An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4
draft-ietf-6tisch-architecture-10
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 9030.
Expired & archived
|
|
|---|---|---|---|
| Author | Pascal Thubert | ||
| Last updated | 2016-12-12 (Latest revision 2016-06-10) | ||
| Replaces | draft-thubert-6tisch-architecture | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
OPSDIR Last Call review
(of
-22)
by Qin Wu
Has issues
TSVART Last Call review
(of
-20)
by Gorry Fairhurst
Ready w/issues
IOTDIR Early review
(of
-19)
by Eliot Lear
On the Right Track
INTDIR Early review
(of
-19)
by Carlos Pignataro
On the Right Track
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | WG Document | |
| Document shepherd | Shwetha Bhandari | ||
| Shepherd write-up | Show Last changed 2015-05-22 | ||
| IESG | IESG state | Became RFC 9030 (Informational) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | Suresh Krishnan | ||
| Send notices to | (None) |
draft-ietf-6tisch-architecture-10
8. Credit-Control AVPs
This section defines the credit-control AVPs that are specific to
Diameter credit-control application and that MAY be included in the
Diameter credit-control messages.
The AVPs defined in this section MAY also be included in
authorization commands defined in authorization-specific
applications, such as [RFC7155] and [RFC4004], if the first
interrogation is performed as part of the authorization/
authentication process, as described in Section 5.2.
The Diameter AVP rules are defined in the Diameter Base [RFC6733],
Section 4. These AVP rules are observed in AVPs defined in this
section.
The following table describes the Diameter AVPs defined in the
credit-control application, their AVP Code values, types, and
possible flag values. The AVP Flag rules are explained in the
Diameter base [RFC6733], section 4.1.
+---------------+
|AVP Flag rules |
|----+-----+----|
AVP Section | | |MUST|
Attribute Name Code Defined Data Type |MUST| MAY |NOT |
-----------------------------------------|----+-----+----|
CC-Correlation-Id 411 8.1 OctetString| | M | V |
CC-Input-Octets 412 8.24 Unsigned64 | M | | V |
CC-Money 413 8.22 Grouped | M | | V |
CC-Output-Octets 414 8.25 Unsigned64 | M | | V |
CC-Request-Number 415 8.2 Unsigned32 | M | | V |
CC-Request-Type 416 8.3 Enumerated | M | | V |
CC-Service- 417 8.26 Unsigned64 | M | | V |
Specific-Units | | | |
CC-Session- 418 8.4 Enumerated | M | | V |
Failover | | | |
CC-Sub-Session-Id 419 8.5 Unsigned64 | M | | V |
CC-Time 420 8.21 Unsigned32 | M | | V |
CC-Total-Octets 421 8.23 Unsigned64 | M | | V |
CC-Unit-Type 454 8.32 Enumerated | M | | V |
Check-Balance- 422 8.6 Enumerated | M | | V |
Result | | | |
Cost-Information 423 8.7 Grouped | M | | V |
Cost-Unit 424 8.12 UTF8String | M | | V |
Credit-Control 426 8.13 Enumerated | M | | V |
Credit-Control- 427 8.14 Enumerated | M | | V |
Failure-Handling | | | |
Bertz, et al. Expires November 19, 2018 [Page 57]
Internet-Draft Diameter Credit-Control Application May 2018
Currency-Code 425 8.11 Unsigned32 | M | | V |
Direct-Debiting- 428 8.15 Enumerated | M | | V |
Failure-Handling | | | |
Exponent 429 8.9 Integer32 | M | | V |
Final-Unit-Action 449 8.35 Enumerated | M | | V |
Final-Unit- 430 8.34 Grouped | M | | V |
Indication | | | |
QoS-Final-Unit- TBD17 8.68 Grouped | | M | V |
Indication | | | |
Granted-Service- 431 8.17 Grouped | M | | V |
Unit | | | |
G-S-U-Pool- 453 8.31 Unsigned32 | M | | V |
Identifier | | | |
G-S-U-Pool- 457 8.30 Grouped | M | | V |
Reference | | | |
Multiple-Services 456 8.16 Grouped | M | | V |
-Credit-Control | | | |
Multiple-Services 455 8.40 Enumerated | M | | V |
-Indicator | | | |
Rating-Group 432 8.29 Unsigned32 | M | | V |
Redirect-Address 433 8.38 Enumerated | M | | V |
-Type | | | |
Redirect-Server 434 8.37 Grouped | M | | V |
Redirect-Server 435 8.39 UTF8String | M | | V |
-Address | | | |
Redirect-Server TBD13 8.64 Grouped | | M | V |
-Extension | | | |
Redirect-Address TBD14 8.65 Address | | M | V |
-IPAddress | | | |
Redirect-Address TBD15 8.66 UTF8String | | M | V |
-URL | | | |
Redirect-Address TBD16 8.67 UTF8String | | M | V |
-SIP-URI | | | |
Requested-Action 436 8.41 Enumerated | M | | V |
Requested-Service 437 8.18 Grouped | M | | V |
-Unit | | | |
Restriction 438 8.36 IPFiltrRule| M | | V |
-Filter-Rule | | | |
Service-Context 461 8.42 UTF8String | M | | V |
-Id | | | |
Service- 439 8.28 Unsigned32 | M | | V |
Identifier | | | |
Service-Parameter 440 8.43 Grouped | | M | V |
-Info | | | |
Service- 441 8.44 Unsigned32 | | M | V |
Parameter-Type | | | |
Service- 442 8.45 OctetString| | M | V |
Parameter-Value | | | |
Bertz, et al. Expires November 19, 2018 [Page 58]
Internet-Draft Diameter Credit-Control Application May 2018
Subscription-Id 443 8.46 Grouped | M | | V |
Subscription-Id 444 8.48 UTF8String | M | | V |
-Data | | | |
Subscription-Id 450 8.47 Enumerated | M | | V |
-Type | | | |
Subscription-Id TBD7 8.58 Grouped | | M | V |
-Extension | | | |
Subscription-Id TBD8 8.59 UTF8String | | M | V |
-E164 | | | |
Subscription-Id TBD9 8.60 UTF8String | | M | V |
-IMSI | | | |
Subscription-Id TBD10 8.61 UTF8String | | M | V |
-SIP-URI | | | |
Subscription-Id TBD11 8.62 UTF8String | | M | V |
-NAI | | | |
Subscription-Id TBD12 8.63 UTF8String | | M | V |
-Private | | | |
Tariff-Change 452 8.27 Enumerated | M | | V |
-Usage | | | |
Tariff-Time 451 8.20 Time | M | | V |
-Change | | | |
Unit-Value 445 8.8 Grouped | M | | V |
Used-Service-Unit 446 8.19 Grouped | M | | V |
User-Equipment 458 8.49 Grouped | | M | V |
-Info | | | |
User-Equipment 459 8.50 Enumerated | | M | V |
-Info-Type | | | |
User-Equipment 460 8.51 OctetString| | M | V |
-Info-Value | | | |
User-Equipment TBD1 8.52 Grouped | | M | V |
-Info-Extension | | | |
User-Equipment TBD2 8.53 OctetString| | M | V |
-Info-IMEISV | | | |
User-Equipment TBD3 8.54 OctetString| | M | V |
-Info-MAC | | | |
User-Equipment TBD4 8.55 OctetString| | M | V |
-Info-EUI64 | | | |
User-Equipment TBD5 8.56 OctetString| | M | V |
-Info-ModifiedEUI64 | | | |
User-Equipment TBD6 8.57 OctetString| | M | V |
-Info-IMEI | | | |
Value-Digits 447 8.10 Integer64 | M | | V |
Validity-Time 448 8.33 Unsigned32 | M | | V |
Bertz, et al. Expires November 19, 2018 [Page 59]
Internet-Draft Diameter Credit-Control Application May 2018
8.1. CC-Correlation-Id AVP
The CC-Correlation-Id AVP (AVP Code 411) is of type OctetString and
contains information to correlate credit-control requests generated
for different components of the service; e.g., transport and service
level. The one who allocates the Service-Context-Id (i.e., unique
identifier of a service specific document) is also responsible for
defining the content and encoding of the CC-Correlation-Id AVP.
8.2. CC-Request-Number AVP
The CC-Request-Number AVP (AVP Code 415) is of type Unsigned32 and
identifies this request within one session. As Session-Id AVPs are
globally unique, the combination of Session-Id and CC-Request-Number
AVPs is also globally unique and can be used in matching credit-
control messages with confirmations. An easy way to produce unique
numbers is to set the value to 0 for a credit-control request of type
INITIAL_REQUEST and EVENT_REQUEST and to set the value to 1 for the
first UPDATE_REQUEST, to 2 for the second, and so on until the value
for TERMINATION_REQUEST is one more than for the last UPDATE_REQUEST.
8.3. CC-Request-Type AVP
The CC-Request-Type AVP (AVP Code 416) is of type Enumerated and
contains the reason for sending the credit-control request message.
It MUST be present in all Credit-Control-Request messages. The
following values are defined for the CC-Request-Type AVP:
INITIAL_REQUEST 1
An Initial request is used to initiate a credit-control session, and
contains credit-control information that is relevant to the
initiation.
UPDATE_REQUEST 2
An Update request contains credit-control information for an existing
credit-control session. Update credit-control requests SHOULD be
sent every time a credit-control re-authorization is needed at the
expiry of the allocated quota or validity time. Further, additional
service-specific events MAY trigger a spontaneous Update request.
TERMINATION_REQUEST 3
A Termination request is sent to terminate a credit-control session
and contains credit-control information relevant to the existing
session.
Bertz, et al. Expires November 19, 2018 [Page 60]
Internet-Draft Diameter Credit-Control Application May 2018
EVENT_REQUEST 4
An Event request is used when there is no need to maintain any
credit-control session state in the credit-control server. This
request contains all information relevant to the service, and is the
only request of the service. The reason for the Event request is
further detailed in the Requested-Action AVP. The Requested-Action
AVP MUST be included in the Credit-Control-Request message when CC-
Request-Type is set to EVENT_REQUEST.
8.4. CC-Session-Failover AVP
The CC-Session-Failover AVP (AVP Code 418) is type of Enumerated and
contains information as to whether moving the credit-control message
stream to a backup server during an ongoing credit-control session is
supported. In communication failures, the credit-control message
streams can be moved to an alternative destination if the credit-
control server supports failover to an alternative server. The
secondary credit-control server name, if received from the home
Diameter AAA server, can be used as an address of the backup server.
An implementation is not required to support moving a credit-control
message stream to an alternative server, as this also requires moving
information related to the credit-control session to backup server.
The following values are defined for the CC-Session-Failover AVP:
FAILOVER_NOT_SUPPORTED 0
When the CC-Session-Failover AVP is set to FAILOVER_NOT_SUPPORTED,
the credit-control message stream MUST NOT be moved to an alternative
destination in the case of communication failure. This is the
default behavior if the AVP isn't included in the reply from the
authorization or credit-control server.
FAILOVER_SUPPORTED 1
When the CC-Session-Failover AVP is set to FAILOVER_SUPPORTED, the
credit-control message stream SHOULD be moved to an alternative
destination in the case of communication failure. Moving the credit-
control message stream to a backup server MAY require that
information related to the credit-control session should also be
forwarded to an alternative server.
8.5. CC-Sub-Session-Id AVP
The CC-Sub-Session-Id AVP (AVP Code 419) is of type Unsigned64 and
contains the credit-control sub-session identifier. The combination
of the Session-Id and this AVP MUST be unique per sub-session, and
Bertz, et al. Expires November 19, 2018 [Page 61]
Internet-Draft Diameter Credit-Control Application May 2018
the value of this AVP MUST be monotonically increased by one for all
new sub-sessions. The absence of this AVP implies that no sub-
sessions are in use.
8.6. Check-Balance-Result AVP
The Check Balance Result AVP (AVP Code 422) is of type Enumerated and
contains the result of the balance check. This AVP is applicable
only when the Requested-Action AVP indicates CHECK_BALANCE in the
Credit-Control-Request command. The following values are defined for
the Check-Balance-Result AVP.
ENOUGH_CREDIT 0
There is enough credit in the account to cover the requested service.
NO_CREDIT 1
There isn't enough credit in the account to cover the requested
service.
8.7. Cost-Information AVP
The Cost-Information AVP (AVP Code 423) is of type Grouped, and it is
used to return the cost information of a service, which the credit-
control client can transfer transparently to the end user. The
included Unit-Value AVP contains the cost estimate (always type of
money) of the service, in the case of price enquiry, or the
accumulated cost estimation, in the case of credit-control session.
The Currency-Code specifies in which currency the cost was given.
The Cost-Unit specifies the unit when the service cost is a cost per
unit (e.g., cost for the service is $1 per minute).
When the Requested-Action AVP with value PRICE_ENQUIRY is included in
the Credit-Control-Request command, the Cost-Information AVP sent in
the succeeding Credit-Control-Answer command contains the cost
estimation of the requested service, without any reservation being
made.
The Cost-Information AVP included in the Credit-Control-Answer
command with the CC-Request-Type set to UPDATE_REQUEST contains the
accumulated cost estimation for the session, without taking any
credit reservation into account.
The Cost-Information AVP included in the Credit-Control-Answer
command with the CC-Request-Type set to EVENT_REQUEST or
Bertz, et al. Expires November 19, 2018 [Page 62]
Internet-Draft Diameter Credit-Control Application May 2018
TERMINATION_REQUEST contains the estimated total cost for the
requested service.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Cost-Information ::= < AVP Header: 423 >
{ Unit-Value }
{ Currency-Code }
[ Cost-Unit ]
8.8. Unit-Value AVP
Unit-Value AVP is of type Grouped (AVP Code 445) and specifies the
units as decimal value. The Unit-Value is a value with an exponent;
i.e., Unit-Value = Value-Digits AVP * 10^Exponent. This
representation avoids unwanted rounding off. For example, the value
of 2,3 is represented as Value-Digits = 23 and Exponent = -1. The
absence of the exponent part MUST be interpreted as an exponent equal
to zero.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Unit-Value ::= < AVP Header: 445 >
{ Value-Digits }
[ Exponent ]
8.9. Exponent AVP
Exponent AVP is of type Integer32 (AVP Code 429) and contains the
exponent value to be applied for the Value-Digit AVP within the Unit-
Value AVP.
8.10. Value-Digits AVP
The Value-Digits AVP is of type Integer64 (AVP Code 447) and contains
the significant digits of the number. If decimal values are needed
to present the units, the scaling MUST be indicated with the related
Exponent AVP. For example, for the monetary amount $ 0.05 the value
of Value-Digits AVP MUST be set to 5, and the scaling MUST be
indicated with the Exponent AVP set to -2.
8.11. Currency-Code AVP
The Currency-Code AVP (AVP Code 425) is of type Unsigned32 and
contains a currency code that specifies in which currency the values
Bertz, et al. Expires November 19, 2018 [Page 63]
Internet-Draft Diameter Credit-Control Application May 2018
of AVPs containing monetary units were given. It is specified by
using the numeric values defined in the ISO 4217 standard [ISO4217].
8.12. Cost-Unit AVP
The Cost-Unit AVP (AVP Code 424) is of type UTF8String, and it is
used to display a human readable string to the end user. It
specifies the applicable unit to the Cost-Information when the
service cost is a cost per unit (e.g., cost of the service is $1 per
minute). The Cost-Unit can be minutes, hours, days, kilobytes,
megabytes, etc.
8.13. Credit-Control AVP
The Credit-Control AVP (AVP Code 426) is of type Enumerated and MUST
be included in AA requests when the service element has credit-
control capabilities.
CREDIT_AUTHORIZATION 0
If the home Diameter AAA server determines that the user has prepaid
subscription, this value indicates that the credit-control server
MUST be contacted to perform the first interrogation. The value of
the Credit-Control AVP MUST always be set to 0 in an AA request sent
to perform the first interrogation and to initiate a new credit-
control session.
RE_AUTHORIZATION 1
This value indicates to the Diameter AAA server that a credit-control
session is ongoing for the subscriber and that the credit-control
server MUST NOT be contacted. The Credit-Control AVP set to the
value of 1 is to be used only when the first interrogation has been
successfully performed and the credit-control session is ongoing
(i.e., re-authorization triggered by Authorization-Lifetime). This
value MUST NOT be used in an AA request sent to perform the first
interrogation.
8.14. Credit-Control-Failure-Handling AVP
The Credit-Control-Failure-Handling AVP (AVP Code 427) is of type
Enumerated. The credit-control client uses information in this AVP
to decide what to do if sending credit-control messages to the
credit-control server has been, for instance, temporarily prevented
due to a network problem. Depending on the service logic, the
credit-control server can order the client to terminate the service
immediately when there is a reason to believe that the service cannot
be charged, or to try failover to an alternative server, if possible.
Bertz, et al. Expires November 19, 2018 [Page 64]
Internet-Draft Diameter Credit-Control Application May 2018
Then the server could either terminate or grant the service, should
the alternative connection also fail.
TERMINATE 0
When the Credit-Control-Failure-Handling AVP is set to TERMINATE, the
service MUST only be granted for as long as there is a connection to
the credit-control server. If the credit-control client does not
receive any Credit-Control-Answer message within the Tx timer (as
defined in Section 13), the credit-control request is regarded as
failed, and the end user's service session is terminated.
This is the default behavior if the AVP isn't included in the reply
from the authorization or credit-control server.
