAG root without possibility to satisfy the application- 1. A DODAG root without possibility to satisfy the application-
defined goal MUST NOT set the Grounded bit. defined goal MUST NOT set the Grounded bit.
2. A DODAG root MUST advertise a rank of ROOT_RANK. 2. A DODAG root MUST advertise a rank of ROOT_RANK.
3. A node whose DODAG parent set is empty MAY become the DODAG Root 3. A node whose DODAG parent set is empty MAY become the DODAG Root
of a floating DODAG. It MAY also set its DAGPreference such that of a floating DODAG. It MAY also set its DAGPreference such that
it is less preferred. it is less preferred.
In a deployment that uses a backbone link to federate a number of LLN In a deployment that uses non-RPL links to federate a number of LLN
roots, it is possible to run RPL over that backbone and use one roots, it is possible to run RPL over those non-RPL links and use one
router as a "backbone root". The backbone root is the virtual root router as a "backbone root". The backbone root is the virtual root
of the DODAG, and exposes a rank of BASE_RANK over the backbone. All of the DODAG, and exposes a rank of BASE_RANK over the backbone. All
the LLN roots that are parented to that backbone root, including the the LLN roots that are parented to that backbone root, including the
backbone root if it also serves as LLN root itself, expose a rank of backbone root if it also serves as LLN root itself, expose a rank of
ROOT_RANK to the LLN. These virtual roots are part of the same DODAG ROOT_RANK to the LLN. These virtual roots are part of the same DODAG
and advertise the same DODAGID. They coordinate DODAGVersionNumbers and advertise the same DODAGID. They coordinate DODAGVersionNumbers
and other DODAG parameters with the virtual root over the backbone. and other DODAG parameters with the virtual root over the backbone.
The method of coordination is outside the scope of this
specification.
7.2.2.3. DODAG Selection 8.2.2.3. DODAG Selection
The objective function of a DAG determines how a node selects its The objective function and the set of advertised routing metrics and
neighbor set, parent set, and preferred parents. This selection constraints of a DAG determines how a node selects its neighbor set,
implicitly also decides the DODAG within a DAG. Such selection can parent set, and preferred parents. This selection implicitly also
include administrative preference (Prf) as well as metrics or other determines the DODAG within a DAG. Such selection can include
administrative preference (Prf) as well as metrics or other
considerations. considerations.
If a node has the option to join a more preferred DODAG while still If a node has the option to join a more preferred DODAG while still
meeting other optimization objectives, then the node will generally meeting other optimization objectives, then the node will generally
seek to join the more preferred DODAG as determined by the OF. All seek to join the more preferred DODAG as determined by the OF. All
else being equal, it is left to the implementation to determine which else being equal, it is left to the implementation to determine which
DODAG is most preferred. DODAG is most preferred (since, as a reminder, a node must only join
one DODAG per RPL Instance).
7.2.2.4. Rank and Movement within a DODAG Version 8.2.2.4. Rank and Movement within a DODAG Version
1. A node MUST NOT advertise a Rank less than or equal to any member 1. A node MUST NOT advertise a Rank less than or equal to any member
of its parent set within the DODAG Version. of its parent set within the DODAG Version.
2. A node MAY advertise a Rank lower than its prior advertisement 2. A node MAY advertise a Rank lower than its prior advertisement
within the DODAG Version. within the DODAG Version.
3. Let L be the lowest rank within a DODAG version that a given node 3. Let L be the lowest rank within a DODAG Version that a given node
has advertised. Within the same DODAG Version, that node MUST has advertised. Within the same DODAG Version, that node MUST
NOT advertise an effective rank higher than L + NOT advertise an effective rank higher than L +
DAGMaxRankIncrease. INFINITE_RANK is an exception to this rule: DAGMaxRankIncrease. INFINITE_RANK is an exception to this rule:
a node MAY advertise an INFINITE_RANK within a DODAG version a node MAY advertise an INFINITE_RANK within a DODAG version
without restriction. If a node's Rank would be higher than without restriction. If a node's Rank were to be higher than
allowed by L + DAGMaxRankIncrease, when it advertises Rank it allowed by L + DAGMaxRankIncrease, when it advertises Rank it
MUST advertise its Rank as INFINITE_RANK. MUST advertise its Rank as INFINITE_RANK.
4. A node MAY, at any time, choose to join a different DODAG within 4. A node MAY, at any time, choose to join a different DODAG within
a RPL Instance. Such a join has no rank restrictions, unless a RPL Instance. Such a join has no rank restrictions, unless
that different DODAG is a DODAG Version of which this node has that different DODAG is a DODAG Version of which this node has
previously been a member, in which case the rule of the previous previously been a member, in which case the rule of the previous
bullet (3) must be observed. Until a node transmits a DIO bullet (3) must be observed. Until a node transmits a DIO
indicating its new DODAG membership, it MUST forward packets indicating its new DODAG membership, it MUST forward packets
along the previous DODAG. along the previous DODAG.
5. A node MAY, at any time after hearing the next DODAGVersionNumber 5. A node MAY, at any time after hearing the next DODAGVersionNumber
advertised from suitable DODAG parents, choose to migrate to the advertised from suitable DODAG parents, choose to migrate to the
next DODAG Version within the DODAG. next DODAG Version within the DODAG.
Conceptually, an implementation is maintaining a DODAG parent set Conceptually, an implementation is maintaining a DODAG parent set
within the DODAG Version. Movement entails changes to the DODAG within the DODAG Version. Movement entails changes to the DODAG
parent set. Moving up does not present the risk to create a loop but parent set. Moving Up does not present the risk to create a loop but
moving down might, so that operation is subject to additional moving Down might, so that operation is subject to additional
constraints. constraints.
When a node migrates to the next DODAG Version, the DODAG parent set When a node migrates to the next DODAG Version, the DODAG parent set
needs to be rebuilt for the new version. An implementation could needs to be rebuilt for the new Version. An implementation could
defer to migrate for some reasonable amount of time, to see if some defer to migrate for some reasonable amount of time, to see if some
other neighbors with potentially better metrics but higher rank other neighbors with potentially better metrics but higher rank
announce themselves. Similarly, when a node jumps into a new DODAG announce themselves. Similarly, when a node jumps into a new DODAG
it needs to construct new a DODAG parent set for this new DODAG. it needs to construct a new DODAG parent set for this new DODAG.
If a node needs to move down a DODAG that it is attached to, If a node needs to move Down a DODAG that it is attached to,
increasing its Rank, then it MAY poison its routes and delay before increasing its Rank, then it MAY poison its routes and delay before
moving as described in Section 7.2.2.5. moving as described in Section 8.2.2.5.
7.2.2.5. Poisoning A node is allowed to join any DODAG Version that it has never been a
prior member of without any restrictions, but if the node has been a
prior member of the DODAG Version then it must continue to observe
the rule that it may not advertise an effective rank higher than
L+DAGMaxRankIncrease at any point in the life of the DODAG Version.
This rule must be observed so as not to create a loophole that would
allow the node to effectively increment its rank all the way to
INFINITE_RANK, which may have impact on other nodes and create a
resource-wasting count-to-infinity scenario.
8.2.2.5. Poisoning
1. A node poisons routes by advertising a Rank of INFINITE_RANK. 1. A node poisons routes by advertising a Rank of INFINITE_RANK.
2. A node MUST NOT have any nodes with a Rank of INFINITE_RANK in 2. A node MUST NOT have any nodes with a Rank of INFINITE_RANK in
its parent set. its parent set.
Although an implementation may advertise INFINITE_RANK for the Although an implementation may advertise INFINITE_RANK for the
purposes of poisoning, doing so is not the same as setting Rank to purposes of poisoning, doing so is not the same as setting Rank to
INFINITE_RANK. For example, a node may continue to send data packets INFINITE_RANK. For example, a node may continue to send data packets
whose meta-data include a Rank that is not INFINITE_RANK yet still whose RPL option ([I-D.ietf-6man-rpl-option]) includes a Rank that is
advertise INFINITE_RANK in its DIOs. not INFINITE_RANK, yet still advertise INFINITE_RANK in its DIOs.
7.2.2.6. Detaching When a (former) parent is observed to advertise a Rank of
INFINITE_RANK, that (former) parent has detached from the DODAG and
is no longer able to act as a parent, nor is there any why that
another node may be considered to have a Rank greater-than
INFINITE_RANK. Therefore that (former) parent cannot act as a parent
any longer and is removed from the parent set.
8.2.2.6. Detaching
1. A node unable to stay connected to a DODAG within a given DODAG 1. A node unable to stay connected to a DODAG within a given DODAG
version MAY detach from this DODAG version. A node that detaches Version, i.e. that cannot retain non-empty parent set without
becomes root of its own floating DODAG and SHOULD immediately violating the rules of this specification, MAY detach from this
advertise this new situation in a DIO as an alternate to DODAG Version. A node that detaches becomes root of its own
poisoning. floating DODAG and SHOULD immediately advertise this new
situation in a DIO as an alternate to poisoning.
7.2.2.7. Following a Parent 8.2.2.7. Following a Parent
1. If a node receives a DIO from one of its DODAG parents, 1. If a node receives a DIO from one of its DODAG parents,
indicating that the parent has left the DODAG, that node SHOULD indicating that the parent has left the DODAG, that node SHOULD
stay in its current DODAG through an alternative DODAG parent, if stay in its current DODAG through an alternative DODAG parent, if
possible. It MAY follow the leaving parent. possible. It MAY follow the leaving parent.
A DODAG parent may have moved, migrated to the next DODAG Version, or A DODAG parent may have moved, migrated to the next DODAG Version, or
jumped to a different DODAG. A node should give some preference to jumped to a different DODAG. A node ought to give some preference to
remaining in the current DODAG, if possible via an alternate parent, remaining in the current DODAG, if possible via an alternate parent,
but ought to follow the parent if there are no other options. but ought to follow the parent if there are no other options.