CONTINUE 1
When the Credit-Control-Failure-Handling AVP is set to CONTINUE, the
credit-control client SHOULD re-send the request to an alternative
server in the case of transport or temporary failures, provided that
a failover procedure is supported in the credit-control server and
the credit-control client, and that an alternative server is
available. Otherwise, the service SHOULD be granted, even if credit-
control messages can't be delivered.
RETRY_AND_TERMINATE 2
When the Credit-Control-Failure-Handling AVP is set to
RETRY_AND_TERMINATE, the credit-control client SHOULD re-send the
request to an alternative server in the case of transport or
temporary failures, provided that a failover procedure is supported
in the credit-control server and the credit-control client, and that
an alternative server is available. Otherwise, the service SHOULD
NOT be granted when the credit-control messages can't be delivered.
8.15. Direct-Debiting-Failure-Handling AVP
The Direct-Debiting-Failure-Handling AVP (AVP Code 428) is of type
Enumerated. The credit-control client uses information in this AVP
to decide what to do if sending credit-control messages (Requested-
Action AVP set to DIRECT_DEBITING) to the credit-control server has
been, for instance, temporarily prevented due to a network problem.
TERMINATE_OR_BUFFER 0
When the Direct-Debiting-Failure-Handling AVP is set to
TERMINATE_OR_BUFFER, the service MUST be granted for as long as there
is a connection to the credit-control server. If the credit-control
Bertz, et al. Expires November 19, 2018 [Page 65]
Internet-Draft Diameter Credit-Control Application May 2018
client does not receive any Credit-Control-Answer message within the
Tx timer (as defined in Section 13) the credit-control request is
regarded as failed. The client SHOULD terminate the service if it
can determine from the failed answer that units have not been
debited. Otherwise the credit-control client SHOULD grant the
service, store the request in application level non-volatile storage,
and try to re-send the request. These requests MUST be marked as
possible duplicates by setting the T-flag in the command header as
described in [RFC6733] section 3. This is the default behavior if
the AVP isn't included in the reply from the authorization server.
CONTINUE 1
When the Direct-Debiting-Failure-Handling AVP is set to CONTINUE, the
service SHOULD be granted, even if credit-control messages can't be
delivered, and the request should be deleted.
8.16. Multiple-Services-Credit-Control AVP
Multiple-Services-Credit-Control AVP (AVP Code 456) is of type
Grouped and contains the AVPs related to the independent credit-
control of multiple services feature. Note that each instance of
this AVP carries units related to one or more services or related to
a single rating group.
The Service-Identifier and the Rating-Group AVPs are used to
associate the granted units to a given service or rating group. If
both the Service-Identifier and the Rating-Group AVPs are included,
the target of the service units is always the service(s) indicated by
the value of the Service-Identifier AVP(s). If only the Rating-
Group-Id AVP is present, the Multiple-Services-Credit-Control AVP
relates to all the services that belong to the specified rating
group.
The G-S-U-Pool-Reference AVP allows the server to specify a G-S-U-
Pool-Identifier identifying a credit pool within which the units of
the specified type are considered pooled. If a G-S-U-Pool-Reference
AVP is present, then actual service units of the specified type MUST
also be present. For example, if the G-S-U-Pool-Reference AVP
specifies Unit-Type TIME, then the CC-Time AVP MUST be present.
The Requested-Service-Unit AVP MAY contain the amount of requested
service units or the requested monetary value. It MUST be present in
the initial interrogation and within the intermediate interrogations
in which new quota is requested. If the credit-control client does
not include the Requested-Service-Unit AVP in a request command,
because for instance, it has determined that the end-user terminated
the service, the server MUST debit the used amount from the user's
Bertz, et al. Expires November 19, 2018 [Page 66]
6TiSCH P. Thubert, Ed.
Internet-Draft Cisco
Intended status: Informational June 10, 2016
Expires: December 12, 2016
An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4
draft-ietf-6tisch-architecture-10
Abstract
This document describes a network architecture that provides low-
latency, low-jitter and high-reliability packet delivery. It
combines a high speed powered backbone and subnetworks using IEEE
802.15.4 time-slotted channel hopping (TSCH) to meet the requirements
of LowPower wireless deterministic applications.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 12, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Thubert Expires December 12, 2016 [Page 1]
Internet-Draft 6tisch-architecture June 2016
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. High Level Architecture . . . . . . . . . . . . . . . . . . . 4
3.1. 6TiSCH Stack . . . . . . . . . . . . . . . . . . . . . . 4
3.2. TSCH: A Deterministic MAC Layer . . . . . . . . . . . . . 6
3.3. Scheduling TSCH . . . . . . . . . . . . . . . . . . . . . 7
3.4. Routing and Forwarding Over TSCH . . . . . . . . . . . . 8
3.5. A Non-Broadcast Multi-Access Radio Mesh Network . . . . . 10
3.6. A Multi-Link Subnet Model . . . . . . . . . . . . . . . . 12
3.7. Join Process and Registration . . . . . . . . . . . . . . 13
3.8. Dependencies on Work In Progress . . . . . . . . . . . . 14
4. Deeper Dive . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.1. 6LoWPAN (and RPL) . . . . . . . . . . . . . . . . . . . . 16
4.1.1. RPL Leaf Support in 6LoWPAN ND . . . . . . . . . . . 16
4.1.2. RPL Root And 6LBR . . . . . . . . . . . . . . . . . . 16
4.2. TSCH and 6top . . . . . . . . . . . . . . . . . . . . . . 17
4.2.1. 6top . . . . . . . . . . . . . . . . . . . . . . . . 17
4.2.2. Scheduling Functions and the 6P protocol . . . . . . 18
4.2.3. 6top and RPL Objective Function operations . . . . . 19
4.2.4. Network Synchronization . . . . . . . . . . . . . . . 20
4.2.5. SlotFrames and Priorities . . . . . . . . . . . . . . 21
4.2.6. Distributing the reservation of cells . . . . . . . . 22
4.3. Communication Paradigms and Interaction Models . . . . . 24
4.4. Schedule Management Mechanisms . . . . . . . . . . . . . 25
4.4.1. Static Scheduling . . . . . . . . . . . . . . . . . . 25
4.4.2. Neighbor-to-neighbor Scheduling . . . . . . . . . . . 25
4.4.3. Remote Monitoring and Schedule Management . . . . . . 26
4.4.4. Hop-by-hop Scheduling . . . . . . . . . . . . . . . . 29
4.5. Forwarding Models . . . . . . . . . . . . . . . . . . . . 29
4.5.1. Track Forwarding . . . . . . . . . . . . . . . . . . 29
4.5.2. Fragment Forwarding . . . . . . . . . . . . . . . . . 33
4.5.3. IPv6 Forwarding . . . . . . . . . . . . . . . . . . . 34
4.6. Centralized vs. Distributed Routing . . . . . . . . . . . 35
4.6.1. Packet Marking and Handling . . . . . . . . . . . . . 35
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
6. Security Considerations . . . . . . . . . . . . . . . . . . . 36
6.1. Join Process Highlights . . . . . . . . . . . . . . . . . 36
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 39
7.1. Contributors . . . . . . . . . . . . . . . . . . . . . . 39
7.2. Special Thanks . . . . . . . . . . . . . . . . . . . . . 40
7.3. And Do not Forget . . . . . . . . . . . . . . . . . . . . 40
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 40
8.1. Normative References . . . . . . . . . . . . . . . . . . 41
8.2. Informative References . . . . . . . . . . . . . . . . . 43
8.3. Other Informative References . . . . . . . . . . . . . . 47
Appendix A. Personal submissions relevant to upcoming work . . . 48
Thubert Expires December 12, 2016 [Page 2]
Internet-Draft 6tisch-architecture June 2016
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 49
1. Introduction
Wireless Networks enable a wide variety of devices of any size to get
interconnected, often at a very low marginal cost per device, at any
distance ranging from Near Field to interplanetary, and in
circumstances where wiring may be impractical, for instance on fast-
moving or rotating devices.
In the other hand, Deterministic Networks enable traffic that is
highly sensitive to jitter, quite sensitive to latency, and with a
high degree of operational criticality so that loss should be
minimized at all times. Applications that need such networks are
presented in [I-D.ietf-detnet-use-cases]. They include Professional
Media and Operation Technology (OT) Industrial Automation Control
Systems (IACS).
The Medium access Control (MAC) of IEEE802.15.4 [IEEE802154] has
evolved with the IEEE802.15.4e Timeslotted Channel Hopping (TSCH)
[RFC7554] mode to provide deterministic properties on wireless
networks. TSCH was initially introduced with the IEEE802.15.4e
amendment [IEEE802154e] of the IEEE802.15.4 standard and constituted
a part of the standard from that day. For all practical purpose,
this document is expected to be insensitive to the revisions of the
IEEE802.15.4 standard, which is thus referenced undated.
Proven Deterministic Networking standards for use in Process Control,
including ISA100.11a [ISA100.11a] and WirelessHART [WirelessHART],
have demonstrated the capabilities of the IEEE802.15.4 TSCH MAC for
high reliability against interference, low-power consumption on well-
known flows, and its applicability for Traffic Engineering (TE) from
a central controller.
In order to enable the convergence of IT and OT in LLN environments,
6TiSCH ports the IETF suite of protocol that are defined for such
environments over the TSCH MAC. 6TiSCH also provides large scaling
capabilities, which, in a number of scenarios, require the addition
of a high speed and reliable backbone and the use of IP version 6
(IPv6). The 6TiSCH Architecture introduces an IPv6 Multi-Link subnet
model that is composed of a federating backbone and a number of
IEEE802.15.4 TSCH low-power wireless networks attached and
synchronized by Backbone Routers.
The architecture defines mechanisms to establish and maintain routing
and scheduling in a centralized, distributed, or mixed fashion, for
use in multiple OT environments. It is applicable in particular to
industrial control systems, building automation that leverage
Thubert Expires December 12, 2016 [Page 3]
Internet-Draft 6tisch-architecture June 2016
distributed routing to address multipath over a large number of hops,
in-vehicle command and control that can be as demanding as industrial
applications, commercial automation and asset Tracking with mobile
scenarios, home automation and domotics which become more reliable
and thus provide a better user experience, and resource management
(energy, water, etc.).
2. Terminology
The draft uses domain-specific terminology defined or referenced in
[I-D.ietf-6tisch-terminology], [I-D.ietf-6lo-backbone-router], and
[I-D.ietf-roll-rpl-industrial-applicability].
Readers are expected to be familiar with all the terms and concepts
that are discussed in "Neighbor Discovery for IP version 6"
[RFC4861], "IPv6 over Low-Power Wireless Personal Area Networks
(6LoWPANs): Overview, Assumptions, Problem Statement, and Goals"
[RFC4919], and Neighbor Discovery Optimization for Low-power and
Lossy Networks [RFC6775] where the 6LoWPAN Router (6LR) and the
6LoWPAN Border Router (6LBR) are introduced.
Readers may benefit from reading the "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks" [RFC6550] specification; "Multi-Link
Subnet Issues" [RFC4903]; "Mobility Support in IPv6" [RFC6275];
"Neighbor Discovery Proxies (ND Proxy)" [RFC4389]; "IPv6 Stateless
Address Autoconfiguration" [RFC4862]; "FCFS SAVI: First-Come, First-
Served Source Address Validation Improvement for Locally Assigned
IPv6 Addresses" [RFC6620]; and "Optimistic Duplicate Address
Detection" [RFC4429] prior to this specification for a clear
understanding of the art in ND-proxying and binding.
The draft also conforms to the terms and models described in
[RFC3444] and [RFC5889] and uses the vocabulary and the concepts
defined in [RFC4291] for the IPv6 Architecture and refers [RFC4080]
for reservation signaling and [RFC5191] for authentication.
3. High Level Architecture
3.1. 6TiSCH Stack
The 6TiSCH architecture presents a reference stack that is
implemented and interop tested by a conjunction of opensource, IETF
and ETSI efforts. One goal is to help other bodies to adopt the
stack as a whole, making the effort to move to an IPv6-based IOT
stack easier. Now, for a particular, environment, some of the
choices that are made in this architecture may not be relevant. For
instance, RPL is not required for star topologies and mesh-under
layer-2 routed networks, and the 6LoWPAN compression may not be
Thubert Expires December 12, 2016 [Page 4]
Internet-Draft 6tisch-architecture June 2016
sufficient for ultra-constrained cases such as some Low Power Wide
Area (LPWA) networks. In such cases, it is perfectly doable to adopt
a subset of the selection that is presented hereafter and then select
alternate components to complete the solution wherever needed.
The IETF proposes multiple techniques for implementing functions
related to routing, transport or security. In order to control the
complexity of the possible deployments and device interactions, and
to limit the size of the resulting object code, the architecture
limits the possible variations of the stack and recommends a number
of base elements for LLN applications. In particular, UDP [RFC0768]
[RFC2460] and the Constrained Application Protocol [RFC7252] (CoAP)
are used as the transport / binding of choice for applications and
management as opposed to TCP and HTTP.
The resulting stack is represented below:
+-----+-----+-----+------+-------+-----+
| (COMI) |(PANA)|6LoWPAN| RPL |
| CoAP / DTLS | | ND | |
+-----+-----+-----+------+-------+-----+
| UDP | ICMP |
+-----+-----+-----+-----+-------+------+-----+
| IPv6 |
+-------------------------------------------+
| 6LoWPAN adaptation and compression (HC) |
+-------------------------------------------+
| 6top |
+-------------------------------------------+
| IEEE802.15.4 TSCH |
+-------------------------------------------+
Figure 1: 6TiSCH Protocol Stack
RPL is the routing protocol of choice for LLNs. So far, there was no
identified need to define a 6TiSCH specific Objective Function. The
Minimal 6TiSCH Configuration [I-D.ietf-6tisch-minimal] describes the
operation of RPL over a static schedule used in a slotted aloha
fashion, whereby all active slots may be used for emission or
reception of both unicast and multicast frames.
The 6LoWPAN Header Compression [RFC6282] is used to compress the IPv6
and UDP headers, whereas the 6LoWPAN Routing Header
[I-D.ietf-roll-routing-dispatch] is used to compress the RPL
artifacts in the IPv6 data packets, including the RPL Packet
Information (RPI), the IP-in-IP encapsulation to/from the RPL root,
and the Source Route Header (SRH) in non-storing mode.
Thubert Expires December 12, 2016 [Page 5]
Internet-Draft 6tisch-architecture June 2016
6TiSCH has adopted the general direction of CoAP Management Interface
(COMI) [I-D.vanderstok-core-comi] for the management of devices.
This is leveraged for instance for the implementation of the generic
data model for the 6top sublayer management interface
[I-D.ietf-6tisch-6top-interface]. The proposed implementation is
based on CoAP and CBOR, and specified in 6TiSCH Resource Management
and Interaction using CoAP [I-D.ietf-6tisch-coap].
The Datagram Transport Layer Security (DTLS) [RFC6347] is represented
as an example of a protocol that could be used to protect CoAP
datagrams, but the exact stack is not determined at the time of this
writing..
Similarly, the Protocol for Carrying Authentication for Network
access (PANA) [RFC5191] is represented as an example of a protocol
that could be leveraged to secure the join process, as a Layer-3
alternate to IEEE802.1x/EAP. Regardless, the security model ensures
that, prior to a join process, packets from a untrusted device are
controlled in volume and in reachability. In particular, a PANA
stack should be separated from the main protocol stack to avoid
attacks during the join process that is introduced in Section 3.7.
An overview of the security aspects of the join process can be found
in Section 6.
The 6TiSCH Operation sublayer (6top) [I-D.wang-6tisch-6top-sublayer]
is a sublayer of a Logical Link Control (LLC) that provides the
abstraction of an IP link over a TSCH MAC and schedules packets over
TSCH cells,as further discussed in the next sections.
3.2. TSCH: A Deterministic MAC Layer
Though at a different time scale (several orders of magnitude), both
IEEE802.1TSN and IEEE802.15.4TSCH standards provide Deterministic
capabilities to the point that a packet that pertains to a certain
flow may traverse a network from node to node following a very
precise schedule, as a train that enters and then leaves intermediate
stations at precise times along its path. With TSCH, time is
formatted into timeslots, and individual communication cells are
allocated to unicast or broadcast communication at the MAC level.
The time-slotted operation reduces collisions, saves energy, and
enables to more closely engineer the network for deterministic
properties. The channel hopping aspect is a simple and efficient
technique to combat multipath fading and external interference (for
example by Wi-Fi emitters).
6TiSCH builds on the IEEE802.15.4TSCH MAC and inherits its advanced
capabilities to enable them in multiple environments where they can
be leveraged to improve automated operations. The 6TiSCH
Thubert Expires December 12, 2016 [Page 6]
Internet-Draft 6tisch-architecture June 2016
Architecture also inherits the capability to perform a centralized
route computation to achieve deterministic properties, though it
relies on the IETF DetNet Architecture
[I-D.finn-detnet-architecture], and IETF components such as the Path
Computation Element (PCE) [PCE], for the protocol aspects.
On top of this inheritance, 6TiSCH adds capabilities for distributed
routing and scheduling operations based on the RPL routing protocol
and capabilities to negotiate schedule adjustments between peers.
These distributed routing and scheduling operations simplify the
deployment of TSCH networks and enable wireless solutions in a larger
variety of use cases from operational technology in general.