7.2.3. DIO Message Communication 8.2.3. DIO Message Communication
When an DIO message is received, the receiving node must first When an DIO message is received, the receiving node must first
determine whether or not the DIO message should be accepted for determine whether or not the DIO message should be accepted for
further processing, and subsequently present the DIO message for further processing, and subsequently present the DIO message for
further processing if eligible. further processing if eligible.
1. If the DIO message is malformed, then the DIO message is not 1. If the DIO message is malformed, then the DIO message is not
eligible for further processing and a node MUST silently discard eligible for further processing and a node MUST silently discard
it. it. (See Section 17 for error logging).
2. If the sender of the DIO message is a member of the candidate 2. If the sender of the DIO message is a member of the candidate
neighbor set and the DIO message is not malformed, the node MUST neighbor set and the DIO message is not malformed, the node MUST
process the DIO. process the DIO.
7.2.3.1. DIO Message Processing 8.2.3.1. DIO Message Processing
As DIO messages are received from candidate neighbors, the neighbors As DIO messages are received from candidate neighbors, the neighbors
may be promoted to DODAG parents by following the rules of DODAG may be promoted to DODAG parents by following the rules of DODAG
discovery as described in Section 7.2. When a node places a neighbor discovery as described in Section 8.2. When a node places a neighbor
into the DODAG parent set, the node becomes attached to the DODAG into the DODAG parent set, the node becomes attached to the DODAG
through the new DODAG parent node. through the new DODAG parent node.
The most preferred parent should be used to restrict which other The most preferred parent should be used to restrict which other
nodes may become DODAG parents. Some nodes in the DODAG parent set nodes may become DODAG parents. Some nodes in the DODAG parent set
may be of a rank less than or equal to the most preferred DODAG may be of a rank less than or equal to the most preferred DODAG
parent. (This case may occur, for example, if an energy constrained parent. (This case may occur, for example, if an energy constrained
device is at a lesser rank but should be avoided as per an device is at a lesser rank but should be avoided as per an
optimization objective, resulting in a more preferred parent at a optimization objective, resulting in a more preferred parent at a
greater rank). greater rank).
7.3. DIO Transmission 8.3. DIO Transmission
RPL nodes transmit DIOs using a Trickle timer RPL nodes transmit DIOs using a Trickle timer
([I-D.ietf-roll-trickle]). A DIO from a sender with a lower DAGRank ([I-D.ietf-roll-trickle]). A DIO from a sender with a lesser DAGRank
that causes no changes to the recipient's parent set, preferred that causes no changes to the recipient's parent set, preferred
parent, or Rank SHOULD be considered consistent with respect to the parent, or Rank SHOULD be considered consistent with respect to the
Trickle timer. Trickle timer.
The following packets and events MUST be considered inconsistencies The following packets and events MUST be considered inconsistencies
with respect to the Trickle timer, and cause the Trickle timer to with respect to the Trickle timer, and cause the Trickle timer to
reset: reset:
o When a node detects an inconsistency when forwarding a packet, as o When a node detects an inconsistency when forwarding a packet, as
detailed in Section 10.2. detailed in Section 11.2.
o When a node receives a multicast DIS message without a Solicited o When a node receives a multicast DIS message without a Solicited
Information option. Information option, unless a DIS flag restricts this behavior.
o When a node receives a multicast DIS with a Solicited Information o When a node receives a multicast DIS with a Solicited Information
option and the node matches all of the predicates in the Solicited option and the node matches all of the predicates in the Solicited
Information option. Information option, unless a DIS flag restricts this behavior.
o When a node joins a new DODAG Version (e.g. by updating its o When a node joins a new DODAG Version (e.g. by updating its
DODAGVersionNumber, joining a new RPL Instance, etc.) DODAGVersionNumber, joining a new RPL Instance, etc.).
Note that this list is not exhaustive, and an implementation MAY Note that this list is not exhaustive, and an implementation MAY
consider other messages or events to be inconsistencies. consider other messages or events to be inconsistencies.
A node SHOULD NOT reset its DIO trickle timer in response to unicast A node SHOULD NOT reset its DIO trickle timer in response to unicast
DIS messages. When a node receives a unicast DIS without a Solicited DIS messages. When a node receives a unicast DIS without a Solicited
Information option, it MUST unicast a DIO to the sender in response. Information option, it MUST unicast a DIO to the sender in response.
This DIO MUST include a DODAG Configuration option. When a node This DIO MUST include a DODAG Configuration option. When a node
receives a unicast DIS message with a Solicited Information option, receives a unicast DIS message with a Solicited Information option
if it satisfies the predicates of the Solicited Information option it and matches the predicates of that Solicited Information option, it
MUST unicast a DIO to the sender in response. This unicast DIO MUST MUST unicast a DIO to the sender in response. This unicast DIO MUST
include a DODAG Configuration Option. Thus a node may transmit a include a DODAG Configuration Option. Thus a node MAY transmit a
unicast DIS message to a potential DODAG parent in order to probe for unicast DIS message to a potential DODAG parent in order to probe for
DODAG Configuration and other parameters. DODAG Configuration and other parameters.
7.3.1. Trickle Parameters 8.3.1. Trickle Parameters
The configuration parameters of the trickle timer are specified as The configuration parameters of the trickle timer are specified as
follows: follows:
Imin: learned from the DIO message as (2^DIOIntervalMin)ms. The Imin: learned from the DIO message as (2^DIOIntervalMin)ms. The
default value of DIOIntervalMin is DEFAULT_DIO_INTERVAL_MIN. default value of DIOIntervalMin is DEFAULT_DIO_INTERVAL_MIN.
Imax: learned from the DIO message as DIOIntervalDoublings. The Imax: learned from the DIO message as DIOIntervalDoublings. The
default value of DIOIntervalDoublings is default value of DIOIntervalDoublings is
DEFAULT_DIO_INTERVAL_DOUBLINGS. DEFAULT_DIO_INTERVAL_DOUBLINGS.
k: learned from the DIO message as DIORedundancyConstant. The k: learned from the DIO message as DIORedundancyConstant. The
default value of DIORedundancyConstant is default value of DIORedundancyConstant is
DEFAULT_DIO_REDUNDANCY_CONSTANT. In RPL, when k has the value DEFAULT_DIO_REDUNDANCY_CONSTANT. In RPL, when k has the value
of 0x00 this is to be treated as a redundancy constant of of 0x00 this is to be treated as a redundancy constant of
infinity in RPL, i.e. Trickle never suppresses messages. infinity in RPL, i.e. Trickle never suppresses messages.
7.4. DODAG Selection 8.4. DODAG Selection
The DODAG selection is implementation and OF dependent. Nodes SHOULD The DODAG selection is implementation and OF dependent. In order to
prefer to join DODAGs for RPLInstanceIDs advertising OCPs and limit erratic movements, and all metrics being equal, nodes SHOULD
destinations compatible with their implementation specific keep their previous selection. Also, nodes SHOULD provide a means to
objectives. In order to limit erratic movements, and all metrics filter out a parent whose availability is detected as fluctuating, at
being equal, nodes SHOULD keep their previous selection. Also, nodes least when more stable choices are available.
SHOULD provide a means to filter out a parent whose availability is
detected as fluctuating, at least when more stable choices are
available.
When connection to a grounded DODAG is not possible or preferable for When connection to a grounded DODAG is not possible or preferable for
security or other reasons, scattered DODAGs MAY aggregate as much as security or other reasons, scattered DODAGs MAY aggregate as much as
possible into larger DODAGs in order to allow connectivity within the possible into larger DODAGs in order to allow connectivity within the
LLN. LLN.
A node SHOULD verify that bidirectional connectivity and adequate A node SHOULD verify that bidirectional connectivity and adequate
link quality is available with a candidate neighbor before it link quality is available with a candidate neighbor before it
considers that candidate as a DODAG parent. considers that candidate as a DODAG parent.
7.5. Operation as a Leaf Node 8.5. Operation as a Leaf Node
In some cases a RPL node may attach to a DODAG as a leaf node only. In some cases a RPL node may attach to a DODAG as a leaf node only.
One example of such a case is when a node does not understand the RPL One example of such a case is when a node does not understand or does
Instance's OF or advertised metric/constraint. As specified in not support (policy) the RPL Instance's OF or advertised metric/
Section 16.6 related to policy function, the node may either join the constraint. As specified in Section 17.6 related to policy function,
DODAG as a leaf node or may not join the DODAG. As mentioned in the node may either join the DODAG as a leaf node or may not join the
Section 16.5, it is then recommended to log a fault. DODAG. As mentioned in Section 17.5, it is then recommended to log a
fault.
A leaf node does not extend DODAG connectivity but in some cases the A leaf node does not extend DODAG connectivity but in some cases the
leaf node may still need to transmit DIOs on occasion, in particular leaf node may still need to transmit DIOs on occasion, in particular
when the leaf node may not have always been acting as a leaf node and when the leaf node may not have always been acting as a leaf node and
an inconsistency is detected. an inconsistency is detected.
A node operating as a leaf node must obey the following rules: A node operating as a leaf node must obey the following rules:
1. It MUST NOT transmit DIOs containing the DAG Metric Container. 1. It MUST NOT transmit DIOs containing the DAG Metric Container.
2. Its DIOs MUST advertise a DAGRank of INFINITE_RANK. 2. Its DIOs MUST advertise a DAGRank of INFINITE_RANK.
3. It MAY suppress DIO transmission, except DIO transmission MUST 3. It MAY suppress DIO transmission, unless the DIO transmission has
NOT be suppressed when DIO transmission has been triggered due to been triggered due to detection of inconsistency when a packet is
detection of inconsistency when a packet is being forwarded or in being forwarded or in response to a unicast DIS message, in which
response to a unicast DIS message. case the DIO transmission MUST NOT be suppressed.
4. It MAY transmit unicast DAOs as described in Section 8.2. 4. It MAY transmit unicast DAOs as described in Section 9.2.
5. It MAY transmit multicast DAOs to the '1 hop' neighborhood as 5. It MAY transmit multicast DAOs to the '1 hop' neighborhood as
described in Section 8.10. described in Section 9.10.
A particular case that requires a leaf node to send a DIO is if that A particular case that requires a leaf node to send a DIO is if that
leaf node was a prior member of another DODAG and another node leaf node was a prior member of another DODAG and another node
forwards a message assuming the old topology, triggering an forwards a message assuming the old topology, triggering an
inconsistency. The leaf node needs to transmit a DIO in order to inconsistency. The leaf node needs to transmit a DIO in order to
repair the inconsistency. Note that due to the lossy nature of LLNs, repair the inconsistency. Note that due to the lossy nature of LLNs,
even though the leaf node may have optimistically poisoned its routes even though the leaf node may have optimistically poisoned its routes
by advertising a rank of INFINITE_RANK in the old DODAG prior to by advertising a rank of INFINITE_RANK in the old DODAG prior to
becoming a leaf node, that advertisement may have become lost and a becoming a leaf node, that advertisement may have become lost and a
leaf node must be capable to send a DIO later in order to repair the leaf node must be capable to send a DIO later in order to repair the
inconsistency. inconsistency.
In general it is not expected that such a leaf node would advertise In the general case, the leaf node MUST NOT advertise itself as a
itself as a router. router (i.e. send DIOs).
7.6. Administrative Rank 8.6. Administrative Rank
In some cases it might be beneficial to adjust the rank advertised by In some cases it might be beneficial to adjust the rank advertised by
a node beyond that computed by the OF based on some implementation a node beyond that computed by the OF based on some implementation
specific policy and properties of the node. For example, a node that specific policy and properties of the node. For example, a node that
has limited battery should be a leaf unless there is no other choice, has limited battery should be a leaf unless there is no other choice,
and may then augment the rank computation specified by the OF in and may then augment the rank computation specified by the OF in
order to expose an exaggerated rank. order to expose an exaggerated rank.
8. Downward Routes 9. Downward Routes
This section describes how RPL discovers and maintains downward This section describes how RPL discovers and maintains downward
routes. RPL constructs and maintains downward routes with routes. RPL constructs and maintains downward routes with
Destination Advertisement Object (DAO) messages. Downward routes Destination Advertisement Object (DAO) messages. Downward routes
support of P2MP flows, from the DODAG roots toward the leaves. support P2MP flows, from the DODAG roots toward the leaves. Downward
Downward routes also support P2P flows: P2P messages can flow to a routes also support P2P flows: P2P messages can flow toward a DODAG
DODAG Root through an upward route, then away from the DODAG Root to Root (or a common ancestor) through an upward route, then away from
a destination through a downward route. the DODAG Root to a destination through a downward route.
This specification describes the two modes a RPL Instance may choose This specification describes the two modes a RPL Instance may choose
from for maintaining downward routes. In the first mode, call from for maintaining downward routes. In the first mode, called
"storing," nodes store downward routing tables for their sub-DODAG. "storing", nodes store downward routing tables for their sub-DODAG.
Each hop on a downward route in a storing network examines its Each hop on a downward route in a storing network examines its
routing table to decide on the next hop. In the second mode, called routing table to decide on the next hop. In the second mode, called
"non-storing," nodes do not store downward routing tables. Downward "non-storing", nodes do not store downward routing tables. Downward
packets are routed with source routes populated by a DODAG Root. packets are routed with source routes populated by a DODAG Root
[I-D.ietf-6man-rpl-routing-header].
RPL allows a simple one-hop P2P optimization for both storing and RPL allows a simple one-hop P2P optimization for both storing and
non-storing networks. A node may send a P2P packet destined to a non-storing networks. A node may send a P2P packet destined to a
one-hop neighbor directly to that node. one-hop neighbor directly to that node.
8.1. Destination Advertisement Parents 9.1. Destination Advertisement Parents
To establish downward routes, RPL nodes send DAO messages upwards. To establish downward routes, RPL nodes send DAO messages upwards.
The next hop destinations of these DAO messages are called DAO The next hop destinations of these DAO messages are called DAO
parents. The collection of a node's DAO parents is called the DAO parents. The collection of a node's DAO parents is called the DAO
parent set. parent set.
o A node's DAO parent set MUST be a subset of its DODAG parent set. 1. A node's DAO parent set MUST be a subset of its DODAG parent set.
o A node MUST NOT unicast DAOs to nodes that are not DAO parents. 2. In storing mode operation, a node MUST NOT address unicast DAO
messages to nodes that are not DAO parents.
o A node MAY link-local multicast DAO messages. 3. In non-storing mode operation, a node MUST NOT address unicast
DAO messages to nodes that are not DODAG roots.
o The IPv6 Source Address of a DAO message MUST be the link local 4. A node MUST NOT forward unicast DAO messages to nodes that are
address of the sending node. not DAO parents.
o If a node sends a DAO to one DAO parent, it MUST send a DAO with 5. A node MAY send DAO messages using the all-RPL-nodes multicast
the same DAOSequence to all other DAO parents. address, which is an optimization to provision on-hop routing.
The 'K' bit MUST be cleared on transmission of the multicast DAO.
6. The IPv6 Source Address of a DAO message MUST be the link local
address of the sending node.
The selection of DAO parents is implementation and objective function The selection of DAO parents is implementation and objective function
specific. specific.
8.2. Downward Route Discovery and Maintenance 9.2. Downward Route Discovery and Maintenance
Destination Advertisement may be configured to be entirely disabled, Destination Advertisement may be configured to be entirely disabled,
or operate in either a storing or non-storing mode, as reported in or operate in either a storing or non-storing mode, as reported in
the MOP in the DIO message. the MOP in the DIO message.
1. All nodes who join a DODAG MUST abide by the MOP setting from the 1. All nodes who join a DODAG MUST abide by the MOP setting from the
root. Nodes that do not have the capability to fully participate root. Nodes that do not have the capability to fully participate
as a router MAY join the DODAG as a leaf. as a router, e.g. that does not match the advertised MOP, MAY
join the DODAG as a leaf.
2. If the MOP is 000, indicating no downward routing, nodes MUST NOT 2. If the MOP is 000, indicating no downward routing, nodes MUST NOT
transmit DAO messages, and MAY ignore DAO messages. transmit DAO messages, and MAY ignore DAO messages.
3. In non-storing mode, the DODAG Root MUST store source routing 3. In non-storing mode, the DODAG Root SHOULD store source routing
table entries for all destinations learned from DAOs. table entries for destinations learned from DAOs.
4. In storing mode, all non-root, non-leaf nodes MUST store routing 4. In storing mode, all non-root, non-leaf nodes MUST store routing
table entries for all destinations learned from DAOs. table entries for destinations learned from DAOs.
A DODAG can have one of several possible modes of operation, as A DODAG can have one of several possible modes of operation, as
defined by the MOP field. Either it does not support downward defined by the MOP field. Either it does not support downward
routes, it supports downward routes through source routing from DODAG routes, it supports downward routes through source routing from DODAG
Roots, or it supports downward routes through in-network routing Roots, or it supports downward routes through in-network routing
tables. When downward routes are supported through in-network tables. When downward routes are supported through in-network
routing tables, the multicast operation defined in this specification routing tables, the multicast operation defined in this specification
may or may not be supported, also as indicated by the MOP field. As may or may not be supported, also as indicated by the MOP field. As
of this specification RPL does not support mixed-mode operation, of this specification RPL does not support mixed-mode operation,
where some nodes source route and other store routing tables: future where some nodes source route and other store routing tables: future
extensions to RPL may support this mode of operation. extensions to RPL may support this mode of operation.
8.3. DAO Base Rules 9.2.1. Maintenance of Path Sequence
1. Each time a node generates a new DAO, the DAOSequence field MUST For each Target that is associated with (owned by) a node, that node
increment by at least one since the last generated DAO. is responsible to emit DAO messages in order to provision the
downward routes. The Target+Transit information contained in those
DAO messages subsequently propagates Up the DODAG. The Path Sequence
counter in the Transit information option is used to indicate
freshness and update stale downward routing information as described
in Section 7.
2. Each time a node link-local multicasts a DAO, the DAOSequence For a Target that is associated with (owned by) a node, that node
field MUST increment by one since the last link local multicast MUST increment the Path Sequence counter, and generate a new DAO
DAO. message, when:
3. The RPLInstanceID and DODAGID fields of a DAO MUST be the same 1. The Path Lifetime is to be updated (e.g. a refresh or a no-Path)
value as the members of the node's parent set and the DIOs it
transmits.
4. A node MAY set the K flag in a unicast DAO message to solicit a 2. The Parent Address list is to be changed
unicast DAO-ACK in response in order to confirm the attempt. A
node receiving a unicast DAO message with the K flag set SHOULD
respond with a DAO-ACK. A node receiving a DAO message without
the K flag set MAY respond with a DAO-ACK, especially to report
an error condition.
5. Nodes SHOULD ignore DAOs without newer sequence numbers and MUST For a Target that is associated with (owned by) a node, that node MAY
increment the Path Sequence counter, and generate a new DAO message,
on occasion in order to refresh the downward routing information. In
storing mode, the node generates such DAO to each of its DAO parents
in order to enable multipath. All DAOs generated at the same time
for a same target MUST be sent with the same path sequence in the
transit information.