Examples of such use-cases in industrial environments include plant
setup and decommissioning, as well as monitoring of lots of lesser
importance measurements such as corrosion and events. RPL also
enables mobile use cases such as mobile workers and cranes, as
presented in [I-D.ietf-roll-rpl-industrial-applicability].
3.3. Scheduling TSCH
A scheduling operation attributes cells in a Time-Division-
Multiplexing (TDM) / Frequency-Division Multiplexing (FDM) matrix
called the Channel distribution/usage (CDU) to either individual
transmissions or as multi-access shared resources (see the 6TiSCH
Terminology [I-D.ietf-6tisch-terminology] for more on these terms).
Scheduling effectively enables multiple communications at a same time
in a same interference domain using different channels; but a node
equipped with a single radio can only transmit or receive on one
channel at any given point of time.
From the standpoint of a 6TiSCH node (at the MAC layer), its schedule
is the collection of the times at which it must wake up for
transmission, and the channels to which it should either send or
listen at those times. The schedule is expressed as one or more
slotframes that repeat over and over. Slotframes may collision and
require a device to wake at a same time, in which case a priority
indicates which slotframe is actually activated.
The 6top sublayer hides the complexity of the schedule to the upper
layers. The Link that IP may utilize between the 6TiSCH node and a
peer may in fact be composed of a pair of cell bundles, one to
receive and one to transmit. Some of the cells may be shared, in
which case the 6top sublayer must perform some arbitration.
The 6TiSCH architecture identifies four ways a schedule can be
managed and CDU cells can be allocated: Static Scheduling, Neighbor-
to-Neighbor Scheduling, Remote Monitoring and Schedule Management,
and Hop-by-hop Scheduling.
Thubert Expires December 12, 2016 [Page 7]
Internet-Draft 6tisch-architecture June 2016
Static Scheduling: This refers to the minimal 6TiSCH operation
whereby a static schedule is configured for the whole network for
use in a slotted-aloha fashion. The static schedule is
distributed through the native methods in the TSCH MAC layer.
This operation leverages RPL to maintain a loopless graph for
routing and time distribution. It is specified in the Minimal
6TiSCH Configuration [I-D.ietf-6tisch-minimal] specification. and
does not preclude other scheduling operations to co-exist on a
same 6TiSCH network.
Neighbor-to-Neighbor Scheduling: This refers to the dynamic
adaptation of the bandwidth of the Links that are used for IPv6
traffic between adjacent routers. Scheduling Functions such as
SF0 [I-D.ietf-6tisch-6top-sf0] influence the operation of the 6top
sublayer [I-D.wang-6tisch-6top-sublayer] to add and remove cells
in peers schedule, using the 6top protocol
[I-D.ietf-6tisch-6top-protocol] for the negotiation on the MAC
resources.
Remote Monitoring and Schedule Management: This refers to the
central computation of a schedule and the capability to forward a
frame based on the cell of arrival. In that case, the related
portion of the device schedule as well as other device resources
are managed by an abstract Network Management Entity (NME), which
may cooperate with the PCE in order to minimize the interaction
with and the load on the constrained device. This model is the
TSCH adaption of the DetNet Architecture
[I-D.finn-detnet-architecture], and it enables Traffic Engineering
with deterministic properties.
Hop-by-hop Scheduling: This refers to the possibility to reserves
cells along a path for a particular flow using a distributed
mechanism.
It is not expected that all use cases will require all those
mechanisms. Static Scheduling with minimal configuration one is the
only one that is expected in all implementations, since it provides a
simple and solid basis for convergecast routing and time
distribution.
A deeper dive in those mechanisms can be found in Section 4.4.
3.4. Routing and Forwarding Over TSCH
6TiSCH leverages the RPL routing protocol for interoperable
distributed routing operations. RPL is applicable to Static
Scheduling and Neighbor-to-Neighbor Scheduling. The architecture
also supports a centralized routing model for Remote Monitoring and
Thubert Expires December 12, 2016 [Page 8]
Internet-Draft 6tisch-architecture June 2016
Schedule Management. It is expected that a routing protocol that is
more optimized for point-to-point routing than RPL, such as the
Reactive Discovery of Point-to-Point Routes in Low-Power and Lossy
Networks [RFC6997](P2P RPL), or the Ad Hoc On-demand Distance Vector
Routing (AODV) [I-D.ietf-manet-aodvv2] will be selected for Hop-by-
hop Scheduling.
The 6TiSCH architecture supports three different forwarding models,
the classical IPv6 Forwarding, where the node selects a feasible
successor at Layer-3 on a per packet basis and based on its routing
table, G-MPLS Track Forwarding, which switches a frame received at a
particular Timeslot into another Timeslot at Layer-2, and 6LoWPAN
Fragment Forwarding, which allows to forward individual 6loWPAN
fragments along the route set by the first fragment.
IPv6 Forwarding: This is the classical IP forwarding model, with a
Routing Information Based (RIB) that is installed by the RPL
routing protocol and used to select a feasible successor per
packet. The packet is placed on an outgoing Link, that the 6top
layer maps into a (Layer-3) bundle of cells, and scheduled for
transmission based on QoS parameters. On top of RPL, this model
also applies to any routing protocol which may be operated in the
6TiSCH network, and corresponds to all the distributed scheduling
models, Static, Neighbor-to-Neighbor and Hop-by-Hop Scheduling.
G-MPLS Track Forwarding: This model corresponds to the Remote
Monitoring and Schedule Management. In this model, A central
controller (hosting a PCE) computes and installs the schedules in
the devices per flow. The incoming (Layer-2) bundle of cells from
the previous node along the path determines the outgoing (Layer-2)
bundle towards the next hop for that flow as determined by the
PCE. The programmed sequence for bundles is called a Track and
can assume shapes that are more complex than a simple direct
sequence of nodes.
6LoWPAN Fragment Forwarding: This is an hybrid model that derives
from IPv6 forwarding for the case where packets must be fragmented
at the 6LoWPAN sublayer. The first fragment is forwarded like any
IPv6 packet and leaves a state in the intermediate hops to enable
forwarding of the next fragments that do not have a IP header
without the need to recompose the packet at every hop.
This can be broadly summarized in the following table:
Thubert Expires December 12, 2016 [Page 9]
Internet-Draft 6tisch-architecture June 2016
+---------------------+------------+-----------------------------------+
| Forwarding Model | Routing | Scheduling |
+=====================+============+===================================+
|G-MPLS Track Fwrding | PCE |Remote Monitoring and Schedule Mgt |
+---------------------+------------+-----------------------------------+
| | | Static (Minimal Configuration) |
+ classical IPv6 + RPL +-----------------------------------+
| / | | Neighbor-to-Neighbor (SF0) |
+ 6LoWPAN Fragment F. +------------+-----------------------------------+
| |Reactive P2P| Hop-by-Hop (TBD) |
+---------------------+------------+-----------------------------------+
Figure 2: Routing, Forwarding and Scheduling
3.5. A Non-Broadcast Multi-Access Radio Mesh Network
A 6TiSCH network is an IPv6 [RFC2460] subnet which, in its basic
configuration, is a single Low Power Lossy Network (LLN) operating
over a synchronized TSCH-based mesh.
Inside a 6TiSCH LLN, nodes rely on 6LoWPAN Header Compression
(6LoWPAN HC) [RFC6282] to encode IPv6 packets. From the perspective
of the network layer, a single LLN interface (typically an
IEEE802.15.4-compliant radio) may be seen as a collection of Links
with different capabilities for unicast or multicast services.
6TiSCH nodes are not necessarily reachable from one another at
Layer-2 and an LLN may span over multiple links. This effectively
forms an homogeneous non-broadcast multi-access (NBMA) subnet, which
is beyond the scope of existing IPv6 ND methods. Extensions to IPv6
ND have to be introduced.
Within that subnet, neighbor devices are discovered with 6LoWPAN
Neighbor Discovery [RFC6775] (6LoWPAN ND), whereas RPL [RFC6550]
enables routing in the so called Route Over fashion, either in
storing (stateful) or non-storing (stateless, with routing headers)
mode.
Thubert Expires December 12, 2016 [Page 10]
Internet-Draft 6tisch-architecture June 2016
---+-------- ............ ------------
| External Network |
| +-----+
+-----+ | NME |
| | LLN Border | |
| | router +-----+
+-----+
o o o
o o o o o
o o 6LoWPAN + RPL o o
o o o o
o o
Figure 3: Basic Configuration of a 6TiSCH Network
6TiSCH nodes join the mesh by attaching to nodes that are already
members of the mesh. Some nodes act as routers for 6LoWPAN ND and
RPL operations, as detailed in Section 4.1. Security aspects of the
join process by which a device obtains access to the network are
discussed in Section 6.
With TSCH, devices are time-synchronized at the MAC level. The use
of a particular RPL Instance for time synchronization is discussed in
Section 4.2.4. With this mechanism, the time synchronization starts
at the RPL root and follows the RPL DODAGs with no timing loop.
RPL forms Destination Oriented Directed Acyclic Graphs (DODAGs)
within Instances of the protocol, each Instance being associated with
an Objective Function (OF) to form a routing topology. A particular
6TiSCH node, the LLN Border Router (LBR), acts as RPL root, 6LoWPAN
HC terminator, and Border Router for the LLN to the outside. The LBR
is usually powered. More on RPL Instances can be found in section
3.1 of RPL [RFC6550], in particular "3.1.2. RPL Identifiers" and
"3.1.3. Instances, DODAGs, and DODAG Versions". RPL adds artifacts
in the data packets that are compressed with a 6LoWPAN addition 6LoRH
[I-D.ietf-roll-routing-dispatch].
Additional routing and scheduling protocols may be deployed to
establish on-demand Peer-to-Peer routes with particular
characteristics inside the 6TiSCH network. This may be achieved in a
centralized fashion by a PCE [PCE] that programs both the routes and
the schedules inside the 6TiSCH nodes, or by in a distributed fashion
using a reactive routing protocol and a Hop-by-Hop scheduling
protocol.
A Backbone Router may be connected to the node that acts as RPL root
and / or 6LoWPAN 6LBR and provides connectivity to the larger campus
/ factory plant network over a high speed backbone or a back-haul
Thubert Expires December 12, 2016 [Page 11]
Internet-Draft 6tisch-architecture June 2016
link. A Backbone Router may perform proxy IPv6 Neighbor Discovery
(ND) [RFC4861] operations over the backbone on behalf of the 6TiSCH
nodes so they can share a same IPv6 subnet and appear to be connected
to the same backbone as classical devices. A Backbone Router may
alternatively redistribute the registration in a routing protocol
such as OSPF [RFC5340] or BGP [RFC2545], or inject them in a mobility
protocol such as MIPv6 [RFC6275], NEMO [RFC3963], or LISP [RFC6830].
This architecture expects that a 6LoWPAN node can connect as a leaf
to a RPL network, where the leaf support is the minimal functionality
to connect as a host to a RPL network without the need to participate
to the full routing protocol. The architecture also expects that a
6LoWPAN node that is not aware at all of the RPL protocol may also
connect as a host but the specifications for this to happen are not
available at the time of this writing.
3.6. A Multi-Link Subnet Model
An extended configuration of the subnet comprises multiple LLNs. The
LLNs are interconnected and synchronized over a backbone, that can be
wired or wireless. The backbone can be a classical IPv6 network,
with Neighbor Discovery operating as defined in [RFC4861] and
[RFC4862]. This architecture requires work to standardize the the
registration of 6LoWPAN nodes to the Backbone Routers.
In the extended configuration, a Backbone Router (6BBR) operates as
described in [I-D.ietf-6lo-backbone-router]. The 6BBR performs ND
proxy operations between the registered devices and the classical ND
devices that are located over the backbone. 6TiSCH 6BBRs synchronize
with one another over the backbone, so as to ensure that the multiple
LLNs that form the IPv6 subnet stay tightly synchronized.
Thubert Expires December 12, 2016 [Page 12]
Internet-Draft 6tisch-architecture June 2016
---+-------- ............ ------------
| External Network |
| +-----+
| +-----+ | NME |
+-----+ | +-----+ | |
| | Router | | PCE | +-----+
| | +--| |
+-----+ +-----+
| |
| Subnet Backbone |
+--------------------+------------------+
| | |
+-----+ +-----+ +-----+
| | Backbone | | Backbone | | Backbone
o | | router | | router | | router
+-----+ +-----+ +-----+
o o o o o
o o o o o o o o o o o
o o o LLN o o o o
o o o o o o o o o o o o
Figure 4: Extended Configuration of a 6TiSCH Network
As detailed in Section 4.1 the 6LoWPAN ND 6LBR and the root of the
RPL network need to be collocated and share information about the
devices that is learned through either protocol but not both. The
combined RPL root and 6LBR may be collocated with the 6BBR, or
directly attached to the 6BBR. In the latter case, it leverages the
extended registration process defined in
[I-D.ietf-6lo-backbone-router] to proxy the 6LoWPAN ND registration
to the 6BBR on behalf of the LLN nodes, so that the 6BBR may in turn
perform proxy classical ND operations over the backbone.
If the Backbone is Deterministic (such as defined by the Time
Sensitive Networking WG at IEEE), then the Backbone Router ensures
that the end-to-end deterministic behavior is maintained between the
LLN and the backbone. The DetNet Architecture
[I-D.finn-detnet-architecture] studies Layer-3 aspects of
Deterministic Networks, and covers networks that span multiple
Layer-2 domains.
3.7. Join Process and Registration
As detailed in Section 4.1 the combined 6LoWPAN ND 6LBR and root of
the RPL network learn information such as the device Unique ID (from
6LoWPAN ND) and the updated Sequence Number (from RPL), and perform
6LoWPAN ND proxy registration to the 6BBR of behalf of the LLN nodes.
Figure 5 illustrates the periodic signaling that starts at the leaf
Thubert Expires December 12, 2016 [Page 13]Internet-Draft Diameter Credit-Control Application May 2018
account but MUST NOT return a new quota in the corresponding answer.
The Validity-Time, Result-Code, and Final-Unit-Indication or QoS-
Final-Unit-Indication AVPs MAY be present in an answer command as
defined in Section 5.1.2 and Section 5.6 for the graceful service
termination.
When both the Tariff-Time-Change and Tariff-Change-Usage AVPs are
present, the server MUST include two separate instances of the
Multiple-Services-Credit-Control AVP with the Granted-Service-Unit
AVP associated to the same service-identifier and/or rating-group.
Where the two quotas are associated to the same pool or to different
pools, the credit pooling mechanism defined in Section 5.1.2 applies.
The Tariff-Change-Usage AVP MUST NOT be included in request commands
to report used units before, and after tariff time change the Used-
Service-Unit AVP MUST be used.
A server not implementing the independent credit-control of multiple
services functionality MUST treat the Multiple-Services-Credit-
Control AVP as an invalid AVP.
The Multiple-Services-Control AVP is defined as follows (per the
grouped-avp-def of [RFC6733]):
Multiple-Services-Credit-Control ::= < AVP Header: 456 >
[ Granted-Service-Unit ]
[ Requested-Service-Unit ]
*[ Used-Service-Unit ]
[ Tariff-Change-Usage ]
*[ Service-Identifier ]
[ Rating-Group ]
*[ G-S-U-Pool-Reference ]
[ Validity-Time ]
[ Result-Code ]
[ Final-Unit-Indication ]
[ QoS-Final-Unit-Indication ]
*[ AVP ]
8.17. Granted-Service-Unit AVP
Granted-Service-Unit AVP (AVP Code 431) is of type Grouped and
contains the amount of units that the Diameter credit-control client
can provide to the end user until the service must be released or the
new Credit-Control-Request must be sent. A client is not required to
implement all the unit types, and it must treat unknown or
unsupported unit types in the answer message as an incorrect CCA
answer. In this case, the client MUST terminate the credit-control
Bertz, et al. Expires November 19, 2018 [Page 67]
Internet-Draft Diameter Credit-Control Application May 2018
session and indicate in the Termination-Cause AVP reason
DIAMETER_BAD_ANSWER.
The Granted-Service-Unit AVP is defined as follows (per the grouped-
avp-def of [RFC6733]):
Granted-Service-Unit ::= < AVP Header: 431 >
[ Tariff-Time-Change ]
[ CC-Time ]
[ CC-Money ]
[ CC-Total-Octets ]
[ CC-Input-Octets ]
[ CC-Output-Octets ]
[ CC-Service-Specific-Units ]
*[ AVP ]
8.18. Requested-Service-Unit AVP
The Requested-Service-Unit AVP (AVP Code 437) is of type Grouped and
contains the amount of requested units specified by the Diameter
credit-control client. A server is not required to implement all the
unit types, and it must treat unknown or unsupported unit types as
invalid AVPs.
The Requested-Service-Unit AVP is defined as follows (per the
grouped-avp-def of [RFC6733]):
Requested-Service-Unit ::= < AVP Header: 437 >
[ CC-Time ]
[ CC-Money ]
[ CC-Total-Octets ]
[ CC-Input-Octets ]
[ CC-Output-Octets ]
[ CC-Service-Specific-Units ]
*[ AVP ]
8.19. Used-Service-Unit AVP
The Used-Service-Unit AVP is of type Grouped (AVP Code 446) and
contains the amount of used units measured from the point when the
service became active or, if interim interrogations are used during
the session, from the point when the previous measurement ended.