9.2.2. Generation of DAO Messages
A node might send DAO messages when it receives DAO messages, as a
result of changes in its DAO parent set, or in response to another
event such as the expiry of a related prefix lifetime. In the case
of receiving DAOs, it matters whether the DAO message is "new," or
contains new information. In non-storing mode, every DAO message a
node receives is "new." In storing mode, a DAO message is "new" if
it satisfies any of these criteria for a contained Target:
1. it has a newer Path Sequence number,
2. it has additional Path Control bits, or
3. is a No-Path DAO message that removes the last downward route to
a prefix.
A node that receives a DAO message from its sub-DODAG MAY suppress
scheduling a DAO message transmission if that DAO message is not new.
9.3. DAO Base Rules
1. If a node sends a DAO message with newer or different information
than the prior DAO message transmission, it MUST increment the
DAOSequence field by at least one. A DAO message transmission
that is identical to the prior DAO message transmission MAY
increment the DAOSequence field.
2. The RPLInstanceID and DODAGID fields of a DAO message MUST be the
same value as the members of the node's parent set and the DIOs
it transmits.
3. A node MAY set the 'K' flag in a unicast DAO message to solicit a
unicast DAO-ACK in response in order to confirm the attempt.
4. A node receiving a unicast DAO message with the 'K' flag set
SHOULD respond with a DAO-ACK. A node receiving a DAO message
without the 'K' flag set MAY respond with a DAO-ACK, especially
to report an error condition.
5. A node that sets the 'K' flag in a unicast DAO message but does
not receive a DAO-ACK in response MAY reschedule the DAO message
transmission for another attempt, up until an implementation-
specific number of retries.
6. Nodes SHOULD ignore DAOs without newer sequence numbers and MUST
NOT process them further. NOT process them further.
Unlike the Version field of a DIO, which is incremented only by a Unlike the Version field of a DIO, which is incremented only by a
DODAG Root and repeated unchanged by other nodes, DAOSequence values DODAG Root and repeated unchanged by other nodes, DAOSequence values
are unique to each node. The sequence number space for unicast and are unique to each node. The sequence number space for unicast and
multicast DAO messages can be either the same or distinct. multicast DAO messages can be either the same or distinct. It is
RECOMMENDED to use the same sequence number space.
8.4. DAO Transmission Scheduling 9.4. DAO Transmission Scheduling
Because DAOs flow upwards, receiving a unicast DAO can trigger Because DAOs flow upwards, receiving a unicast DAO can trigger
sending a unicast DAO. sending a unicast DAO to a DAO parent.
1. On receiving a unicast DAO with a new DAOSequence, a node SHOULD 1. On receiving a unicast DAO message with updated information, such
send a DAO. It SHOULD NOT send this DAO immediately. It SHOULD as containing a Transit Information option with a new Path
delay sending the DAO in order to aggregate DAO information from Sequence, a node SHOULD send a DAO. It SHOULD NOT send this DAO
other nodes for which it is a DAO parent. message immediately. It SHOULD delay sending the DAO message in
order to aggregate DAO information from other nodes for which it
is a DAO parent.
2. A node SHOULD delay sending a DAO with a timer (DelayDAO). 2. A node SHOULD delay sending a DAO message with a timer
Receiving a DAO starts the DelayDAO timer. DAOs received while (DelayDAO). Receiving a DAO message starts the DelayDAO timer.
the DelayDAO timer is active do not reset the timer. When the DAO messages received while the DelayDAO timer is active do not
DelayDAO timer expires, the node sends a DAO. reset the timer. When the DelayDAO timer expires, the node sends
a DAO.
3. When a node adds a node to its DAO parent set, it SHOULD schedule 3. When a node adds a node to its DAO parent set, it SHOULD schedule
a DAO transmission. a DAO message transmission.
DelayDAO's value and calculation is implementation-dependent. DelayDAO's value and calculation is implementation-dependent.
8.5. Triggering DAO Messages 9.5. Triggering DAO Messages
Nodes can trigger their sub-DODAG to send DAO messages. Each node Nodes can trigger their sub-DODAG to send DAO messages. Each node
maintains a DAO Trigger Sequence Number (DTSN), which it communicates maintains a DAO Trigger Sequence Number (DTSN), which it communicates
through DIO messages. through DIO messages.
1. If a node hears one of its DAO parents increment its DTSN, the 1. If a node hears one of its DAO parents increment its DTSN, the
node MUST schedule a DAO transmission using rules in Section 8.3 node MUST schedule a DAO message transmission using rules in
and Section 8.4. Section 9.3 and Section 9.4.
2. In non-storing mode, if a node hears one of its DAO parents 2. In non-storing mode, if a node hears one of its DAO parents
increment its DTSN, the node MUST increment its own DTSN. increment its DTSN, the node MUST increment its own DTSN.
In a storing mode of operation, a storing node MAY increment DTSN in In a storing mode of operation, as part of routine routing table
order to reliably trigger a set of DAO updates from its immediate updates and maintenance, a storing node MAY increment DTSN in order
children, as part of routine routing table updates and maintenance. to reliably trigger a set of DAO updates from its immediate children.
In a storing mode of operation it is not necessary to trigger DAO In a storing mode of operation it is not necessary to trigger DAO
updates from the entire sub-DODAG, since that state information will updates from the entire sub-DODAG, since that state information will
percolate hop-by-hop up the DODAG in the storing mode of operation. propagate hop-by-hop Up the DODAG.
In a non-storing mode of operation, a DTSN increment will also cause In a non-storing mode of operation, a DTSN increment will also cause
the immediate children of a node to increment their DTSN in turn, the immediate children of a node to increment their DTSN in turn,
triggering a set of DAO updates from the entire sub-DODAG. In a non- triggering a set of DAO updates from the entire sub-DODAG. In a non-
storing mode of operation typically only the root would independently storing mode of operation typically only the root would independently
increment the DTSN when a DAO refresh is needed but a global repair increment the DTSN when a DAO refresh is needed but a global repair
(such as by incrementing DODAGVersionNumber) is not desired. In a (such as by incrementing DODAGVersionNumber) is not desired. In a
non-storing mode of operation typically all non-root nodes would only non-storing mode of operation typically all non-root nodes would
increment their DTSN when their parent(s) are observed to do so. increment their DTSN only when their parent(s) are observed to do so.
In the general, a node may trigger DAO updates according to
implementation specific logic, such as based on the detection of a
downward route inconsistency or occasionally based upon an internal
timer.
In the case of triggered DAOs, selecting a proper DAODelay can In the case of triggered DAOs, selecting a proper DAODelay can
greatly reduce the number of DAOs transmitted. The trigger flows greatly reduce the number of DAOs transmitted. The trigger flows
down the DODAG; in the best case the DAOs flow up the DODAG such that Down the DODAG; in the best case the DAOs flow Up the DODAG such that
leaves send DAOs first, with each node sending a DAO only once. Such leaves send DAOs first, with each node sending a DAO message only
a scheduling could be approximated by setting DAODelay inversely once. Such a scheduling could be approximated by setting DAODelay
proportional to Rank. Note that this suggestion is intended as an inversely proportional to Rank. Note that this suggestion is
optimization to allow efficient aggregation -- it is not required for intended as an optimization to allow efficient aggregation (it is not
correct operation in the general case. required for correct operation in the general case).
8.6. Structure of DAO Messages 9.6. Structure of DAO Messages
DAOs follow a common structure in both storing and non-storing DAOs follow a common structure in both storing and non-storing
networks. Later sections describe further details for each mode of networks. In the most general form, a DAO message may include
operation. several groups of options, where each group consists of one or more
Target options followed by one or more Transit Information options.
The entire group of Transit Information options applies to the entire
group of Target options. Later sections describe further details for
each mode of operation.
1. RPL nodes MUST include one or more RPL Target Options in each DAO 1. RPL nodes MUST include one or more RPL Target Options in each DAO
they transmit. One RPL Target Option MUST have a prefix that message they transmit. One RPL Target Option MUST have a prefix
includes the node's IPv6 address if that node needs the DODAG to that includes the node's IPv6 address if that node needs the
provision downward routes to that node. DODAG to provision downward routes to that node. The RPL Target
Option MAY be immediately followed by an opaque RPL Target
Descriptor Option that qualifies it.
2. A RPL Target Option in a unicast DAO MUST be followed by a 2. When a node updates the information in a Transit Information
Transit Information Option. option for a Target option that covers one of its addresses, it
MUST increment the Path Sequence number in that Transit
Information option. The Path Sequence number MAY be incremented
occasionally to cause a refresh to the downward routes.
3. Multicast DAOs MUST NOT include Transit Information options. 3. One or more RPL Target Option in a unicast DAO message MUST be
followed by one or more Transit Information Option. All the
transit options apply to all the target options that immediately
precede them.
4. If a node receives a DAO that does not follow the above three 4. Multicast DAOs MUST NOT include the Parent Address in Transit
rules, it MUST discard the DAO without further processing. Information options.
8.7. Non-storing Mode 5. A node that receives and processes a DAO message containing
information for a specific Target, and that has prior information
for that Target, MUST use the Path Sequence number in the Transit
Information option associated with that Target in order to
determine whether or not the DAO message contains updated
information as per Section 7.
In non-storing mode, RPL routes messages downward using source 6. If a node receives a DAO message that does not follow the above
rules, it MUST discard the DAO message without further
processing.
In non-storing mode additional rules apply to ensure the continuity
of end-to-end source route path:
1. The address used as transit parent by the children MUST be taken
from a PIO with the 'R' flag set from that parent but is not
necessarily on link for the children.
2. The router that advertises an address as parent in a PIO MUST
also advertise that address as target in a DAO message.
3. An address that is advertised as target in a DAO MUST be
collocated or reachable onlink by the parent that is indicated in
the associated transit information.