Note: The values reported in a Used-Service-Unit AVP does not
necessarily have a relation to the grant provided in a Granted-
Service-Unit AVP, e.g., the value in this AVP may exceed the value in
the grant.
Bertz, et al. Expires November 19, 2018 [Page 68]
Internet-Draft Diameter Credit-Control Application May 2018
The Used-Service-Unit AVP is defined as follows (per the grouped-avp-
def of [RFC6733]):
Used-Service-Unit ::= < AVP Header: 446 >
[ Tariff-Change-Usage ]
[ CC-Time ]
[ CC-Money ]
[ CC-Total-Octets ]
[ CC-Input-Octets ]
[ CC-Output-Octets ]
[ CC-Service-Specific-Units ]
*[ AVP ]
8.20. Tariff-Time-Change AVP
The Tariff-Time-Change AVP (AVP Code 451) is of type Time. It is
sent from the server to the client and includes the time in seconds
since January 1, 1900, 00:00 UTC, when the tariff of the service will
be changed.
The tariff change mechanism is optional for the client and server,
and it is not used for time-based services defined in Section 5. If
a client does not support the tariff time change mechanism, it MUST
treat Tariff-Time-Change AVP in the answer message as an incorrect
CCA answer. In this case, the client terminates the credit-control
session and indicates in the Termination-Cause AVP reason
DIAMETER_BAD_ANSWER.
Omission of this AVP means that no tariff change is to be reported.
8.21. CC-Time AVP
The CC-Time AVP (AVP Code 420) is of type Unsigned32 and indicates
the length of the requested, granted, or used time in seconds.
8.22. CC-Money AVP
The CC-Money AVP (AVP Code 413) is of type Grouped and specifies the
monetary amount in the given currency. The Currency-Code AVP SHOULD
be included. It is defined as follows (per the grouped-avp-def of
[RFC6733]):
CC-Money ::= < AVP Header: 413 >
{ Unit-Value }
[ Currency-Code ]
Bertz, et al. Expires November 19, 2018 [Page 69]
Internet-Draft Diameter Credit-Control Application May 2018
8.23. CC-Total-Octets AVP
The CC-Total-Octets AVP (AVP Code 421) is of type Unsigned64 and
contains the total number of requested, granted, or used octets
regardless of the direction (sent or received).
8.24. CC-Input-Octets AVP
The CC-Input-Octets AVP (AVP Code 412) is of type Unsigned64 and
contains the number of requested, granted, or used octets that can
be/have been received from the end user.
8.25. CC-Output-Octets AVP
The CC-Output-Octets AVP (AVP Code 414) is of type Unsigned64 and
contains the number of requested, granted, or used octets that can
be/have been sent to the end user.
8.26. CC-Service-Specific-Units AVP
The CC-Service-Specific-Units AVP (AVP Code 417) is of type
Unsigned64 and specifies the number of service-specific units (e.g.,
number of events, points) given in a selected service. The service-
specific units always refer to the service identified in the Service-
Identifier AVP (or Rating-Group AVP when the Multiple-Services-
Credit-Control AVP is used).
8.27. Tariff-Change-Usage AVP
The Tariff-Change-Usage AVP (AVP Code 452) is of type Enumerated and
defines whether units are used before or after a tariff change, or
whether the units straddled a tariff change during the reporting
period. Omission of this AVP means that no tariff change has
occurred.
In addition, when present in answer messages as part of the Multiple-
Services-Credit-Control AVP, this AVP defines whether units are
allocated to be used before or after a tariff change event.
When the Tariff-Time-Change AVP is present, omission of this AVP in
answer messages means that the single quota mechanism applies.
Tariff-Change-Usage can be one of the following:
UNIT_BEFORE_TARIFF_CHANGE 0
Bertz, et al. Expires November 19, 2018 [Page 70]
Internet-Draft Diameter Credit-Control Application May 2018
When present in the Multiple-Services-Credit-Control AVP, this value
indicates the amount of the units allocated for use before a tariff
change occurs.
When present in the Used-Service-Unit AVP, this value indicates the
amount of resource units used before a tariff change had occurred.
UNIT_AFTER_TARIFF_CHANGE 1
When present in the Multiple-Services-Credit-Control AVP, this value
indicates the amount of the units allocated for use after a tariff
change occurs.
When present in the Used-Service-Unit AVP, this value indicates the
amount of resource units used after tariff change had occurred.
UNIT_INDETERMINATE 2
The used unit contains the amount of units that straddle the tariff
change (e.g., the metering process reports to the credit-control
client in blocks of n octets, and one block straddled the tariff
change). This value is to be used only in the Used-Service-Unit AVP.
8.28. Service-Identifier AVP
The Service-Identifier AVP is of type Unsigned32 (AVP Code 439) and
contains the identifier of a service. The specific service the
request relates to is uniquely identified by the combination of
Service-Context-Id and Service-Identifier AVPs.
A usage example of this AVP is illustrated in Appendix B.9.
8.29. Rating-Group AVP
The Rating-Group AVP is of type Unsigned32 (AVP Code 432) and
contains the identifier of a rating group. All the services subject
to the same rating type are part of the same rating group. The
specific rating group the request relates to is uniquely identified
by the combination of Service-Context-Id and Rating-Group AVPs.
A usage example of this AVP is illustrated in Appendix B.9.
8.30. G-S-U-Pool-Reference AVP
The G-S-U-Pool-Reference AVP (AVP Code 457) is of type Grouped. It
is used in the Credit-Control-Answer message, and associates the
Granted-Service-Unit AVP within which it appears with a credit pool
within the session.
Bertz, et al. Expires November 19, 2018 [Page 71]
Internet-Draft Diameter Credit-Control Application May 2018
The G-S-U-Pool-Identifier AVP specifies the credit pool from which
credit is drawn for this unit type.
The CC-Unit-Type AVP specifies the type of units for which credit is
pooled.
The Unit-Value AVP specifies the multiplier, which converts between
service units of type CC-Unit-Type and abstract service units within
the credit pool (and thus to service units of any other service or
rating group associated with the same pool).
The G-S-U-Pool-Reference AVP is defined as follows (per the grouped-
avp-def of [RFC6733]):
G-S-U-Pool-Reference ::= < AVP Header: 457 >
{ G-S-U-Pool-Identifier }
{ CC-Unit-Type }
{ Unit-Value }
8.31. G-S-U-Pool-Identifier AVP
The G-S-U-Pool-Identifier AVP (AVP Code 453) is of type Unsigned32
and identifies a credit pool within the session.
8.32. CC-Unit-Type AVP
The CC-Unit-Type AVP (AVP Code 454) is of type Enumerated and
specifies the type of units considered to be pooled into a credit
pool.
The following values are defined for the CC-Unit-Type AVP:
TIME 0
MONEY 1
TOTAL-OCTETS 2
INPUT-OCTETS 3
OUTPUT-OCTETS 4
SERVICE-SPECIFIC-UNITS 5
8.33. Validity-Time AVP
The Validity-Time AVP is of type Unsigned32 (AVP Code 448). It is
sent from the credit-control server to the credit-control client.
The AVP contains the validity time of the granted service units. The
measurement of the Validity-Time is started upon receipt of the
Credit-Control-Answer Message containing this AVP. If the granted
service units have not been consumed within the validity time
Bertz, et al. Expires November 19, 2018 [Page 72]
Internet-Draft Diameter Credit-Control Application May 2018
specified in this AVP, the credit-control client MUST send a Credit-
Control-Request message to the server, with CC-Request-Type set to
UPDATE_REQUEST. The value field of the Validity-Time AVP is given in
seconds.
The Validity-Time AVP is also used for the graceful service
termination (see Section 5.6) to indicate to the credit-control
client how long the subscriber is allowed to use network resources
after the specified action (i.e., REDIRECT or RESTRICT_ACCESS)
started. When the Validity-Time elapses, a new intermediate
interrogation is sent to the server.
8.34. Final-Unit-Indication AVP
The Final-Unit-Indication AVP (AVP Code 430) is of type Grouped and
indicates that the Granted-Service-Unit AVP in the Credit-Control-
Answer, or in the AA answer, contains the final units for the
service. After these units have expired, the Diameter credit-control
client is responsible for executing the action indicated in the
Final-Unit-Action AVP (see Section 5.6).
If more than one unit type is received in the Credit-Control-Answer,
the unit type that first expired SHOULD cause the credit-control
client to execute the specified action.
In the first interrogation, the Final-Unit-Indication AVP with Final-
Unit-Action REDIRECT or RESTRICT_ACCESS can also be present with no
Granted-Service-Unit AVP in the Credit-Control-Answer or in the AA
answer. This indicates to the Diameter credit-control client to
execute the specified action immediately. If the home service
provider policy is to terminate the service, naturally, the server
SHOULD return the appropriate transient failure (see Section 9.1) in
order to implement the policy-defined action.
The Final-Unit-Action AVP defines the behavior of the service element
when the user's account cannot cover the cost of the service and MUST
always be present if the Final-Unit-Indication AVP is included in a
command.
If the Final-Unit-Action AVP is set to TERMINATE, the Final-Unit-
Indication group MUST NOT contain any other AVPs.
If the Final-Unit-Action AVP is set to REDIRECT at least the
Redirect-Server AVP MUST be present. The Restriction-Filter-Rule AVP
or the Filter-Id AVP MAY be present in the Credit-Control-Answer
message if the user is also allowed to access other services that are
not accessible through the address given in the Redirect-Server AVP.
Bertz, et al. Expires November 19, 2018 [Page 73]
Internet-Draft Diameter Credit-Control Application May 2018
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS, either the
Restriction-Filter-Rule AVP or the Filter-Id AVP SHOULD be present.
The Filter-Id AVP is defined in [RFC7155]. The Filter-Id AVP can be
used to reference an IP filter list installed in the access device by
means other than the Diameter credit-control application, e.g.,
locally configured or configured by another entity.
If the Final-Unit-Action AVP is set to REDIRECT and the type of
server is not one of the enumerations in the Redirect-Address-Type
AVP, then the QoS-Final-Unit-Indication AVP SHOULD be used together
with the Redirect-Server-Extension AVP instead of the Final-Unit-
Indication AVP.
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS or REDIRECT
and the classification of the restricted traffic cannot be expressed
using IPFilterRule, or different actions (e.g., QoS) than just
allowing traffic needs to be enforced, then the QoS-Final-Unit-
Indication AVP SHOULD be used instead of the Final-Unit-Indication
AVP. However, if the credit-control server wants to preserve
backward compatibility with credit-control clients that support only
[RFC4006], the Final-Unit-Indication AVP SHOULD be used together with
the Filter-Id AVP.
The Final-Unit-Indication AVP is defined as follows (per the grouped-
avp-def of [RFC6733]):
Final-Unit-Indication ::= < AVP Header: 430 >
{ Final-Unit-Action }
*[ Restriction-Filter-Rule ]
*[ Filter-Id ]
[ Redirect-Server ]
8.35. Final-Unit-Action AVP
The Final-Unit-Action AVP (AVP Code 449) is of type Enumerated and
indicates to the credit-control client the action to be taken when
the user's account cannot cover the service cost.
The Final-Unit-Action can be one of the following:
TERMINATE 0
The credit-control client MUST terminate the service session. This
is the default handling, applicable whenever the credit-control
client receives an unsupported Final-Unit-Action value, and it MUST
Bertz, et al. Expires November 19, 2018 [Page 74]
Internet-Draft Diameter Credit-Control Application May 2018
be supported by all the Diameter credit-control client
implementations conforming to this specification.
REDIRECT 1
The service element MUST redirect the user to the address specified
in the Redirect-Server-Address AVP or one of the AVPs included in the
Redirect-Server-Extension AVP. The redirect action is defined in
Section 5.6.2.
RESTRICT_ACCESS 2
The access device MUST restrict the user access according to the
filter AVPs contained in the applied grouped AVP: according to IP
packet filters defined in the Restriction-Filter-Rule AVP, according
to the packet classifier filters defined in Filter-Rule AVP, or
according to the packet filters identified by the Filter-Id AVP. All
the packets not matching any filters MUST be dropped (see
Section 5.6.3).
8.36. Restriction-Filter-Rule AVP
The Restriction-Filter-Rule AVP (AVP Code 438) is of type
IPFilterRule and provides filter rules corresponding to services that
are to remain accessible even if there are no more service units
granted. The access device has to configure the specified filter
rules for the subscriber and MUST drop all the packets not matching
these filters. Zero, one, or more such AVPs MAY be present in a
Credit-Control-Answer message or in an AA answer message.
8.37. Redirect-Server AVP
The Redirect-Server AVP (AVP Code 434) is of type Grouped and
contains the address information of the redirect server (e.g., HTTP
redirect server, SIP Server) with which the end user is to be
connected when the account cannot cover the service cost. It MUST be
present when the Final-Unit-Action AVP is set to REDIRECT.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Redirect-Server ::= < AVP Header: 434 >
{ Redirect-Address-Type }
{ Redirect-Server-Address }
Bertz, et al. Expires November 19, 2018 [Page 75]
Internet-Draft Diameter Credit-Control Application May 2018
8.38. Redirect-Address-Type AVP
The Redirect-Address-Type AVP (AVP Code 433) is of type Enumerated
and defines the address type of the address given in the Redirect-
Server-Address AVP.
The address type can be one of the following:
IPv4 Address 0
The address type is in the form of "dotted-decimal" IPv4 address, as
defined in [RFC0791].
IPv6 Address 1
The address type is in the form of IPv6 address, as defined in
[RFC4291]. The address MUST conform to the text representation of
the address according to [RFC5952].
URL 2
The address type is in the form of Uniform Resource Locator, as
defined in [RFC3986].
SIP URI 3
The address type is in the form of SIP Uniform Resource Identifier,
as defined in [RFC3261].
8.39. Redirect-Server-Address AVP
The Redirect-Server-Address AVP (AVP Code 435) is of type UTF8String
and defines the address of the redirect server (e.g., HTTP redirect
server, SIP Server) with which the end user is to be connected when
the account cannot cover the service cost.
8.40. Multiple-Services-Indicator AVP
The Multiple-Services-Indicator AVP (AVP Code 455) is of type
Enumerated and indicates whether the Diameter credit-control client
is capable of handling multiple services independently within a
(sub-) session. The absence of this AVP means that independent
credit-control of multiple services is not supported.
A server not implementing the independent credit-control of multiple
services MUST treat the Multiple-Services-Indicator AVP as an invalid
AVP.
Bertz, et al. Expires November 19, 2018 [Page 76]
Internet-Draft Diameter Credit-Control Application May 2018
The following values are defined for the Multiple-Services-Indicator
AVP:
MULTIPLE_SERVICES_NOT_SUPPORTED 0
Client does not support independent credit-control of multiple
services within a (sub-)session.
MULTIPLE_SERVICES_SUPPORTED 1
Client supports independent credit-control of multiple services
within a (sub-)session.
8.41. Requested-Action AVP
The Requested-Action AVP (AVP Code 436) is of type Enumerated and
contains the requested action being sent by Credit-Control-Request
command where the CC-Request-Type is set to EVENT_REQUEST. The
following values are defined for the Requested-Action AVP:
DIRECT_DEBITING 0
This indicates a request to decrease the end user's account according
to information specified in the Requested-Service-Unit AVP and/or
Service-Identifier AVP (additional rating information may be included
in service-specific AVPs or in the Service-Parameter-Info AVP). The
Granted-Service-Unit AVP in the Credit-Control-Answer command
contains the debited units.
REFUND_ACCOUNT 1
This indicates a request to increase the end user's account according
to information specified in the Requested-Service-Unit AVP and/or
Service-Identifier AVP (additional rating information may be included
in service-specific AVPs or in the Service-Parameter-Info AVP). The
Granted-Service-Unit AVP in the Credit-Control-Answer command
contains the refunded units.
CHECK_BALANCE 2
This indicates a balance check request. In this case, the checking
of the account balance is done without any credit reservation from
the account. The Check-Balance-Result AVP in the Credit-Control-
Answer command contains the result of the balance check.
PRICE_ENQUIRY 3
Bertz, et al. Expires November 19, 2018 [Page 77]
Internet-Draft Diameter Credit-Control Application May 2018
This indicates a price enquiry request. In this case, neither
checking of the account balance nor reservation from the account will
be done; only the price of the service will be returned in the Cost-
Information AVP in the Credit-Control-Answer Command.
8.42. Service-Context-Id AVP
The Service-Context-Id AVP is of type UTF8String (AVP Code 461) and
contains a unique identifier of the Diameter credit-control service
specific document that applies to the request (as defined in
Section 4.1.2). This is an identifier allocated by the service
provider, by the service element manufacturer, or by a
standardization body, and MUST uniquely identify a given Diameter
credit-control service specific document. The format of the Service-
Context-Id is:
"service-context" "@" "domain"
service-context = Token
The Token is an arbitrary string of characters and digits.
'domain' represents the entity that allocated the Service-Context-Id.
It can be ietf.org, 3gpp.org, etc., if the identifier is allocated by
a standardization body, or it can be the FQDN of the service provider
(e.g., provider.example.com) or of the vendor (e.g.,
vendor.example.com) if the identifier is allocated by a private
entity.
This AVP SHOULD be placed as close to the Diameter header as
possible.
Service-specific documents that are for private use only (i.e., to
one provider's own use, where no interoperability is deemed useful)
may define private identifiers without need of coordination.