4. A router might have targets that are not known to be onlink for a
parent, either because they are addresses located on an alternate
interface or because they belong to nodes that are external to
RPL, for instance connected hosts. In order to inject such a
target in the RPL network, the router MUST advertise itself as
the Parent Address in the Transit Information option for that
target, using an address that is onlink for that nodes DAO
parent. If the target belongs to an external node then the
router MUST set the External 'E' flag in the transit information.
9.7. Non-storing Mode
In non-storing mode, RPL routes messages downward using IP source
routing. The following rule applies to nodes that are in non-storing routing. The following rule applies to nodes that are in non-storing
mode. Storing mode has a separate set of rules, described in mode. Storing mode has a separate set of rules, described in
Section 8.8. Section 9.8.
1. The Parent Address field of a Transit Information Option MUST 1. The Parent Address field of a Transit Information Option MUST
contain one or more addresses. All of these addresses MUST be contain one or more addresses. All of these addresses MUST be
addresses of DAO parents of the sender. addresses of DAO parents of the sender.
2. On receiving a unicast DAO, a node MUST forward the DAO upwards. 2. On receiving a unicast DAO, a node MUST propagate the updated
This forwarding MAY use any parent in the parent set. Note that downward route information upwards. The node MAY use any parent
this forwarding may be delayed in support of aggregation as in the parent set. The downward route information in the DAO
described below, but that such a delay is not required if a message MAY be aggregated with other DAOs before being propagated
node's resources do not support it. upwards, which MAY entail to delay the propagation as described
below.
3. When a node removes a node from its DAO parent set, it MAY 3. When a node removes a node from its DAO parent set, it MAY
generate a new DAO with an updated Transit Information option. generate a new DAO message with an updated Transit Information
option.
In non-storing mode, a node uses DAOs to report its DAO parents to In non-storing mode, a node uses DAOs to report its DAO parents to
the DODAG Root. The DODAG Root can piece together a downward route the DODAG Root. The DODAG Root can piece together a downward route
to a node by using DAO parent sets from each node in the route. The to a node by using DAO parent sets from each node in the route. The
purpose of this per-hop route calculation is to minimize traffic when Path Sequence information may be used to detect stale DAO
DAO parents change. If nodes reported complete source routes, then information. The purpose of this per-hop route calculation is to
on a DAO parent change the entire sub-DODAG would have to send new minimize traffic when DAO parents change. If nodes reported complete
DAOs to the DODAG Root. Therefore, in non-storing mode, a node can source routes, then on a DAO parent change the entire sub-DODAG would
send a a single DAO, although it might choose to send more than one have to send new DAOs to the DODAG Root. Therefore, in non-storing
DAO to each of multiple DAO parents. mode, a node can send a single DAO, although it might choose to send
more than one DAO message to each of multiple DAO parents.
Nodes aggregate DAOs by sending a single DAO with multiple RPL Target Nodes pack DAOs by sending a single DAO message with multiple RPL
Options. Each RPL Target Option has its own, immediately following, Target Options. Each RPL Target Option has its own, immediately
Transit Information options. following, Transit Information options.
8.8. Storing Mode 9.8. Storing Mode
In storing mode, RPL routes messages downward by the IPv6 destination In storing mode, RPL routes messages downward by the IPv6 destination
address. The following rule apply to nodes that are in storing mode: address. The following rule apply to nodes that are in storing mode:
1. The Parent Address field of a Transmit Information option MUST be 1. The Parent Address field of a Transmit Information option MUST be
empty. empty.
2. On receiving a unicast DAO, a node MUST compute if the DAO would 2. On receiving a unicast DAO, a node MUST compute if the DAO would
change the set of prefixes that the node itself advertises. If change the set of prefixes that the node itself advertises. This
so, the node MUST generate a new DAO and transmit it, following computation SHOULD include consultation of the Path Sequence
the rules in Section 8.4. Such a change includes receiving a No- information in the Transit Information options associated with
Path DAO. the DAO, to determine if the DAO message contains newer
information that supersedes the information already stored at the
node. If so, the node MUST generate a new DAO message and
transmit it, following the rules in Section 9.4. Such a change
includes receiving a No-Path DAO.
3. When a node generates a new DAO, it SHOULD unicast it to each of 3. When a node generates a new DAO, it SHOULD unicast it to each of
its DAO parents. It MUST NOT unicast the DAO to nodes that are its DAO parents. It MUST NOT unicast the DAO message to nodes
not DAO parents. that are not DAO parents.
4. When a node removes a node from its DAO parent set, it SHOULD 4. When a node removes a node from its DAO parent set, it SHOULD
send a No-Path DAO (Section 5.4.3) to that removed DAO parent to send a No-Path DAO message (Section 6.4.3) to that removed DAO
invalidate the existing route. parent to invalidate the existing route.
5. If messages to an advertised downwards address suffer from a 5. If messages to an advertised downwards address suffer from a
forwarding error, neighbor unreachable detected (NUD), or similar forwarding error, neighbor unreachable detected (NUD), or similar
failure, a node MAY mark the address as unreachable and generate failure, a node MAY mark the address as unreachable and generate
an appropriate No-Path DAO. an appropriate No-Path DAO.
DAOs advertise what destination addresses and prefixes a node has DAOs advertise what destination addresses and prefixes a node has
routes to. Unlike in non-storing mode, these DAOs do not communicate routes to. Unlike in non-storing mode, these DAOs do not communicate
information about the routes themselves: that information is stored information about the routes themselves: that information is stored
within the network and is implicit from the IPv6 source address. within the network and is implicit from the IPv6 source address.
When a storing node generates a DAO, it uses the stored state of DAOs When a storing node generates a DAO, it uses the stored state of DAOs
it has received to produce a set of RPL Target options and their it has received to produce a set of RPL Target options and their
associated Transmit Information options. associated Transmit Information options.
Because this information is stored within a network, in storing mode Because this information is stored within each node's routing tables,
DAOs are communicated directly to DAO parents, who store this in storing mode DAOs are communicated directly to DAO parents, who
information. store this information.
8.9. Path Control 9.9. Path Control
A DAO message from a node contains one or more Target Options. Each A DAO message from a node contains one or more Target Options. Each
Target Option specifies either the node's prefix, a prefix of Target Option specifies either the node's prefix, a prefix of
addresses reachable outside the LLN, or a destination in the node's addresses reachable outside the LLN, or a destination in the node's
sub-DODAG. The Path Control field of the Transit Information option sub-DODAG. The Path Control field of the Transit Information option
allows nodes to request multiple downward routes. A node constructs allows nodes to request or allow for multiple downward routes. A
the Path Control field of a Transit Information option as follows: node constructs the Path Control field of a Transit Information
option as follows:
1. The bit width of the path control field MUST be equal to the 1. The bit width of the path control field MUST be equal to the
value (PCS + 1), where PCS is specified in the control field of value (PCS + 1), where PCS is specified in the control field of
the DODAG Configuration Option. Bits greater than or equal to the DODAG Configuration Option. Bits greater than or equal to
the value (PCS + 1) MUST be cleared on transmission and MUST be the value (PCS + 1) MUST be cleared on transmission and MUST be
ignored on reception. Bits below that value are considered ignored on reception. Bits below that value are considered
"active" bits. "active" bits.
2. For a RPL Target option describing a node's own address or a 2. The node MUST logically construct groupings of its DAO parents
while populating the Path Control field, where each group
consists of DAO parents of equal preference. Those groups MUST
then be ordered according to preference, which allows for a
logical mapping of DAO parents onto Path Control subfields (See
Figure 27). Groups MAY be repeated in order to extend over the
entire bit width of the patch control field, but the order,
including repeated groups, MUST be retained so that preference is
properly communicated.
3. For a RPL Target option describing a node's own address or a
prefix outside the LLN, at least one active bit of the Path prefix outside the LLN, at least one active bit of the Path
Control field MUST be set. More active bits of the Path Control Control field MUST be set. More active bits of the Path Control
field MAY be set. field MAY be set.
3. If a node receives multiple DAOs with the same RPL Target option, 4. If a node receives multiple DAOs with the same RPL Target option,
it MUST bitwise-OR the Path Control fields it receives. This it MUST bitwise-OR the Path Control fields it receives. This
aggregated bitwise-OR represents the number of downward routes aggregated bitwise-OR represents the number of downward routes
the prefix requests. the prefix requests.
4. When a node sends a DAO to one of its DAO parents, it MUST select 5. When a node sends a DAO message to one of its DAO parents, it
one or more of the set, active bits in the aggregated Path MUST select one or more of the bits that are set active in the
Control field. The DAO it transmits to its parent MUST have subfield that is mapped to the group containing that DAO parent
these active bits set and all other active bits cleared. from the aggregated Path Control field. A given bit can only be
presented as active to one parent. The DAO message it transmits
to its parent MUST have these active bits set and all other
active bits cleared.
5. For the RPL Target option and DAOSequence number, the DAOs a node 6. For the RPL Target option and DAOSequence number, the DAOs a node
sends to different DAO parents MUST have disjoint sets of active sends to different DAO parents MUST have disjoint sets of active
Path Control bits. A node MUST NOT set the same active bit on Path Control bits. A node MUST NOT set the same active bit on
DAOs to two different DAO parents. DAOs to two different DAO parents.
6. Path control bits SHOULD be allocated in order of preference, 7. Path control bits SHOULD be allocated according to the preference
such that the most significant bits, or groupings of bits, are mapping of DAO parents onto Path Control subfields, such that the
allocated to the most preferred DAO parents as determined by the active Path Control bits, or groupings of bits, that belong to a
node. particular Path Control subfield are allocated to DAO parents
within the group that was mapped to that subfield.
7. In a non-storing mode of operation, a node MAY pass DAOs through 8. In a non-storing mode of operation, a node MAY pass DAOs through
without performing any further processing on the Path Control without performing any further processing on the Path Control
field. field.
8. A node MUST NOT unicast a DAO that has no active bits in the Path 9. A node MUST NOT unicast a DAO message that has no active bits in
Control field set. the Path Control field set. It is possible that, for a given
Target option, that a node does not have enough aggregate Path
Control bits to send a DAO message containing that Target to each
of its DAO Parents, in which case those least preferred DAO
Parents may not get a DAO message for that Target.
The Path Control field allows a node to bound how many downward The Path Control field allows a node to bound how many downward
routes will be generated to it. It sets a number of bits in the Path routes will be generated to it. It sets a number of bits in the Path
Control field equal to the maximum number of downward routes it Control field equal to the maximum number of downward routes it
prefers. Each bit is sent to at most one DAO parent; clusters of prefers. Each bit is sent to at most one DAO parent; clusters of
bits can be sent to a single DAO parent for it to divide among its bits can be sent to a single DAO parent for it to divide among its
own DAO parents. own DAO parents.
8.10. Multicast Destination Advertisement Messages A node that provisions a DAO route for a Target that has an
associated Path Control field SHOULD use the content of that Path
Control field in order to determine an order of preference among
multiple alternative DAO routes for that Target. The Path Control
field assignment is derived from preference (of the DAO parents), as
determined on the basis of this node's best knowledge of the "end-to-
end" aggregated metrics in the "downward" direction as per the
objective function. In non storing mode the root can determine the
downward route by aggregating the information from each received DAO,
which includes the Path Control indications of preferred DAO parents.
9.9.1. Path Control Example
Suppose that there is an LLN operating in storing mode that contains
a Node N with four parents, P1, P2, P3, and P4. Let N have three
children, C1, C2, and C3 in its sub-DODAG. Let PCS be 7, such that
there will be 8 active bits in the Path Control field: 11111111b.
Consider the following example:
The Path Control field is split into 4 subfields, PC1 (11000000b),
PC2 (00110000b), PC3 (00001100b), and PC4 (00000011b), such that
those 4 subfields represent 4 different levels of preference as per
Figure 27. The implementation at Node N, in this example, groups
{P1, P2} to be of equal preference to each other, and the most
preferred group overall. {P3} is less preferred to {P1, P2}, and more
preferred to {P4}. Let Node N then perform its path control mapping
such that:
{P1, P2} -> PC1 (11000000b) in the Path Control field
{P3} -> PC2 (00110000b) in the Path Control field
{P4} -> PC3 (00001100b) in the Path Control field
{P4} -> PC4 (00000011b) in the Path Control field
Note that the implementation repeated {P4} in order to get complete
coverage of the Path Control field.
1. Let C1 send a DAO containing a Target T with a Path Control
10000000b. Node N stores an entry associating 10000000b with
the Path Control field for C1 and Target T.
2. Let C2 send a DAO containing a Target T with a Path Control
00010000b. Node N stores an entry associating 00010000b with
the Path Control field for C1 and Target T.
3. Let C3 send a DAO containing a Target T with a Path Control
00001100b. Node N stores an entry associating 00001100b with
the Path Control field for C1 and Target T.
4. At some later time, Node N generates a DAO for Target T. Node N
will construct an aggregate Path Control field by ORing together
the contribution from each of its children that have given a DAO
for Target T. The aggregate Path Control field thus has the
active bits set as: 10011100b.
5. Node N then distributes the aggregate Path Control bits among
its parents P1, P2, P3, and P4 in order to prepare the DAO
messages.
6. P1 and P2 are eligible to receive active bits from the most
preferred subfield (11000000b). Those bits are 10000000b in the
aggregate Path Control field. Node N must the bit to one of the
two parents only. In this case, Node P1 is allocated the bit,
and gets the Path Control field 10000000b for its DAO. There
are no bits left to allocate to Node P2, thus Node P2 would have
a Path Control field of 00000000b and a DAO cannot be generated
to Node P2 since there are no active bits.
7. The second-most preferred subfield (00110000b) has the active
bits 00010000b. Node N has mapped P3 to this subfield. Node N
may allocates the active bit to P3, constructing a DAO for P3
containing Target T with a Path Control of 00010000b.
8. The third-most preferred subfield (00001100b) has the active
bits 00001100b. Node N has mapped P4 to this subfield. Node N
may allocate both bits to P4, constructing a DAO for P4
containing Target T with a Path Control of 00001100b.
9. The least preferred subfield (00000011b) has no active bits.
Had there been active bits, those bits would have been added to
the Path Control field of the DAO constructed for P4.
10. The process of populating the DAO messages destined for P1, P2,
P3, P4 with other targets (other than T) proceeds as according
the aggregate path control fields collected for those targets.
9.10. Multicast Destination Advertisement Messages
A special case of DAO operation, distinct from unicast DAO operation, A special case of DAO operation, distinct from unicast DAO operation,
is multicast DAO operation which may be used to populate '1-hop' is multicast DAO operation which may be used to populate '1-hop'
routing table entries. routing table entries.
1. A node MAY multicast a DAO message to the link-local scope all- 1. A node MAY multicast a DAO message to the link-local scope all-
nodes multicast address FF02::1. RPL-nodes multicast address.
2. A multicast DAO message MUST be used only to advertise 2. A multicast DAO message MUST be used only to advertise
information about self, i.e. prefixes directly connected to or information about the node itself, i.e. prefixes directly
owned by this node, such as a multicast group that the node is connected to or owned by this node, such as a multicast group
subscribed to or a global address owned by the node. that the node is subscribed to or a global address owned by the
node.
3. A multicast DAO message MUST NOT be used to relay connectivity 3. A multicast DAO message MUST NOT be used to relay connectivity
information learned (e.g. through unicast DAO) from another node. information learned (e.g. through unicast DAO) from another node.
4. Information obtained from a multicast DAO MAY be installed in the 4. A node MUST NOT perform any other DAO related processing on a
routing table and MAY be propagated by a node in unicast DAOs. received multicast DAO message, in particular a node MUST NOT
perform the actions of a DAO parent upon receipt of a multicast
5. A node MUST NOT perform any other DAO related processing on a DAO.
received multicast DAO, in particular a node MUST NOT perform the
actions of a DAO parent upon receipt of a multicast DAO.
o The multicast DAO may be used to enable direct P2P communication, o The multicast DAO may be used to enable direct P2P communication,
without needing the RPL routing structure to relay the packets. without needing the DODAG to relay the packets.
o The multicast DAO does not presume any DODAG relationship between
the emitter and the receiver.
9. Security Mechanisms 10. Security Mechanisms
This section describes the generation and processing of secure RPL This section describes the generation and processing of secure RPL
messages. The high order bit of the RPL message code identifies messages. The high order bit of the RPL message code identifies
whether a RPL message is secure or not. In addition to secure whether a RPL message is secure or not. In addition to secure
versions of basic control messages (DIS, DIO, DAO, DAO-Ack), RPL has versions of basic control messages (DIS, DIO, DAO, DAO-Ack), RPL has
several messages which are relevant only in networks with security several messages which are relevant only in networks with security
enabled. enabled.
9.1. Security Overview Implementation complexity and size is a core concern for LLNs such
that it may be economically or physically impossible to include
sophisticated security provisions in a RPL implementation.
Furthermore, many deployments can utilize link-layer or other
security mechanisms to meet their security requirements without
requiring the use of security in RPL itself.
Therefore, the security features described in this document are
OPTIONAL to implement. A given implementation MAY support a subset
(including the empty set) of the described security features, for
example it could support integrity and confidentiality, but not
signatures. An implementation SHOULD clearly specify which security
mechanisms are supported, and deployers are RECOMMENDED to carefully
consider their security requirements and the availability of security
mechanisms in their network.
10.1. Security Overview
RPL supports three security modes: RPL supports three security modes:
o Insecure. In this security mode, RPL uses insecure DIS, DIO, DAO, o Unsecured. In this security mode, RPL uses basic DIS, DIO, DAO,
and DAO-Ack messages. and DAO-Ack messages, which do not have security sections. As a
network could be using other security mechanisms, such as link-
layer security, unsecured mode does not imply all messages are
sent without any protection.
o Pre-installed. In this security mode, RPL uses secure messages. o Pre-installed. In this security mode, RPL uses secure messages.
To join a RPL Instance, a node must have a pre-installed key. To join a RPL Instance, a node must have a pre-installed key.
Nodes use this to provide message confidentiality, integrity, and Nodes use this to provide message confidentiality, integrity, and
authenticity. A node may, using this preinstalled key, join the authenticity. A node may, using this preinstalled key, join the
RPL network as either a host or a router. RPL network as either a host or a router.
o Authenticated. In this security mode, RPL uses secure messages. o Authenticated. In this security mode, RPL uses secure messages.
To join a RPL Instance, a node must have a pre-installed key. To join a RPL Instance, a node must have a pre-installed key.
Node use this key to provide message confidentiality, integrity, Node use this key to provide message confidentiality, integrity,
and authenticity. Using this preinstalled key, a node may join and authenticity. Using this preinstalled key, a node may join
the network as a host only. To join the network as a router, a the network as a host only. To join the network as a router, a
node must obtain a second key from a key authority. This key node must obtain a second key from a key authority. This key
authority can authenticate that the requester is allowed to be a authority can authenticate that the requester is allowed to be a
router before providing it with the second key. router before providing it with the second key.
Whether or not the RPL Instance uses insecure mode is signaled by Whether or not the RPL Instance uses unsecured mode is signaled by
whether it uses secure RPL messages. Whether a secured network uses whether it uses secure RPL messages. Whether a secured network uses
the pre-installed or authenticated mode is signaled by the 'A' bit of the pre-installed or authenticated mode is signaled by the 'A' bit of
the DAG Configuration option. the DAG Configuration option.