However, when interoperability is wanted, coordination of the
identifiers via, for example, publication of an informational RFC is
RECOMMENDED in order to make Service-Context-Id globally available.
8.43. Service-Parameter-Info AVP
The Service-Parameter-Info AVP (AVP Code 440) is of type Grouped and
contains service-specific information used for price calculation or
rating. The Service-Parameter-Type AVP defines the service parameter
type, and the Service-Parameter-Value AVP contains the parameter
value. The actual contents of these AVPs are not within the scope of
this document and SHOULD be defined in another Diameter application,
Bertz, et al. Expires November 19, 2018 [Page 78]
Internet-Draft Diameter Credit-Control Application May 2018
in standards written by other standardization bodies, or in service-
specific documentation.
In the case of an unknown service request (e.g., unknown Service-
Parameter-Type), the corresponding answer message MUST contain the
error code DIAMETER_RATING_FAILED. A Credit-Control-Answer message
with this error MUST contain one or more Failed-AVP AVPs containing
the Service-Parameter-Info AVPs that caused the failure.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Service-Parameter-Info ::= < AVP Header: 440 >
{ Service-Parameter-Type }
{ Service-Parameter-Value }
8.44. Service-Parameter-Type AVP
The Service-Parameter-Type AVP is of type Unsigned32 (AVP Code 441)
and defines the type of the service event specific parameter (e.g.,
it can be the end-user location or service name). The different
parameters and their types are service specific, and the meanings of
these parameters are not defined in this document. Whoever allocates
the Service-Context-Id (i.e., unique identifier of a service-specific
document) is also responsible for assigning Service-Parameter-Type
values for the service and ensuring their uniqueness within the given
service. The Service-Parameter-Value AVP contains the value
associated with the service parameter type.
8.45. Service-Parameter-Value AVP
The Service-Parameter-Value AVP is of type OctetString (AVP Code 442)
and contains the value of the service parameter type.
8.46. Subscription-Id AVP
The Subscription-Id AVP (AVP Code 443) is used to identify the end
user's subscription and is of type Grouped. The Subscription-Id AVP
includes a Subscription-Id-Data AVP that holds the identifier and a
Subscription-Id-Type AVP that defines the identifier type.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Subscription-Id ::= < AVP Header: 443 >
{ Subscription-Id-Type }
{ Subscription-Id-Data }
Bertz, et al. Expires November 19, 2018 [Page 79]
Internet-Draft Diameter Credit-Control Application May 2018
8.47. Subscription-Id-Type AVP
The Subscription-Id-Type AVP (AVP Code 450) is of type Enumerated,
and it is used to determine which type of identifier is carried by
the Subscription-Id AVP.
This specification defines the following subscription identifiers.
However, new Subscription-Id-Type values can be assigned by an IANA
designated expert, as defined in Section 12. A server MUST implement
all the Subscription-Id-Types required to perform credit
authorization for the services it supports, including possible future
values. Unknown or unsupported Subscription-Id-Types MUST be treated
according to the 'M' flag rule, as defined in [RFC6733].
END_USER_E164 0
The identifier is in international E.164 format (e.g., MSISDN),
according to the ITU-T E.164 numbering plan defined in [E164] and
[CE164].
END_USER_IMSI 1
The identifier is in international IMSI format, according to the
ITU-T E.212 numbering plan as defined in [E212] and [CE212].
END_USER_SIP_URI 2
The identifier is in the form of a SIP URI, as defined in [RFC3261].
END_USER_NAI 3
The identifier is in the form of a Network Access Identifier, as
defined in [RFC7542].
END_USER_PRIVATE 4
The Identifier is a credit-control server private identifier.
8.48. Subscription-Id-Data AVP
The Subscription-Id-Data AVP (AVP Code 444) is used to identify the
end user and is of type UTF8String. The Subscription-Id-Type AVP
defines which type of identifier is used.
Bertz, et al. Expires November 19, 2018 [Page 80]
Internet-Draft Diameter Credit-Control Application May 2018
8.49. User-Equipment-Info AVP
The User-Equipment-Info AVP (AVP Code 458) is of type Grouped and
allows the credit-control client to indicate the identity and
capability of the terminal the subscriber is using for the connection
to network.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
User-Equipment-Info ::= < AVP Header: 458 >
{ User-Equipment-Info-Type }
{ User-Equipment-Info-Value }
8.50. User-Equipment-Info-Type AVP
The User-Equipment-Info-Type AVP is of type Enumerated (AVP Code 459)
and defines the type of user equipment information contained in the
User-Equipment-Info-Value AVP.
This specification defines the following user equipment types.
However, new User-Equipment-Info-Type values can be assigned by an
IANA designated expert, as defined in Section 12.
IMEISV 0
The identifier contains the International Mobile Equipment Identifier
and Software Version in the international IMEISV format according to
3GPP TS 23.003 [TGPPIMEI].
MAC 1
The 48-bit MAC address is formatted as described in [RFC3580].
EUI64 2
The 64-bit identifier used to identify the hardware instance of the
product, as defined in [EUI64].
MODIFIED_EUI64 3
There are a number of types of terminals that have identifiers other
than IMEI, IEEE 802 MACs, or EUI-64. These identifiers can be
converted to modified EUI-64 format as described in [RFC4291] or by
using some other methods referred to in the service-specific
documentation.
Bertz, et al. Expires November 19, 2018 [Page 81]
Internet-Draft Diameter Credit-Control Application May 2018
8.51. User-Equipment-Info-Value AVP
The User-Equipment-Info-Value AVP (AVP Code 460) is of type
OctetString. The User-Equipment-Info-Type AVP defines which type of
identifier is used.
8.52. User-Equipment-Info-Extension AVP
The User-Equipment-Info-Extension AVP (AVP Code TBD1) is of type
Grouped and allows the credit-control client to indicate the identity
and capability of the terminal the subscriber is using for the
connection to network. If the type of the equipment is one of the
enumerated types of User-Equipment-Info-Type AVP, then the credit-
control client SHOULD send the information in the User-Equipment-Info
AVP, in addition to or instead of the User-Equipment-Info-Extension
AVP. This is in order to preserve backward compatibility with
credit-control servers that support only [RFC4006]. Exactly one AVP
MUST be included inside the User-Equipment-Info-Extension AVP.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
User-Equipment-Info-Extension ::= < AVP Header: TBD1 >
[ User-Equipment-Info-IMEISV ]
[ User-Equipment-Info-MAC ]
[ User-Equipment-Info-EUI64 ]
[ User-Equipment-Info-ModifiedEUI64 ]
[ User-Equipment-Info-IMEI ]
[ AVP ]
8.53. User-Equipment-Info-IMEISV AVP
The User-Equipment-Info-IMEISV (AVP Code TBD2) is of type
OctetString. The User-Equipment-Info-IMEISV AVP contains the
International Mobile Equipment Identifier and Software Version in the
international IMEISV format according to 3GPP TS 23.003 [TGPPIMEI].
8.54. User-Equipment-Info-MAC AVP
The User-Equipment-Info-MAC (AVP Code TBD3) is of type OctetString.
The User-Equipment-Info-MAC AVP contains the 48-bit MAC address is
formatted as described in [RFC3580].
8.55. User-Equipment-Info-EUI64 AVP
The User-Equipment-Info-EUI64 (AVP Code TBD4) is of type OctetString.
The UUser-Equipment-Info-EUI64 AVP contains the 64-bit identifier
Bertz, et al. Expires November 19, 2018 [Page 82]
Internet-Draft Diameter Credit-Control Application May 2018
used to identify the hardware instance of the product, as defined in
[EUI64].
8.56. User-Equipment-Info-ModifiedEUI64 AVP
The User-Equipment-Info-ModifiedEUI64 (AVP Code TBD5) is of type
OctetString. There are a number of types of terminals that have
identifiers other than IMEI, IEEE 802 MACs, or EUI-64. These
identifiers can be converted to modified EUI-64 format as described
in [RFC4291] or by using some other methods referred to in the
service-specific documentation. The User-Equipment-Info-
ModifiedEUI64 AVP contains such identifiers.
8.57. User-Equipment-Info-IMEI AVP
The User-Equipment-Info-IMEI (AVP Code TBD6) is of type OctetString.
The User-Equipment-Info-IMEI AVP contains the International Mobile
Equipment Identifier in the international IMEI format according to
3GPP TS 23.003 [TGPPIMEI].
8.58. Subscription-Id-Extension AVP
The Subscription-Id-Extension AVP (AVP Code TBD7) is used to identify
the end user's subscription and is of type Grouped. The
Subscription-Id-Extension group AVP MUST include an AVP holding the
subscription identifier. The type of this included AVP indicates the
type of the subscription identifier. For each of the enumerated
values of the Subscription-Id-Type AVP, there is a corresponding sub-
AVP for use within the Subscription-Id-Extension group AVP. If a new
identifier type is required a corresponding new sub-AVP SHOULD be
defined for use within the Subscription-Id-Extension group AVP.
If full backward compatibility with [RFC4006] is required, then the
Subscription-Id AVP MUST be used to indicate identifier types
enumerated in the Subscription-Id-Type AVP, whereas the Subscription-
Id-Extension AVP MUST be used only for newly defined identifier
types. If full backward compatibility with [RFC4006] is not
required, then the Subscription-Id-Extension AVP MAY be used to carry
out the existing identifier types. In this case, Subscription-Id-
Extension AVP MAY be sent together with Subscription-Id AVP.
Exactly one sub-AVP MUST be included inside the Subscription-Id-
Extension AVP.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Bertz, et al. Expires November 19, 2018 [Page 83]
Internet-Draft Diameter Credit-Control Application May 2018
Subscription-Id-Extension ::= < AVP Header: TBD7 >
[ Subscription-Id-E164 ]
[ Subscription-Id-IMSI ]
[ Subscription-Id-SIP-URI ]
[ Subscription-Id-NAI ]
[ Subscription-Id-Private ]
[ AVP ]
8.59. Subscription-Id-E164 AVP
The Subscription-Id-E164 (AVP Code TBD8) is of type UTF8String. The
Subscription-Id-E164 AVP contains the international E.164 format
(e.g., MSISDN), according to the ITU-T E.164 numbering plan defined
in [E164] and [CE164].
8.60. Subscription-Id-IMSI AVP
The Subscription-Id-IMSI (AVP Code TBD9) is of type UTF8String. The
Subscription-Id-IMSI AVP contains the international IMSI format,
according to the ITU-T E.212 numbering plan as defined in [E212] and
[CE212].
8.61. Subscription-Id-SIP-URI AVP
The Subscription-Id-SIP-URI (AVP Code TBD10) is of type UTF8String.
The Subscription-Id-SIP-URI AVP contains the identifier in the form
of a SIP URI, as defined in [RFC3261].
8.62. Subscription-Id-NAI AVP
The Subscription-Id-NAI (AVP Code TBD11) is of type UTF8String. The
Subscription-Id-NAI AVP contains the identifier in the form of a
Network Access Identifier, as defined in [RFC7542].
8.63. Subscription-Id-Private AVP
The Subscription-Id-Private (AVP Code TBD12) is of type UTF8String.
The Subscription-Id-Private AVP contains a credit-control server
private identifier.
8.64. Redirect-Server-Extension AVP
The Redirect-Server-Extension AVP (AVP Code TBD13) is of type Grouped
and contains the address information of the redirect server (e.g.,
HTTP redirect server, SIP Server) with which the end user is to be
connected when the account cannot cover the service cost. It MUST be
present inside the QoS-Final-Unit-Indication AVP when the Final-Unit-
Bertz, et al. Expires November 19, 2018 [Page 84]
Internet-Draft Diameter Credit-Control Application May 2018
Action AVP is set to REDIRECT. If the type of the redirect server is
one of the enumerated values of the Redirect-Address-Type AVP, then
the credit-control server SHOULD send the information in the
Redirect-Server AVP, in addition to or instead of the Redirect-
Server-Extension AVP. This is in order to preserve backward
compatibility with credit-control clients that support only
[RFC4006]. Exactly one AVP MUST be included inside the Redirect-
Server-Extension AVP.
It is defined as follows (per the grouped-avp-def of [RFC6733]):
Redirect-Server-Extension ::= < AVP Header: TBD13 >
[ Redirect-Address-IPAddress ]
[ Redirect-Address-URL ]
[ Redirect-Address-SIP-URI ]
[ AVP ]
8.65. Redirect-Address-IPAddress AVP
The Redirect-Address-IPAddress AVP (AVP Code TBD14) is of type
Address and defines the IPv4 or IPv6 address of the redirect server
with which the end user is to be connected when the account cannot
cover the service cost.
When encoded as an IPv6 address in 16 bytes, the IPv4-mapped IPv6
format [RFC4291] MAY be used to indicate an IPv4 address.
8.66. Redirect-Address-URL AVP
The Redirect-Address-URL AVP (AVP Code TBD15) is of type UTF8String
and defines the address of the redirect server with which the end
user is to be connected when the account cannot cover the service
cost. The address type is in the form of Uniform Resource Locator,
as defined in [RFC3986].
8.67. Redirect-Address-SIP-URI AVP
The Redirect-Address-SIP-URI AVP (AVP Code TBD16) is of type
UTF8String and defines the address of the redirect server with which
the end user is to be connected when the account cannot cover the
service cost. The address type is in the form of SIP Uniform
Resource Identifier, as defined in [RFC3261].
Bertz, et al. Expires November 19, 2018 [Page 85]
Internet-Draft Diameter Credit-Control Application May 2018
8.68. QoS-Final-Unit-Indication AVP
The QoS-Final-Unit-Indication AVP (AVP Code TBD17) is of type Grouped
and indicates that the Granted-Service-Unit AVP in the Credit-
Control-Answer, or in the AA answer, contains the final units for the
service. After these units have expired, the Diameter credit-control
client is responsible for executing the action indicated in the
Final-Unit-Action AVP (see Section 5.6).
If more than one unit type is received in the Credit-Control-Answer,
the unit type that first expired SHOULD cause the credit-control
client to execute the specified action.
In the first interrogation, the QoS-Final-Unit-Indication AVP with
Final-Unit-Action REDIRECT or RESTRICT_ACCESS can also be present
with no Granted-Service-Unit AVP in the Credit-Control-Answer or in
the AA answer. This indicates to the Diameter credit-control client
to execute the specified action immediately. If the home service
provider policy is to terminate the service, naturally, the server
SHOULD return the appropriate transient failure (see Section 9.1) in
order to implement the policy-defined action.
The Final-Unit-Action AVP defines the behavior of the service element
when the user's account cannot cover the cost of the service and MUST
always be present if the QoS-Final-Unit-Indication AVP is included in
a command.
If the Final-Unit-Action AVP is set to TERMINATE, the QoS-Final-Unit-
Indication group MUST NOT contain any other AVPs.
If the Final-Unit-Action AVP is set to REDIRECT at least the
Redirect-Server-Extension AVP MUST be present. The Filter-Rule AVP
or the Filter-Id AVP MAY be present in the Credit-Control-Answer
message if the user is also allowed to access other services that are
not accessible through the address given in the Redirect-Server-
Extension AVP or if the access to these services needs to be limited
in some way (e.g., QoS).
If the Final-Unit-Action AVP is set to RESTRICT_ACCESS, either the
Filter-Rule AVP or the Filter-Id AVP SHOULD be present.
The Filter-Rule AVP is defined in [RFC5777]. The Filter-Rule AVP can
be used to define a specific condition and action combination. If
used only with traffic conditions, it should define which traffic
should allowed when no more service units are granted. However, if
QoS or treatment information exists in the AVP, these actions should
be executed, e.g., limiting the allowed traffic with certain QoS.
Bertz, et al. Expires November 19, 2018 [Page 86]
Internet-Draft Diameter Credit-Control Application May 2018
When multiple Filter-Rule AVPs exist, precedence should be determined
as defined in [RFC5777].
The Filter-Id AVP is defined in [RFC7155]. The Filter-Id AVP can be
used to reference an IP filter list installed in the access device by
means other than the Diameter credit-control application, e.g.,
locally configured or configured by another entity.
If the Final-Unit-Action AVP is set to TERMINATE, or set to
RESTRICT_ACCESS and the action required is allow only traffic that
could be classified using an IPFilterRule, or set to REDIRECT of a
type which is one of the types in the Redirect-Address-Type AVP, then
the credit-control server SHOULD send the information in the Final-
Unit-Indication AVP, in addition to or instead of the QoS-Final-Unit-
Indication AVP. This is in order to preserve backward compatibility
with credit-control clients that support only [RFC4006].
The QoS-Final-Unit-Indication AVP is defined as follows (per the
grouped-avp-def of [RFC6733]):
QoS-Final-Unit-Indication ::= < AVP Header: TBD17 >
{ Final-Unit-Action }
*[ Filter-Rule ]
*[ Filter-Id ]
[ Redirect-Server-Extension ]
*[ AVP ]
9. Result Code AVP Values
This section defines new Result-Code AVP [RFC6733] values that must
be supported by all Diameter implementations that conform to this
specification.
The Credit-Control-Answer message includes the Result-Code AVP, which
may indicate that an error was present in the Credit-Control-Request
message. A rejected Credit-Control-Request message SHOULD cause the
user's session to be terminated.
9.1. Transient Failures
Errors that fall within the transient failures category are used to
inform a peer that the request could not be satisfied at the time it
was received, but that the request MAY be able to be satisfied in the
future.