RPL uses CCM* -- Counter with CBC-MAC (Cipher Block Chaining Message This specification specifies CCM* -- Counter with CBC-MAC (Cipher
Authentication Code) -- as the cryptographic basis for its Block Chaining Message Authentication Code) -- as the cryptographic
security[RFC3610]. In this specification, CCM uses AES-128 as its basis for RPL security[RFC3610]. In this specification, CCM uses
underlying cryptographic algorithm. There are bits reserved in the AES-128 as its underlying cryptographic algorithm. There are bits
security section to specify other algorithms in the future. reserved in the security section to specify other algorithms in the
future.
All secured RPL messages have a message authentication code (MAC).
Secured RPL messages optionally also have encryption protection for
confidentiality. Secured RPL message formats support both integrated
encryption/authentication schemes (e.g., CCM*) as well as schemes
that separately encrypt and authenticate packets.
9.2. Installing Keys
Authenticated mode requires a would-be router to dynamically install
new keys once they have joined a network as a host.
The exact message exchange to obtain such keys is TBD. It will All secured RPL messages have either a message authentication code
involve communication with a key authority, possibly, using the pre- (MAC) or a signature. Secured RPL messages optionally also have
installed shared key. The key authority can apply a security policy encryption protection for confidentiality. Secured RPL message
to decide whether to grant the would-be-router a new key. These keys formats support both integrated encryption/authentication schemes
may have lifetimes (start and end times) associated with them, which (e.g., CCM*) as well as schemes that separately encrypt and
nodes that support timestamps (described in Section 9.4.1) can use. authenticate packets.
9.3. Joining a Secure Network 10.2. Joining a Secure Network
RPL security assumes that a node wishing to join a secured network RPL security assumes that a node wishing to join a secured network
has been preconfigured with a shared key for communicating with has been preconfigured with a shared key for communicating with
neighbors and the RPL root. To join a secure RPL network, a node neighbors and the RPL root. To join a secure RPL network, a node
either listens for secure DIOs or triggers secure DIOs by sending a either listens for secure DIOs or triggers secure DIOs by sending a
secure DIS. In addition to the DIO/DIS rules in Section 7, secure secure DIS. In addition to the DIO/DIS rules in Section 8, secure
DIO and DIS messages have these rules: DIO and DIS messages have these rules:
1. If sent, this initial secure DIS MUST NOT set the C bit, MUST set 1. If sent, this initial secure DIS MUST set the Key Identifier Mode
the KIM field to 0 (00), and MUST set the LVL field to 1 (001). field to 0 (00) and MUST set the Security Level field to 1 (001).
The key used MUST be the preconfigured group key (Key Index The key used MUST be the preconfigured group key (Key Index
0x00). 0x00).
2. When a node resets its Trickle timer in response to a secure DIS 2. When a node resets its Trickle timer in response to a secure DIS
(Section 7.3), the next DIO it transmits MUST be a secure DIO (Section 8.3), the next DIO it transmits MUST be a secure DIO
with the same security configuration as the secure DIS. If a with the same security configuration as the secure DIS. If a
node receives multiple secure DIS messages before it transmits a node receives multiple secure DIS messages before it transmits a
DIO, the secure DIO MUST have the same security configuration as DIO, the secure DIO MUST have the same security configuration as
the last DIS it is responding to. the last DIS it is responding to.
3. When a node sends a DIO in response to a unicast secure DIS 3. When a node sends a DIO in response to a unicast secure DIS
(Section 7.3), the DIO MUST be a secure DIO. (Section 8.3), the DIO MUST be a secure DIO.
The above rules allow a node to join a secured RPL Instance using the The above rules allow a node to join a secured RPL Instance using the
preconfigured shared key. Once a node has joined the DODAG using the preconfigured shared key. Once a node has joined the DODAG using the
preconfigured shared key, the 'A' bit of the Configuration option preconfigured shared key, the 'A' bit of the Configuration option
determines its capabilities. If the 'A' bit of the Configuration is determines its capabilities. If the 'A' bit of the Configuration is
cleared, then nodes can use this preinstalled, shared key to exchange cleared, then nodes can use this preinstalled, shared key to exchange
messages normally: it can issue DIOs, DAOs, etc. messages normally: it can issue DIOs, DAOs, etc.
If the 'A' bit of the Configuration option is set: If the 'A' bit of the Configuration option is set and the RPL
Instance is operating in authenticated mode:
1. A node MUST NOT advertise a Rank besides INFINITE_RANK in secure 1. A node MUST NOT advertise a Rank besides INFINITE_RANK in secure
DIOs secured with Key Index 0x00. If a node receives a secure DIOs secured with Key Index 0x00. When processing DIO messages
DIO that advertises a Rank besides INFINITE_RANK and is secured secured with Key Index 0x00, a processing node MUST consider the
with Key Index 0x00, it MUST discard the message without further advertised Rank to be INFINITE_RANK. Any other value results in
processing. the message being discarded.
2. Secure DAOs using Key Index 0x00 MUST NOT have a RPL Target 2. Secure DAOs using Key Index 0x00 MUST NOT have a RPL Target
option with a prefix besides the node's address. If a node option with a prefix besides the node's address. If a node
receives a secured DAO using the preinstalled, shared key where receives a secured DAO message using the preinstalled, shared key
the RPL Target option does not match the IPv6 source address, it where the RPL Target option does not match the IPv6 source
MUST discard the secured DAO without further processing. address, it MUST discard the secured DAO message without further
processing.
The above rules mean that in RPL Instances where the 'A' bit is set, The above rules mean that in RPL Instances where the 'A' bit is set,
using Key Index 0x00 a node can join the RPL Instance as a host but using Key Index 0x00 a node can join the RPL Instance as a host but
not a router. A node must communicate with a key authority to obtain not a router. A node must communicate with a key authority to obtain
a key that will enable it to act as a router. Obtaining this key a key that will enable it to act as a router.
might require authentication on one or both ends. This message
exchange is TBD.
9.4. Counter and Counter Compression 10.3. Installing Keys
Every secured RPL packet has a Counter field. Depending on whether Authenticated mode requires a would-be router to dynamically install
the 'C' bit is set, this Counter field can be 1 or 4 bits. RPL nodes new keys once they have joined a network as a host. Having joined as
send CC messages to force uncompressed Counter values, protect a host, the node uses standard IP messaging to communicate with an
against replay attacks and synchronize counters. authorization server, which can provide new keys.
1. If a node is sending a secured RPL packet, and the Counter value The protocol to obtain such keys is the subject of a future standard.
of the packet is more than 255 greater than the last secured
packet to the destination address, the node MUST NOT set the 'C'
bit of the security section of the packet.
2. If a node receives a secure RPL message with the C bit set and is 10.4. Consistency Checks
uncertain of the 32-bit counter value, it MAY send a CC message
with the R bit cleared to obtain an uncompressed counter value.
The Nonce field of the CC message SHOULD be a random or
pseudorandom number.
3. If a node receives a unicast CC message with the R bit cleared, RPL nodes send Consistency Check (CC) messages to protect against
replay attacks and synchronize counters.
1. If a node receives a unicast CC message with the R bit cleared,
and it is a member of or is in the process of joining the and it is a member of or is in the process of joining the
associated DODAG, it SHOULD respond with a unicast CC message to associated DODAG, it SHOULD respond with a unicast CC message to
the sender. This response MUST have the C bit of the security the sender. This response MUST have the R bit set, and MUST have
section cleared, MUST have the R bit set, and MUST have the same the same Nonce, RPLInstanceID and DODAGID fields as the message
Nonce, RPLInstanceID and DODAGID fields as the message it it received.
received.
4. If a node receives a multicast CC message, it MUST discard the 2. If a node receives a multicast CC message, it MUST discard the
message with no further processing. message with no further processing.
These rules allow nodes to compress the Counter when destinations who Consistency Check messages allow nodes to issue a challenge-response
received the prior packet can determine the full counter value. If a to validate a node's current Counter value. Because the CC Nonce is
node cannot determine the full counter value, it can request the full generated by the challenger, an adversary replaying messages is
counter with a CC message. unlikely to be able to generate a correct response. The Counter in
the Consistency Check response allows the challenger to validate the
Counter values it hears.
9.4.1. Timestamp Counters 10.5. Counters
In the simplest case, the Counter value is an unsigned integer that a In the simplest case, the Counter value is an unsigned integer that a
node increments by one or more on each secured RPL transmission. The node increments by one or more on each secured RPL transmission. The
Counter MAY represent a timestamp that has the following properties: Counter MAY represent a timestamp that has the following properties:
1. The timestamp MUST be at least six octets long. 1. The timestamp MUST be at least six octets long.
2. The timestamp MUST be in 1kHz (millisecond) granularity. 2. The timestamp MUST be in 1024Hz (binary millisecond) granularity.
3. The timestamp start time MUST be January 1, 2010, 12:00:00AM UTC. 3. The timestamp start time MUST be January 1, 1970, 12:00:00AM UTC.
4. If the Counter represents such as timestamp, the Counter value 4. If the Counter represents such as timestamp, the Counter value
MUST be a value computed as follows. Let T be the timestamp, S MUST be a value computed as follows. Let T be the timestamp, S
be the start time of the key in use, and E be the end time of the be the start time of the key in use, and E be the end time of the
key in use. Both S and E are represented using the same 3 rules key in use. Both S and E are represented using the same 3 rules
as the timestamp described above. If E > T < S, then the Counter as the timestamp described above. If E > T < S, then the Counter
is invalid and a node MUST NOT generate a packet. Otherwise, the is invalid and a node MUST NOT generate a packet. Otherwise, the
Counter value is equal to T-S. Counter value is equal to T-S.