DIAMETER_END_USER_SERVICE_DENIED 4010
Bertz, et al. Expires November 19, 2018 [Page 87]
Internet-Draft Diameter Credit-Control Application May 2018
Internet-Draft 6tisch-architecture June 2016
node with 6LoWPAN ND, is then carried over RPL to the RPL root, and
then to the 6BBR. Efficient ND being an adaptation of 6LoWPAN ND, it
makes sense to keep those two homogeneous in the way they use the
source and the target addresses in the Neighbor Solicitation (NS)
messages for registration, as well as in the options that they use
for that process.
6LoWPAN Node 6LR 6LBR 6BBR
(RPL leaf) (router) (root)
| | | |
| 6LoWPAN ND |6LoWPAN ND+RPL | Efficient ND | IPv6 ND
| LLN link |Route-Over mesh| IPv6 link | Backbone
| | | |
| NS(ARO) | | |
|-------------->| | |
| 6LoWPAN ND | DAR (then DAO)| |
| |-------------->| |
| | | NS(ARO) |
| | |-------------->|
| | | | DAD
| | | |------>
| | | |
| | | NA(ARO) |
| | |<--------------|
| | DAC | |
| |<--------------| |
| NA(ARO) | | |
|<--------------| | |
Figure 5: (Re-)Registration Flow over Multi-Link Subnet
As the network builds up, a node should start as a leaf to join the
RPL network, and may later turn into both a RPL-capable router and a
6LR, so as to accept leaf nodes to recursively join the network.
3.8. Dependencies on Work In Progress
In order to control the complexity and the size of the 6TiSCH work,
the architecture and the associated IETF work are staged and the WG
is expected to recharter multiple times. This document is
incremented as the work progresses following the evolution of the WG
charter and the availability of dependent work. The intent is to
publish when the WG concludes.
At the time of this writing:
Thubert Expires December 12, 2016 [Page 14]
Internet-Draft 6tisch-architecture June 2016
o The architecture of the operation of RPL over a dynamic schedule
is being studied at 6TISCH as the second iteration of the charter.
o The need of a reactive routing protocol to establish on-demand
constraint-optimized routes and a reservation protocol to
establish Layer-3 Tracks is being discussed at 6TiSCH but not
chartered for.
o the components and protocols that are required to implement this
stage of architecture are not fully available from the IETF. In
particular, the requirements on an evolution of 6LoWPAN Neighbor
Discovery that are needed to implement the Backbone Router as
covered by this stage of the architecture are detailed in
[I-D.thubert-6lo-rfc6775-update-reqs], and a number of those
requirements are fulfilled in [I-D.ietf-6lo-backbone-router].
o The work on centralized Track computation is deferred to a
subsequent iteration of the 6TiSCH charter. The idea at the time
of this writing is that 6TiSCH will apply the concepts of
Deterministic Networking on a Layer-3 network. The 6TiSCH
Architecture should thus inherit from the DetNet
[I-D.finn-detnet-architecture] architecture and thus depends on
it. The Path Computation Element (PCE) should be a core component
of that architecture. Around the PCE, a protocol such as an
extension to a TEAS [TEAS] protocol will be required to expose the
6TiSCH node capabilities and the network peers to the PCE, and a
protocol such as a lightweight PCEP or an adaptation of CCAMP
[CCAMP] G-MPLS formats and procedures will be used to publish the
Tracks, as computed by the PCE, to the 6TiSCH nodes.
o The security model and in particular the join process are being
discussed at 6lo and 6TiSCH. PANA is presented in Section 3.1 as
a candidate of choice for the join process but alternatives are
discussed. Work resulting from [ACE] could be considered as well.
Related contributions are presented in Appendix A.
o The current charter positions 6TiSCH on IEEE802.15.4 only. Though
most of the design should be portable on other link types, 6TiSCH
has a strong dependency on IEEE802.15.4 and its evolution. At the
time of this writing, a revision of the IEEE802.15.4 standard is
expected early 2016. That revision should integrate TSCH as well
as other amendments and fixes into the main specification. The
impact on this Architecture should be minimal to non-existent, but
deeper work such as 6top and security may be impacted. A 6TiSCH
Interest Group was formed at IEEE to maintain the synchronization
and help foster work at the IEEE should 6TiSCH demand it.
Thubert Expires December 12, 2016 [Page 15]
Internet-Draft 6tisch-architecture June 2016
o Work is being proposed at IEEE (802.15.12 PAR) for an LLC that
would logically include the 6top sublayer. The interaction with
the 6top sublayer and the Scheduling Functions described in this
document are yet to be defined.
o ISA100 [ISA100] Common Network Management (CNM) is another
external work of interest for 6TiSCH. The group, referred to as
ISA100.20, defines a Common Network Management framework that
should enable the management of resources that are controlled by
heterogeneous protocols such as ISA100.11a [ISA100.11a],
WirelessHART [WirelessHART], and 6TiSCH. Interestingly, the
establishment of 6TiSCH Deterministic paths, called Tracks, are
also in scope, and ISA100.20 is working on requirements for
DetNet.
4. Deeper Dive
4.1. 6LoWPAN (and RPL)
4.1.1. RPL Leaf Support in 6LoWPAN ND
RPL needs a set of information in order to advertise a leaf node
through a DAO message and establish reachability.
At the bare minimum the leaf device must provide a sequence number
that matches the RPL specification in section 7. Section 5.3 of
[I-D.ietf-6lo-backbone-router], on the Extended Address Registration
Option (EARO), already incorporates that addition with a new field in
the option called the Transaction ID.
If for some reason the node is aware of RPL topologies, then
providing the RPL InstanceID for the instances to which the node
wishes to participate would be a welcome addition. In the absence of
such information, the RPL router must infer the proper instanceID
from external rules and policies.
On the backbone, the InstanceID is expected to be mapped onto a an
overlay that matches the instanceID, for instance a VLANID.
This architecture leverages [I-D.ietf-6lo-backbone-router] that
extends 6LoWPAN ND [RFC6775] to carry the counter as an abstract
Transaction ID (TID).
4.1.2. RPL Root And 6LBR
6LoWPAN ND is unclear on how the 6LBR is discovered, and how the
liveliness of the 6LBR is asserted over time. On the other hand, the
discovery and liveliness of the RPL root are obtained through the RPL
Thubert Expires December 12, 2016 [Page 16]
Internet-Draft 6tisch-architecture June 2016
protocol. This architecture suggests to collocate these functions by
default, in which case the discovery of the 6LBR is automatic for RPL
leaves.
When 6LoWPAN ND is coupled with RPL, the 6LBR and RPL root
functionalities are co-located in order that the address of the 6LBR
be indicated by RPL DIO messages and to associate the unique ID from
the DAR/DAC exchange with the state that is maintained by RPL. The
DAR/DAC exchange becomes a preamble to the DAO messages that are used
from then on to reconfirm the registration, thus eliminating a
duplication of functionality between DAO and DAR messages.
Even though the root of the RPL network is integrated with the 6LBR,
it is logically separated from the Backbone Router (6BBR) that is
used to connect the 6TiSCH LLN to the backbone. This way, the root
has all information from 6LoWPAN ND and RPL about the LLN devices
attached to it.
This architecture also expects that the root of the RPL network
(proxy-)registers the 6TiSCH nodes on their behalf to the 6BBR, for
whatever operation the 6BBR performs on the backbone, such as ND
proxy, or redistribution in a routing protocol. This relies on an
extension of the 6LoWPAN ND registration described in
[I-D.ietf-6lo-backbone-router].
This model supports the movement of a 6TiSCH device across the Multi-
Link Subnet, and allows the proxy registration of 6TiSCH nodes deep
into the 6TiSCH LLN by the 6LBR / RPL root. This requires an
alteration from [RFC6775] whereby the Target Address of the NS
message is registered as opposed to the Source, which, in the case of
a proxy registration, is that of the 6LBR / RPL root itself.
4.2. TSCH and 6top
4.2.1. 6top
6top is a logical link control sitting between the IP layer and the
TSCH MAC layer, which provides the link abstraction that is required
for IP operations. The 6top operations are specified in
[I-D.ietf-6tisch-6top-protocol]. In particular, 6top provides a
management interface that enables an external management entity to
schedule cells and slotFrames, and allows the addition of
complementary functionality, for instance to support a dynamic
schedule management based on observed resource usage as discussed in
Section 4.4.2.
The 6top data model and management interfaces are further discussed
in Section 4.4.3.
Thubert Expires December 12, 2016 [Page 17]
Internet-Draft 6tisch-architecture June 2016
4.2.1.1. Hard Cells
The architecture defines "soft" cells and "hard" cells. "Hard" cells
are owned and managed by an separate scheduling entity (e.g. a PCE)
that specifies the slotOffset/channelOffset of the cells to be
added/moved/deleted, in which case 6top can only act as instructed,
and may not move hard cells in the TSCH schedule on its own.
4.2.1.2. Soft Cells
6top contains a monitoring process which monitors the performance of
cells, and can move a cell in the TSCH schedule when it performs
poorly. This is only applicable to cells which are marked as "soft".
To reserve a soft cell, the higher layer does not indicate the exact
slotOffset/channelOffset of the cell to add, but rather the resulting
bandwidth and QoS requirements. When the monitoring process triggers
a cell reallocation, the two neighbor devices communicating over this
cell negotiate its new position in the TSCH schedule.
4.2.2. Scheduling Functions and the 6P protocol
In the case of soft cells, the cell management entity that controls
the dynamic attribution of cells to adapt to the dynamics of variable
rate flows is called a Scheduling Function (SF). There may be
multiple SFs with more or less aggressive reaction to the dynamics of
the network. The 6TiSCH 6top Scheduling Function Zero (SF0)
[I-D.ietf-6tisch-6top-sf0] provides a simple scheduling function that
can be used by default by devices that support dynamic scheduling of
soft cells.
The SF may be seen as divided between an upper bandwidth adaptation
logic that is not aware of the particular technology that is used to
obtain and release bandwidth, and an underlying service that maps
those needs in the actual technology, which means mapping the
bandwidth onto cells in the case of TSCH.
Thubert Expires December 12, 2016 [Page 18]
Internet-Draft 6tisch-architecture June 2016
+------------------------+ +------------------------+
| Scheduling Function | | Scheduling Function |
| Bandwidth adaptation | | Bandwidth adaptation |
+------------------------+ +------------------------+
| Scheduling Function | | Scheduling Function |
| TSCH mapping to cells | | TSCH mapping to cells |
+------------------------+ +------------------------+
| 6top cells negotiation | <- 6P -> | 6top cells negotiation |
+------------------------+ +------------------------+
Device A Device B
Figure 6: SF/6P stack in 6top
The SF relies on 6top services that implement the 6top Protocol (6P)
[I-D.ietf-6tisch-6top-protocol] to negotiate the precise cells that
will be allocated or freed based on the schedule of the peer. It may
be for instance that a peer wants to use a particular time slot that
is free in its schedule, but that timeslot is already in use by the
other peer for a communication with a third party on a different
cell. The 6P protocol enables the peers to find an agreement in a
transactional manner that ensures the final consistency of the nodes
state.
4.2.3. 6top and RPL Objective Function operations
An implementation of a RPL [RFC6550] Objective Function (OF), such as
the RPL Objective Function Zero (OF0) [RFC6552] that is used in the
Minimal 6TiSCH Configuration [I-D.ietf-6tisch-minimal] to support RPL
over a static schedule, may leverage, for its internal computation,
the information maintained by 6top.
Most OFs require metrics about reachability, such as the ETX. 6top
creates and maintains an abstract neighbor table, and this state may
be leveraged to feed an OF and/or store OF information as well. In
particular, 6top creates and maintains an abstract neighbor table. A
neighbor table entry contains a set of statistics with respect to
that specific neighbor including the time when the last packet has
been received from that neighbor, a set of cell quality metrics (e.g.
RSSI or LQI), the number of packets sent to the neighbor or the
number of packets received from it. This information can be obtained
through 6top management APIs as detailed in the 6top sublayer
specification [I-D.wang-6tisch-6top-sublayer] and used for instance
to compute a Rank Increment that will determine the selection of the
preferred parent.
6top provides statistics about the underlying layer so the OF can be
tuned to the nature of the TSCH MAC layer. 6top also enables the RPL
OF to influence the MAC behaviour, for instance by configuring the
Thubert Expires December 12, 2016 [Page 19]
Internet-Draft 6tisch-architecture June 2016
periodicity of IEEE802.15.4 Extended Beacons (EB's). By augmenting
the EB periodicity, it is possible to change the network dynamics so
as to improve the support of devices that may change their point of
attachment in the 6TiSCH network.
Some RPL control messages, such as the DODAG Information Object (DIO)
are ICMPv6 messages that are broadcast to all neighbor nodes. With
6TiSCH, the broadcast channel requirement is addressed by 6top by
configuring TSCH to provide a broadcast channel, as opposed to, for
instance, piggybacking the DIO messages in Enhance Beacons.
Consideration was given towards finding a way to embed the Route
Advertisements and the RPL DIO messages (both of which are multicast)
into the IEEE802.15.4 Enhanced Beacons. It was determined that this
produced undue timer coupling among layers, that the resulting packet
size was potentially too large, and required it is not yet clear that
there is any need for Enhanced Beacons in a production network.
4.2.4. Network Synchronization
Nodes in a TSCH network must be time synchronized. A node keeps
synchronized to its time source neighbor through a combination of
frame-based and acknowledgment-based synchronization. In order to
maximize battery life and network throughput, it is advisable that
RPL ICMP discovery and maintenance traffic (governed by the trickle
timer) be somehow coordinated with the transmission of time
synchronization packets (especially with enhanced beacons). This
could be achieved through an interaction of the 6top sublayer and the
RPL objective Function, or could be controlled by a management
entity.
Time distribution requires a loop-less structure. Nodes taken in a
synchronization loop will rapidly desynchronize from the network and
become isolated. It is expected that a RPL DAG with a dedicated
global Instance is deployed for the purpose of time synchronization.
That Instance is referred to as the Time Synchronization Global
Instance (TSGI). The TSGI can be operated in either of the 3 modes
that are detailed in section 3.1.3 of RPL [RFC6550], "Instances,
DODAGs, and DODAG Versions". Multiple uncoordinated DODAGs with
independent roots may be used if all the roots share a common time
source such as the Global Positioning System (GPS). In the absence
of a common time source, the TSGI should form a single DODAG with a
virtual root. A backbone network is then used to synchronize and
coordinate RPL operations between the backbone routers that act as
sinks for the LLN. Optionally, RPL's periodic operations may be used
to transport the network synchronization. This may mean that 6top
would need to trigger (override) the trickle timer if no other
traffic has occurred for such a time that nodes may get out of
synchronization.
Thubert Expires December 12, 2016 [Page 20]
Internet-Draft 6tisch-architecture June 2016
A node that has not joined the TSGI advertises a MAC level Join
Priority of 0xFF to notify its neighbors that is not capable of
serving as time parent. A node that has joined the TSGI advertises a
MAC level Join Priority set to its DAGRank() in that Instance, where
DAGRank() is the operation specified in section 3.5.1 of [RFC6550],
"Rank Comparison".
A root is configured or obtains by some external means the knowledge
of the RPLInstanceID for the TSGI. The root advertises its DagRank
in the TSGI, that must be less than 0xFF, as its Join Priority (JP)
in its IEEE802.15.4 Extended Beacons (EB). We'll note that the JP is
now specified between 0 and 0x3F leaving 2 bits in the octet unused
in the IEEE802.15.4e specification. After consultation with IEEE
authors, it was asserted that 6TiSCH can make a full use of the octet
to carry an integer value up to 0xFF.
A node that reads a Join Priority of less than 0xFF should join the
neighbor with the lesser Join Priority and use it as time parent. If
the node is configured to serve as time parent, then the node should
join the TSGI, obtain a Rank in that Instance and start advertising
its own DagRank in the TSGI as its Join Priority in its EBs.
4.2.5. SlotFrames and Priorities
6TiSCH enables in essence the capability to use IPv6 over a MAC layer
that enables to schedule some of the transmissions. In order to
ensure that the medium is free of contending packets when time
arrives for a scheduled transmission, a window of time is defined
around the scheduled transmission time where the medium must be free
of contending energy.
One simple way to obtain such a window is to format time and
frequencies in cells of transmission of equal duration. This is the
method that is adopted in IEEE802.15.4 TSCH as well as the Long Term
Evolution (LTE) of cellular networks.
In order to describe that formatting of time and frequencies, the
6TiSCH architecture defines a global concept that is called a Channel
Distribution and Usage (CDU) matrix; a CDU matrix is a matrix of
cells with an height equal to the number of available channels
(indexed by ChannelOffsets) and a width (in timeslots) that is the
period of the network scheduling operation (indexed by slotOffsets)
for that CDU matrix. The size of a cell is a timeslot duration, and
values of 10 to 15 milliseconds are typical in 802.15.4 TSCH to
accommodate for the transmission of a frame and an ack, including the
security validation on the receive side which may take up to a few
milliseconds on some device architecture.
Thubert Expires December 12, 2016 [Page 21]
Internet-Draft 6tisch-architecture June 2016
A CDU matrix iterates over and over with a pseudo-random rotation
from an epoch time. In a given network, there might be multiple CDU
matrices that operate with different width, so they have different
durations and represent different periodic operations. It is
recommended that all CDU matrices in a 6TiSCH domain operate with the
same cell duration and are aligned, so as to reduce the chances of
interferences from slotted-aloha operations. The knowledge of the
CDU matrices is shared between all the nodes and used in particular
to define slotFrames.
A slotFrame is a MAC-level abstraction that is common to all nodes
and contains a series of timeslots of equal length and precedence.
It is characterized by a slotFrame_ID, and a slotFrame_size. A
slotFrame aligns to a CDU matrix for its parameters, such as number
and duration of timeslots.
Multiple slotFrames can coexist in a node schedule, i.e., a node can
have multiple activities scheduled in different slotFrames, based on
the precedence of the 6TiSCH topologies. The slotFrames may be
aligned to different CDU matrices and thus have different width.
There is typically one slotFrame for scheduled traffic that has the
highest precedence and one or more slotFrame(s) for RPL traffic. The
timeslots in the slotFrame are indexed by the SlotOffset; the first
cell is at SlotOffset 0.
When a packet is received from a higher layer for transmission, 6top
inserts that packet in the outgoing queue which matches the packet
best (Differentiated Services [RFC2474] can therefore be used). At
each scheduled transmit slot, 6top looks for the frame in all the
outgoing queues that best matches the cells. If a frame is found, it
is given to the TSCH MAC for transmission.
4.2.6. Distributing the reservation of cells
6TiSCH expects a high degree of scalability together with a
distributed routing functionality based on RPL. To achieve this
goal, the spectrum must be allocated in a way that allows for spatial
reuse between zones that will not interfere with one another. In a
large and spatially distributed network, a 6TiSCH node is often in a
good position to determine usage of spectrum in its vicinity.
Use cases for distributed routing are often associated with a
statistical distribution of best-effort traffic with variable needs
for bandwidth on each individual link. With 6TiSCH, the abstraction
of an IPv6 link is implemented as a pair of bundles of cells, one in
each direction; the size of a bundle is optimal when both the energy
wasted idle listening and the packet drops due to congestion loss are
minimized. This can be maintained if the number of cells in a bundle
Thubert Expires December 12, 2016 [Page 22]
Internet-Draft 6tisch-architecture June 2016
is adapted dynamically, and with enough reactivity, to match the
variations of best-effort traffic. In turn, the agility to fulfill
the needs for additional cells improves when the number of
interactions with other devices and the protocol latencies are
minimized.
6TiSCH limits that interaction to RPL parents that will only
negotiate with other RPL parents, and performs that negotiation by
groups of cells as opposed to individual cells. The 6TiSCH
architecture allows RPL parents to adjust dynamically, and
independently from the PCE, the amount of bandwidth that is used to
communicate between themselves and their children, in both
directions; to that effect, an allocation mechanism enables a RPL
parent to obtain the exclusive use of a portion of a CDU matrix
within its interference domain. Note that a PCE is expected to have
precedence in the allocation, so that a RPL parent would only be able
to obtain portions that are not in-use by the PCE.
The 6TiSCH architecture introduces the concept of chunks
[I-D.ietf-6tisch-terminology]) to operate such spectrum distribution
for a whole group of cells at a time. The CDU matrix is formatted
into a set of chunks, each of them identified uniquely by a chunk-ID.
The knowledge of this formatting is shared between all the nodes in a
6TiSCH network. 6TiSCH also defines the process of chunk ownership
appropriation whereby a RPL parent discovers a chunk that is not used
in its interference domain (e.g lack of energy detected in reference
cells in that chunk); then claims the chunk, and then defends it in
case another RPL parent would attempt to appropriate it while it is
in use. The chunk is the basic unit of ownership that is used in
that process.
+-----+-----+-----+-----+-----+-----+-----+ +-----+
chan.Off. 0 |chnkA|chnkP|chnk7|chnkO|chnk2|chnkK|chnk1| ... |chnkZ|
+-----+-----+-----+-----+-----+-----+-----+ +-----+
chan.Off. 1 |chnkB|chnkQ|chnkA|chnkP|chnk3|chnkL|chnk2| ... |chnk1|
+-----+-----+-----+-----+-----+-----+-----+ +-----+
...
+-----+-----+-----+-----+-----+-----+-----+ +-----+
chan.Off. 15 |chnkO|chnk6|chnkN|chnk1|chnkJ|chnkZ|chnkI| ... |chnkG|
+-----+-----+-----+-----+-----+-----+-----+ +-----+
0 1 2 3 4 5 6 M
Figure 7: CDU matrix Partitioning in Chunks
As a result of the process of chunk ownership appropriation, the RPL
parent has exclusive authority to decide which cell in the
Thubert Expires December 12, 2016 [Page 23]
Internet-Draft 6tisch-architecture June 2016
appropriated chunk can be used by which node in its interference
domain. In other words, it is implicitly delegated the right to
manage the portion of the CDU matrix that is represented by the
chunk. The RPL parent may thus orchestrate which transmissions occur
in any of the cells in the chunk, by allocating cells from the chunk
to any form of communication (unicast, multicast) in any direction
between itself and its children. Initially, those cells are added to
the heap of free cells, then dynamically placed into existing
bundles, in new bundles, or allocated opportunistically for one
transmission.
The appropriation of a chunk can also be requested explicitly by the
PCE to any node. In that case, the node still may need to perform
the appropriation process to validate that no other node has claimed
that chunk already. After a successful appropriation, the PCE owns
the cells in that chunk, and may use them as hard cells to set up
Tracks.
4.3. Communication Paradigms and Interaction Models
[I-D.ietf-6tisch-terminology] defines the terms of Communication
Paradigms and Interaction Models, which can be placed in parallel to
the Information Models and Data Models that are defined in [RFC3444].
A Communication Paradigms would be an abstract view of a protocol
exchange, and would come with an Information Model for the
information that is being exchanged. In contrast, an Interaction
Models would be more refined and could point on standard operation
such as a Representational state transfer (REST) "GET" operation and
would match a Data Model for the data that is provided over the
protocol exchange.
section 2.1.3 of [I-D.ietf-roll-rpl-industrial-applicability] and
next sections discuss application-layer paradigms, such as Source-
sink (SS) that is a Multipeer to Multipeer (MP2MP) model primarily
used for alarms and alerts, Publish-subscribe (PS, or pub/sub) that
is typically used for sensor data, as well as Peer-to-peer (P2P) and
Peer-to-multipeer (P2MP) communications. Additional considerations
on Duocast and its N-cast generalization are also provided. Those
paradigms are frequently used in industrial automation, which is a
major use case for IEEE802.15.4 TSCH wireless networks with
[ISA100.11a] and [WirelessHART], that provides a wireless access to
[HART] applications and devices.
This specification focuses on Communication Paradigms and Interaction
Models for packet forwarding and TSCH resources (cells) management.
Management mechanisms for the TSCH schedule at Link-layer (one-hop),
Network-layer (multithop along a Track), and Application-layer
Thubert Expires December 12, 2016 [Page 24]
Internet-Draft 6tisch-architecture June 2016
(remote control) are discussed in Section 4.4. Link-layer frame
forwarding interactions are discussed in Section 4.5, and Network-
layer Packet routing is addressed in Section 4.6.
4.4. Schedule Management Mechanisms
6TiSCH uses 4 paradigms to manage the TSCH schedule of the LLN nodes:
Static Scheduling, neighbor-to-neighbor Scheduling, remote monitoring
and scheduling management, and Hop-by-hop scheduling. Multiple
mechanisms are defined that implement the associated Interaction
Models, and can be combined and used in the same LLN. Which
mechanism(s) to use depends on application requirements.
4.4.1. Static Scheduling
In the simplest instantiation of a 6TiSCH network, a common fixed
schedule may be shared by all nodes in the network. Cells are
shared, and nodes contend for slot access in a slotted aloha manner.
A static TSCH schedule can be used to bootstrap a network, as an
initial phase during implementation, or as a fall-back mechanism in
case of network malfunction. This schedule is pre-established, for
instance decided by a network administrator based on operational
needs. It can be pre-configured into the nodes, or, more commonly,
learned by a node when joining the network using standard
IEEE802.15.4 Information Elements (IE). Regardless, the schedule
remains unchanged after the node has joined a network. RPL is used
on the resulting network. This "minimal" scheduling mechanism that
implements this paradigm is detailed in [I-D.ietf-6tisch-minimal].
4.4.2. Neighbor-to-neighbor Scheduling
In the simplest instantiation of a 6TiSCH network described in
Section 4.4.1, nodes may expect a packet at any cell in the schedule
and will waste energy idle listening. In a more complex
instantiation of a 6TiSCH network, a matching portion of the schedule
is established between peers to reflect the observed amount of
transmissions between those nodes. The aggregation of the cells
between a node and a peer forms a bundle that the 6top layer uses to
implement the abstraction of a link for IP. The bandwidth on that
link is proportional to the number of cells in the bundle.
If the size of a bundle is configured to fit an average amount of
bandwidth, peak traffic is dropped. If the size is configured to
allow for peak emissions, energy is be wasted idle listening.
The 6top sublayer [I-D.wang-6tisch-6top-sublayer] defines a protocol
for neighbor nodes to reserve soft cells to transmit to one another.
Thubert Expires December 12, 2016 [Page 25]
Internet-Draft 6tisch-architecture June 2016
Because this reservation is done without global knowledge of the
schedule of nodes in the LLN, scheduling collisions are possible.
6top defines a monitoring process which continuously Tracks the
packet delivery ratio of soft cells. It uses these statistics to
trigger the reallocation of a soft cell in the schedule, using a
negotiation protocol between the neighbors nodes communicating over
that cell.
In the most efficient instantiations of a 6TiSCH network, the size of
the bundles that implement the links may be changed dynamically in
order to adapt to the need of end-to-end flows routed by RPL. An
optional Scheduling Function (SF) such as SF0
[I-D.ietf-6tisch-6top-sf0] is used to monitor bandwidth usage and
perform requests for dynamic allocation by the 6top sublayer. The SF
component is not part of the 6top sublayer. It may be collocated on
the same device or may be partially or fully offloaded to an external
system.
Monitoring and relocation is done in the 6top layer. For the upper
layer, the connection between two neighbor nodes appears as an number
of cells. Depending on traffic requirements, the upper layer can
request 6top to add or delete a number of cells scheduled to a
particular neighbor, without being responsible for choosing the exact
slotOffset/channelOffset of those cells.
4.4.3. Remote Monitoring and Schedule Management
The 6top interface document [I-D.ietf-6tisch-6top-interface]
specifies the generic data model that can be used to monitor and
manage resources of the 6top sublayer. Abstract methods are
suggested for use by a management entity in the device. The data
model also enables remote control operations on the 6top sublayer.
The capability to interact with the node 6top sublayer from multiple
hops away can be leveraged for monitoring, scheduling, or a
combination of thereof. The architecture supports variations on the
deployment model, and focuses on the flows rather than whether there
is a proxy or a translation operation en-route.
[I-D.ietf-6tisch-coap] defines an mapping of the 6top set of
commands, which is described in [I-D.ietf-6tisch-6top-interface], to
CoAP resources. This allows an entity to interact with the 6top
layer of a node that is multiple hops away in a RESTful fashion.
The entity issuing the CoAP requests can be a central scheduling
entity (e.g. a PCE), a node multiple hops away with the authority to
modify the TSCH schedule (e.g. the head of a local cluster), or a
external device monitoring the overall state of the network (e.g.
Thubert Expires December 12, 2016 [Page 26]
Internet-Draft 6tisch-architecture June 2016
NME). It is also possible that a mapping entity on the backbone
transforms a non-CoAP protocol such as PCEP into the RESTful
interfaces that the 6TiSCH devices support.
With respect to Centralized routing and scheduling, the 6TiSCH
Architecture is (expected to be) be an extension of the detnet work
Deterministic Networking Architecture [I-D.finn-detnet-architecture],
which studies Layer-3 aspects of Deterministic Networks, and covers
networks that span multiple Layer-2 domains. The DetNet architecture
is a form of SDN Architecture and is composed of three planes, a
(User) Application Plane, a Controller Plane (where the PCE
operates), and a Network Plane which in our case is the 6TiSCH LLN.
The generic SDN architecture is discussed in Software-Defined
Networking (SDN): Layers and Architecture Terminology [RFC7426] and
is represented below:
Thubert Expires December 12, 2016 [Page 27]
Internet-Draft 6tisch-architecture June 2016
SDN Layers and Architecture Terminology per RFC 7426
o--------------------------------o
| |
| +-------------+ +----------+ |
| | Application | | Service | |
| +-------------+ +----------+ |
| Application Plane |
o---------------Y----------------o
|
*-----------------------------Y---------------------------------*
| Network Services Abstraction Layer (NSAL) |
*------Y------------------------------------------------Y-------*
| |
| Service Interface |
| |
o------Y------------------o o---------------------Y------o
| | Control Plane | | Management Plane | |
| +----Y----+ +-----+ | | +-----+ +----Y----+ |
| | Service | | App | | | | App | | Service | |
| +----Y----+ +--Y--+ | | +--Y--+ +----Y----+ |
| | | | | | | |
| *----Y-----------Y----* | | *---Y---------------Y----* |
| | Control Abstraction | | | | Management Abstraction | |
| | Layer (CAL) | | | | Layer (MAL) | |
| *----------Y----------* | | *----------Y-------------* |
| | | | | |
o------------|------------o o------------|---------------o
| |
| CP | MP
| Southbound | Southbound
| Interface | Interface
| |
*------------Y---------------------------------Y----------------*
| Device and resource Abstraction Layer (DAL) |
*------------Y---------------------------------Y----------------*
| | | |
| o-------Y----------o +-----+ o--------Y----------o |
| | Forwarding Plane | | App | | Operational Plane | |
| o------------------o +-----+ o-------------------o |
| Network Device |
+---------------------------------------------------------------+
Figure 8
The PCE establishes end-to-end Tracks of hard cells, which are
described in more details in Section 4.5.1. The DetNet work is
expected to enable end to end Deterministic Path across heterogeneous
Thubert Expires December 12, 2016 [Page 28]
Internet-Draft 6tisch-architecture June 2016
network (e.g. a 6TiSCH LLN and an Ethernet Backbone). This model
fits the 6TiSCH extended configuration, whereby a 6BBR federates
multiple 6TiSCH LLN in a single subnet over a backbone that can be,
for instance, Ethernet or Wi-Fi. In that model, 6TiSCH 6BBRs
synchronize with one another over the backbone, so as to ensure that
the multiple LLNs that form the IPv6 subnet stay tightly
synchronized.
If the Backbone is Deterministic, then the Backbone Router ensures
that the end-to-end deterministic behavior is maintained between the
LLN and the backbone. It is the responsibility of the PCE to compute
a deterministic path and to end across the TSCH network and an
IEEE802.1 TSN Ethernet backbone, and that of DetNet to enable end-to-
end deterministic forwarding.
4.4.4. Hop-by-hop Scheduling
A node can reserve a Track to a destination node multiple hops away
by installing soft cells at each intermediate node. This forms a
Track of soft cells. It is the responsibility of the 6top sublayer
of each node on the Track to monitor these soft cells and trigger
relocation when needed.
This hop-by-hop reservation mechanism is expected to be similar in
essence to [RFC3209] and/or [RFC4080]/[RFC5974]. The protocol for a
node to trigger hop-by-hop scheduling is not yet defined.
4.5. Forwarding Models
By forwarding, this specification means the per-packet operation that
allows to deliver a packet to a next hop or an upper layer in this
node. Forwarding is based on pre-existing state that was installed
as a result of a routing computation Section 4.6. 6TiSCH supports
three different forwarding model, G-MPLS Track Forwarding (TF),
6LoWPAN Fragment Forwarding (FF) and IPv6 Forwarding (6F).
4.5.1. Track Forwarding
A Track is a directional path between a source and a destination. In
a Track cell, the normal operation of IEEE802.15.4 Automatic Repeat-
reQuest (ARQ) usually happens, though the acknowledgment may be
omitted in some cases, for instance if there is no scheduled cell for
a retry.
Track Forwarding is the simplest and fastest. A bundle of cells set
to receive (RX-cells) is uniquely paired to a bundle of cells that
are set to transmit (TX-cells), representing a layer-2 forwarding
state that can be used regardless of the network layer protocol.
Thubert Expires December 12, 2016 [Page 29]
Internet-Draft 6tisch-architecture June 2016
This model can effectively be seen as a Generalized Multi-protocol
Label Switching (G-MPLS) operation in that the information used to
switch a frame is not an explicit label, but rather related to other
properties of the way the packet was received, a particular cell in
the case of 6TiSCH. As a result, as long as the TSCH MAC (and
Layer-2 security) accepts a frame, that frame can be switched
regardless of the protocol, whether this is an IPv6 packet, a 6LoWPAN
fragment, or a frame from an alternate protocol such as WirelessHART
or ISA100.11a.
A data frame that is forwarded along a Track normally has a
destination MAC address that is set to broadcast - or a multicast
address depending on MAC support. This way, the MAC layer in the
intermediate nodes accepts the incoming frame and 6top switches it
without incurring a change in the MAC header. In the case of
IEEE802.15.4, this means effectively broadcast, so that along the
Track the short address for the destination of the frame is set to
0xFFFF.