5. If the Counter represents such a timestamp, a node MAY set the 5. If the Counter represents such a timestamp, a node MAY set the
'T' flag of the security section of secured RPL packets. 'T' flag of the security section of secured RPL packets.
6. If the Counter field does not present such a timestamp, then a 6. If the Counter field does not present such a timestamp, then a
node MUST NOT set the 'T' flag. node MUST NOT set the 'T' flag.
7. If a node does not have a local timestamp that satisfies the 7. If a node does not have a local timestamp that satisfies the
above requirements, it MUST ignore the 'T' flag. above requirements, it MUST ignore the 'T' flag.
If a node supports such timestamps and it receives a message with the If a node supports such timestamps and it receives a message with the
'T' flag set, it MAY apply the temporal check on the received message 'T' flag set, it MAY apply the temporal check on the received message
described in Section 9.5.2.1. If a node receives a message without described in Section 10.7.1. If a node receives a message without
the 'T' flag set, it MUST NOT apply this temporal check. A node's the 'T' flag set, it MUST NOT apply this temporal check. A node's
security policy MAY, for application reasons, include rejecting all security policy MAY, for application reasons, include rejecting all
messages without the 'T' flag set. messages without the 'T' flag set.
9.5. Functional Description of Packet Protection The 'T' flag is present because many LLNs today already maintain
global time synchronization at sub-millisecond granularity for
security, application, and other reasons. Allowing RPL to leverage
this existing functionality when present greatly simplifies solutions
to some security problems, such as delay protection.
9.5.1. Transmission of Outgoing Packets 10.6. Transmission of Outgoing Packets
Given an outgoing RPL control packet and required security Given an outgoing RPL control packet and required security
protection, this section describes how RPL generates the secured protection, this section describes how RPL generates the secured
packet to transmit. It also describes the order of cryptographic packet to transmit. It also describes the order of cryptographic
operations to provide the required protection. operations to provide the required protection.
The requirement for security protection and the level of security to The requirement for security protection and the level of security to
be applied to an outgoing RPL packet shall be determined by the be applied to an outgoing RPL packet shall be determined by the
node's security policy database. The configuration of this security node's security policy database. The configuration of this security
policy database for outgoing packet processing is TBD (it may, for policy database for outgoing packet processing is implementation
example, be defined through DIO Configuration or through out-of-band specific.
administrative router configuration).
Where secured RPL messages are to be transmitted, a RPL node MUST set Where secured RPL messages are to be transmitted, a RPL node MUST set
the security section (C, T, Sec, KIM, and LVL) in the outgoing RPL the security section (T, Sec, KIM, and LVL) in the outgoing RPL
packet to describe the protection level and security settings that packet to describe the protection level and security settings that
are applied (see Section 5.1). The Security subfield bit of the RPL are applied (see Section 6.1). The Security subfield bit of the RPL
message Code field MUST be set to indicate the secure RPL message. message Code field MUST be set to indicate the secure RPL message.
The Counter value used in constructing the Nonce to secure the The Counter value used in constructing the Nonce to secure the
outgoing packet MUST be an increment of the last Counter transmitted outgoing packet MUST be an increment of the last Counter transmitted
to the particular destination address. Where a Counter for the to the particular destination address.
intended destination address has not been established, the Counter
value MUST be initialized to zero and sent as a Full Counter for the
initial RPL message transmission.
Where a Counter is currently maintained for outgoing messages to the Where security policy specifies the application of delay protection,
intended destination address, the Compressed Counter (indicated with the Timestamp Counter used in constructing the Nonce to secure the
the 'C' bit set) MUST be transmitted within the secured RPL message, outgoing packet MUST be incremented according to the rules in
provided the message is not a RPL Consistency Check message. The Section 10.5. Where a Timestamp Counter is applied (indicated with
current Full Counter (indicated with the 'C' bit cleared) for the the 'T' flag set) the locally maintained Time Counter MUST be
given destination address SHALL always be used when the outgoing included as part of the transmitted secured RPL message.
packet is a Consistency Check (challenge or response) message. Where
a Counter for the intended destination address does not exist, the
initialized (zero-value), Full Counter MUST be transmitted within the
initial RPL control message. Where security policy specifies the
application of delay protection, the Timestamp Counter used in
constructing the Nonce to secure the outgoing packet MUST be
incremented according to the rules in Section 9.4.1. Where a
Timestamp Counter is applied (indicated with the 'T' flag set) the
locally maintained Time Counter MUST be included as part of the
transmitted secured RPL message.
The cryptographic algorithm used in securing the outgoing packet The cryptographic algorithm used in securing the outgoing packet
shall be specified by the node's security policy database and MUST be shall be specified by the node's security policy database and MUST be
indicated in the value of the Sec field set within the outgoing indicated in the value of the Sec field set within the outgoing
message. message.
The security policy for the outgoing packet shall determine the The security policy for the outgoing packet shall determine the
applicable Key Identifier Mode (KIM) and Key Identifier specifying applicable Key Identifier Mode (KIM) and Key Identifier specifying
the security key to be used for the cryptographic packet processing, the security key to be used for the cryptographic packet processing,
including the optional use of signature keys (see Section 5.1). The including the optional use of signature keys (see Section 6.1). The
security policy will also specify the level of protection (LVL) in security policy will also specify the algorithm (Algorithm) and level
the form of authentication or authentication and encryption, and of protection (Level) in the form of authentication or authentication
potential use of signatures that shall apply to the outgoing packet. and encryption, and potential use of signatures that shall apply to
the outgoing packet.
Where encryption is applied, a node MUST replace the original packet Where encryption is applied, a node MUST replace the original packet
payload with that payload encrypted using the security protection, payload with that payload encrypted using the security protection,
key, and nonce specified in the security section of the packet. key, and nonce specified in the security section of the packet.
All secured RPL messages include integrity protection. In All secured RPL messages include integrity protection. In
conjunction with the security algorithm processing, a node derives a conjunction with the security algorithm processing, a node derives
Message Authentication Code (MAC) that MUST be included as part of either a Message Authentication Code (MAC) or signature that MUST be
the outgoing secured RPL packet. included as part of the outgoing secured RPL packet.
9.5.2. Reception of Incoming Packets 10.7. Reception of Incoming Packets
This section describes the reception and processing of a secured RPL This section describes the reception and processing of a secured RPL
packet. Given an incoming secured RPL packet, where the Security packet. Given an incoming secured RPL packet, where the Security
subfield bit of the RPL message Code field is set, this section subfield bit of the RPL message Code field is set, this section
describes how RPL generates an unencrypted version of the packet and describes how RPL generates an unencrypted variant of the packet and
validates its integrity. validates its integrity.
The receiver uses the RPL security control fields to determine the The receiver uses the RPL security control fields to determine the
necessary packet security processing. If the described level of necessary packet security processing. If the described level of
security for the message type and originator does not meet locally security for the message type and originator does not meet locally
maintained security policies, a node MAY discard the packet without maintained security policies, a node MAY discard the packet without
further processing. These policies can include security levels, keys further processing. These policies can include security levels, keys
used, source identifiers, or the lack of timestamp-based counters (as used, source identifiers, or the lack of timestamp-based counters (as
indicated by the 'T' flag). The configuration of the security policy indicated by the 'T' flag). The configuration of the security policy
database for incoming packet processing is TBD (it may, for example, database for incoming packet processing is outside the scope of this
be defined through DIO Configuration or through out-of-band specification (it may, for example, be defined through DIO
administrative router configuration). Configuration or through out-of-band administrative router
configuration).
Where the message security level (LVL) indicates an encrypted RPL Where the message security level (LVL) indicates an encrypted RPL
message, the node uses the key information identified through the KIM message, the node uses the key information identified through the KIM
field as well as the Nonce as input to the message payload decryption field as well as the Nonce as input to the message payload decryption
processing. The Nonce shall be derived from the message Counter processing. The Nonce shall be derived from the message Counter
field and other received and locally maintained information (see field and other received and locally maintained information (see
Section 9.5.3.1). The plaintext message contents shall be obtained Section 10.9.1). The plaintext message contents shall be obtained by
by invoking the inverse cryptographic mode of operation specified by invoking the inverse cryptographic mode of operation specified by the
the Sec field of the received packet. Sec field of the received packet.
The receiver shall use the Nonce and identified key information to The receiver shall use the Nonce and identified key information to
check the integrity of the incoming packet. If the integrity check check the integrity of the incoming packet. If the integrity check
fails against the received message authentication code (MAC), a node fails against the received message authentication code (MAC), a node
MUST discard the packet. MUST discard the packet.
If a Compressed Counter is received and the node does not currently If the received message has an initialized (zero value) Counter value
have an incoming Counter currently maintained for the originator of and the receiver has an incoming Counter currently maintained for the
the message, the node MUST send a Consistency Check request to the originator of the message, the receiver MUST initiate a Counter
message source to update the Counters. resynchronization by sending a Consistency Check response message
(see Section 6.6) to the message source. The Consistency Check
If an initialized (zero value) Full Counter is received in a secured response message shall be protected with the current full outgoing
RPL message and the receiving node currently has an incoming Counter Counter maintained for the particular node address. That outgoing
currently maintained for the originator of the message, the node MUST Counter will be included within the security section of the message
initiate a Counter resynchronization by sending a Consistency Check while the incoming Counter will be included within the Consistency
response message (see Section 5.6.1) to the message source. The Check message payload.
Consistency Check response message shall be protected with the
current full outgoing Counter maintained for the particular node
address. That outgoing Counter will be included within the security
section of the message while the incoming Counter will be included
within the Consistency Check message payload.
Based on the specified security policy a node MAY apply replay Based on the specified security policy a node MAY apply replay