A Track is thus formed end-to-end as a succession of paired bundles,
a receive bundle from the previous hop and a transmit bundle to the
next hop along the Track, and a cell in such a bundle belongs to at
most one Track. For a given iteration of the device schedule, the
effective channel of the cell is obtained by adding a pseudo-random
number to the channelOffset of the cell, which results in a rotation
of the frequency that used for transmission. The bundles may be
computed so as to accommodate both variable rates and
retransmissions, so they might not be fully used at a given iteration
of the schedule. The 6TiSCH architecture provides additional means
to avoid waste of cells as well as overflows in the transmit bundle,
as follows:
In one hand, a TX-cell that is not needed for the current iteration
may be reused opportunistically on a per-hop basis for routed
packets. When all of the frame that were received for a given Track
are effectively transmitted, any available TX-cell for that Track can
be reused for upper layer traffic for which the next-hop router
matches the next hop along the Track. In that case, the cell that is
being used is effectively a TX-cell from the Track, but the short
address for the destination is that of the next-hop router. It
results that a frame that is received in a RX-cell of a Track with a
destination MAC address set to this node as opposed to broadcast must
be extracted from the Track and delivered to the upper layer (a frame
with an unrecognized MAC address is dropped at the lower MAC layer
and thus is not received at the 6top sublayer).
On the other hand, it might happen that there are not enough TX-cells
in the transmit bundle to accommodate the Track traffic, for instance
Thubert Expires December 12, 2016 [Page 30]
Internet-Draft 6tisch-architecture June 2016
if more retransmissions are needed than provisioned. In that case,
the frame can be placed for transmission in the bundle that is used
for layer-3 traffic towards the next hop along the Track as long as
it can be routed by the upper layer, that is, typically, if the frame
transports an IPv6 packet. The MAC address should be set to the
next-hop MAC address to avoid confusion. It results that a frame
that is received over a layer-3 bundle may be in fact associated to a
Track. In a classical IP link such as an Ethernet, off-Track traffic
is typically in excess over reservation to be routed along the non-
reserved path based on its QoS setting. But with 6TiSCH, since the
use of the layer-3 bundle may be due to transmission failures, it
makes sense for the receiver to recognize a frame that should be re-
Tracked, and to place it back on the appropriate bundle if possible.
A frame should be re-Tracked if the Per-Hop-Behavior group indicated
in the Differentiated Services Field in the IPv6 header is set to
Deterministic Forwarding, as discussed in Section 4.6.1. A frame is
re-Tracked by scheduling it for transmission over the transmit bundle
associated to the Track, with the destination MAC address set to
broadcast.
There are 2 modes for a Track, transport mode and tunnel mode.
4.5.1.1. Transport Mode
In transport mode, the Protocol Data Unit (PDU) is associated with
flow-dependant meta-data that refers uniquely to the Track, so the
6top sublayer can place the frame in the appropriate cell without
ambiguity. In the case of IPv6 traffic, this flow identification is
transported in the Flow Label of the IPv6 header. Associated with
the source IPv6 address, the Flow Label forms a globally unique
identifier for that particular Track that is validated at egress
before restoring the destination MAC address (DMAC) and punting to
the upper layer.
| ^
+--------------+ | |
| IPv6 | | |
+--------------+ | |
| 6LoWPAN HC | | |
+--------------+ ingress egress
| 6top | sets +----+ +----+ restores
+--------------+ dmac to | | | | dmac to
| TSCH MAC | brdcst | | | | self
+--------------+ | | | | | |
| LLN PHY | +-------+ +--...-----+ +-------+
+--------------+
Track Forwarding, Transport Mode
Thubert Expires December 12, 2016 [Page 31]
Internet-Draft 6tisch-architecture June 2016
4.5.1.2. Tunnel Mode
In tunnel mode, the frames originate from an arbitrary protocol over
a compatible MAC that may or may not be synchronized with the 6TiSCH
network. An example of this would be a router with a dual radio that
is capable of receiving and sending WirelessHART or ISA100.11a frames
with the second radio, by presenting itself as an access Point or a
Backbone Router, respectively.
In that mode, some entity (e.g. PCE) can coordinate with a
WirelessHART Network Manager or an ISA100.11a System Manager to
specify the flows that are to be transported transparently over the
Track.
+--------------+
| IPv6 |
+--------------+
| 6LoWPAN HC |
+--------------+ set restore
| 6top | +dmac+ +dmac+
+--------------+ to|brdcst to|nexthop
| TSCH MAC | | | | |
+--------------+ | | | |
| LLN PHY | +-------+ +--...-----+ +-------+
+--------------+ | ingress egress |
| |
+--------------+ | |
| LLN PHY | | |
+--------------+ | |
| TSCH MAC | | |
+--------------+ | dmac = | dmac =
|ISA100/WiHART | | nexthop v nexthop
+--------------+
Figure 9: Track Forwarding, Tunnel Mode
In that case, the flow information that identifies the Track at the
ingress 6TiSCH router is derived from the RX-cell. The dmac is set
to this node but the flow information indicates that the frame must
be tunneled over a particular Track so the frame is not passed to the
upper layer. Instead, the dmac is forced to broadcast and the frame
is passed to the 6top sublayer for switching.
At the egress 6TiSCH router, the reverse operation occurs. Based on
metadata associated to the Track, the frame is passed to the
appropriate link layer with the destination MAC restored.
Thubert Expires December 12, 2016 [Page 32]
Internet-Draft 6tisch-architecture June 2016
4.5.1.3. Tunnel Metadata
Metadata coming with the Track configuration is expected to provide
the destination MAC address of the egress endpoint as well as the
tunnel mode and specific data depending on the mode, for instance a
service access point for frame delivery at egress. If the tunnel
egress point does not have a MAC address that matches the
configuration, the Track installation fails.
In transport mode, if the final layer-3 destination is the tunnel
termination, then it is possible that the IPv6 address of the
destination is compressed at the 6LoWPAN sublayer based on the MAC
address. It is thus mandatory at the ingress point to validate that
the MAC address that was used at the 6LoWPAN sublayer for compression
matches that of the tunnel egress point. For that reason, the node
that injects a packet on a Track checks that the destination is
effectively that of the tunnel egress point before it overwrites it
to broadcast. The 6top sublayer at the tunnel egress point reverts
that operation to the MAC address obtained from the tunnel metadata.
4.5.2. Fragment Forwarding
Considering that 6LoWPAN packets can be as large as 1280 bytes (the
IPv6 MTU), and that the non-storing mode of RPL implies Source
Routing that requires space for routing headers, and that a
IEEE802.15.4 frame with security may carry in the order of 80 bytes
of effective payload, an IPv6 packet might be fragmented into more
than 16 fragments at the 6LoWPAN sublayer.
This level of fragmentation is much higher than that traditionally
experienced over the Internet with IPv4 fragments, where
fragmentation is already known as harmful.
In the case to a multihop route within a 6TiSCH network, Hop-by-Hop
recomposition occurs at each hop in order to reform the packet and
route it. This creates additional latency and forces intermediate
nodes to store a portion of a packet for an undetermined time, thus
impacting critical resources such as memory and battery.
[I-D.thubert-roll-forwarding-frags] describes a mechanism whereby the
datagram tag in the 6LoWPAN Fragment is used as a label for switching
at the 6LoWPAN sublayer. The draft allows for a degree of flow
control based on an Explicit Congestion Notification, as well as end-
to-end individual fragment recovery.
Thubert Expires December 12, 2016 [Page 33]
Internet-Draft 6tisch-architecture June 2016
| ^
+--------------+ | |
| IPv6 | | +----+ +----+ |
+--------------+ | | | | | |
| 6LoWPAN HC | | learn learn |
+--------------+ | | | | | |
| 6top | | | | | | |
+--------------+ | | | | | |
| TSCH MAC | | | | | | |
+--------------+ | | | | | |
| LLN PHY | +-------+ +--...-----+ +-------+
+--------------+
Figure 10: Forwarding First Fragment
In that model, the first fragment is routed based on the IPv6 header
that is present in that fragment. The 6LoWPAN sublayer learns the
next hop selection, generates a new datagram tag for transmission to
the next hop, and stores that information indexed by the incoming MAC
address and datagram tag. The next fragments are then switched based
on that stored state.
| ^
+--------------+ | |
| IPv6 | | |
+--------------+ | |
| 6LoWPAN HC | | replay replay |
+--------------+ | | | | | |
| 6top | | | | | | |
+--------------+ | | | | | |
| TSCH MAC | | | | | | |
+--------------+ | | | | | |
| LLN PHY | +-------+ +--...-----+ +-------+
+--------------+
Figure 11: Forwarding Next Fragment
A bitmap and an ECN echo in the end-to-end acknowledgment enable the
source to resend the missing fragments selectively. The first
fragment may be resent to carve a new path in case of a path failure.
The ECN echo set indicates that the number of outstanding fragments
should be reduced.
4.5.3. IPv6 Forwarding
As the packets are routed at Layer-3, traditional QoS and RED
operations are expected to prioritize flows; the application of
Thubert Expires December 12, 2016 [Page 34]
Internet-Draft 6tisch-architecture June 2016
Differentiated Services is further discussed in
[I-D.svshah-tsvwg-lln-diffserv-recommendations].
| ^
+--------------+ | |
| IPv6 | | +-QoS+ +-QoS+ |
+--------------+ | | | | | |
| 6LoWPAN HC | | | | | | |
+--------------+ | | | | | |
| 6top | | | | | | |
+--------------+ | | | | | |
| TSCH MAC | | | | | | |
+--------------+ | | | | | |
| LLN PHY | +-------+ +--...-----+ +-------+
+--------------+
Figure 12: IP Forwarding
4.6. Centralized vs. Distributed Routing
6TiSCH supports a mixed model of centralized routes and distributed
routes. Centralized routes can for example be computed by a entity
such as a PCE. Distributed routes are computed by RPL.
Both methods may inject routes in the Routing Tables of the 6TiSCH
routers. In either case, each route is associated with a 6TiSCH
topology that can be a RPL Instance topology or a Track. The 6TiSCH
topology is indexed by a Instance ID, in a format that reuses the
RPLInstanceID as defined in RPL [RFC6550].
Both RPL and PCE rely on shared sources such as policies to define
Global and Local RPLInstanceIDs that can be used by either method.
It is possible for centralized and distributed routing to share a
same topology. Generally they will operate in different slotFrames,
and centralized routes will be used for scheduled traffic and will
have precedence over distributed routes in case of conflict between
the slotFrames.
4.6.1. Packet Marking and Handling
All packets inside a 6TiSCH domain must carry the Instance ID that
identifies the 6TiSCH topology that is to be used for routing and
forwarding that packet. The location of that information must be the
same for all packets forwarded inside the domain.
For packets that are routed by a PCE along a Track, the tuple formed
by the IPv6 source address and a local RPLInstanceID in the packet
identify uniquely the Track and associated transmit bundle.
Thubert Expires December 12, 2016 [Page 35]
Internet-Draft 6tisch-architecture June 2016
Additionally, an IP packet that is sent along a Track uses the
Differentiated Services Per-Hop-Behavior Group called Deterministic
Forwarding, as described in
[I-D.svshah-tsvwg-deterministic-forwarding].
For packets that are routed by RPL, that information is the
RPLInstanceID which is carried in the RPL Packet Information, as
discussed in section 11.2 of [RFC6550], "Loop Avoidance and
Detection".
The RPL Packet Information (RPI) is carried in IPv6 packets as a RPL
option in the IPv6 Hop-By-Hop Header [RFC6553].
A compression mechanism for the RPL packet artifacts that integrates
the compression of IP-in-IP encapsulation and the Routing Header type
3 [RFC6554] with that of the RPI in a 6LoWPAN dispatch/header type is
concurrently being evaluated as [I-D.ietf-roll-routing-dispatch].
Either way, the method and format used for encoding the RPLInstanceID
is generalized to all 6TiSCH topological Instances, which include
both RPL Instances and Tracks.
5. IANA Considerations
This specification does not require IANA action.
6. Security Considerations
This architecture operates on IEEE802.15.4 and expects link-layer
security to be enabled at all times between connected devices, except
for the very first step of the device join process, where a joining
device may need some initial, unsecured exchanges so as to obtain its
initial key material. Work has already started at the 6TiSCH
Security Design Team and an overview of the current state of that
work is presented in Section 6.1.
Future work on 6TiSCH security and will examine in deeper detail how
to secure transactions end-to-end, and to maintain the security
posture of a device over its lifetime. The result of that work will
be described in a subsequent volume of this architecture.
6.1. Join Process Highlights
The architecture specifies three logical elements to describe the
join process:
Joining Node (JN): Node that wishes to become part of the network;
Thubert Expires December 12, 2016 [Page 36]
Internet-Draft 6tisch-architecture June 2016
Join Coordination Entity (JCE) : A Join Coordination Entity (JCE)
that arbitrates network access and hands out network parameters
(such as keying material);
Join Assistant (JA), a one-hop (radio) neighbor of the joining node
that acts as proxy network node and may provide connectivity
with the JCE.
The join protocol consists of three major activities:
Device Authentication: The JN and the JA mutually authenticate each
other and establish a shared key, so as to ensure on-going
authenticated communications. This may involve a server as a
third party.
Authorization: The JA decides on whether/how to authorize a JN (if
denied, this may result in loss of bandwidth). Conversely, the
JN decides on whether/how to authorize the network (if denied,
it will not join the network). Authorization decisions may
involve other nodes in the network.
Configuration/Parameterization: The JA distributes configuration
information to the JN, such as scheduling information, IP
address assignment information, and network policies. This may
originate from other network devices, for which the JA may act
as proxy. This step may also include distribution of
information from the JN to the JA and other nodes in the
network and, more generally, synchronization of information
between these entities.
The device joining process is depicted in Figure 13, where it is
assumed that devices have access to certificates and where entities
have access to the root CA keys of their communicating parties
(initial set-up requirement). Under these assumptions, the
authentication step of the device joining process does not require
online involvement of a third party. Mutual authentication is
performed between the JN and the JA using their certificates, which
also results in a shared key between these two entities.
The JA assists the JN in mutual authentication with a remote server
node (primarily via provision of a communication path with the
server), which also results in a shared (end-to-end) key between
those two entities. The server node may be a JCE that arbitrages the
network authorization of the JN (where the JA will deny bandwidth if
authorization is not successful); it may distribute network-specific
configuration parameters (including network-wide keys) to the JN. In
its turn, the JN may distribute and synchronize information
(including, e.g., network statistics) to the server node and, if so
Thubert Expires December 12, 2016 [Page 37]
Internet-Draft 6tisch-architecture June 2016
desired, also to the JA. The actual decision of the JN to become
part of the network may depend on authorization of the network
itself.
The server functionality is a role which may be implemented with one
(centralized) or multiple devices (distributed). In either case,
mutual authentication is established with each physical server entity
with which a role is implemented.
Note that in the above description, the JA does not solely act as a
relay node, thereby allowing it to first filter traffic to be relayed
based on cryptographic authentication criteria - this provides first-
level access control and mitigates certain types of denial-of-service
attacks on the network at large.
Depending on more detailed insight in cost/benefit trade-offs, this
process might be complemented by a more "relaxed" mechanism, where
the JA acts as a relay node only. The final architecture will
provide mechanisms to also cover cases where the initial set-up
requirements are not met or where some other out-of-sync behavior
occurs; it will also suggest some optimizations in case JCE-related
information is already available with the JA (via caching of
information).
When a device rejoins the network in the same authorization domain,
the authorization step could be omitted if the server distributes the
authorization state for the device to the JA when the device
initially joined the network. However, this generally still requires
the exchange of updated configuration information, e.g., related to
time schedules and bandwidth allocation.
Thubert Expires December 12, 2016 [Page 38]
Internet-Draft 6tisch-architecture June 2016
{joining node} {neighbor} {server, etc.} Example:
+---------+ +---------+ +---------+
| Joining | | Join | +--| CA |certificate
| Node | |Assistant| | +---------+ issuance
+---------+ +---------+ | +---------+
| | +--|Authoriz.| membership
|<----Beaconing------| | +---------+ test (JCE)
| | | +---------+
|<--Authentication-->| +--| Routing | IP address
| |<--Authorization-->| +--------- assignment
|<-------------------| | +---------+
| | +--| Gateway | backbone,
|------------------->| | +---------+ cloud
| |<--Configuration-->| +---------+
|<-------------------| +--|Bandwidth| PCE
+---------+ schedule
. . .
. . .
Figure 13: Network joining, with only authorization by third party
7. Acknowledgments
7.1. Contributors
The co-authors of this document are listed below:
Robert Assimiti for his breakthrough work on RPL over TSCH and
initial text and guidance.
Kris Pister for creating it all and his continuing guidance through
the elaboration of this design.
Michael Richardson for his leadership role in the Security Design
Team and his contribution throughout this document.
Rene Struik for the security section and his contribution to the
Security Design Team.
Xavier Vilajosana who lead the design of the minimal support with
RPL and contributed deeply to the 6top design and the G-MPLS
operation of Track switching.
Qin Wang who lead the design of the 6top sublayer and contributed
related text that was moved and/or adapted in this document.
Thubert Expires December 12, 2016 [Page 39]
Internet-Draft 6tisch-architecture June 2016
Thomas Watteyne for his contribution to the whole design, in
particular on TSCH and security.
7.2. Special Thanks
Special thanks to Tero Kivinen, Jonathan Simon, Giuseppe Piro, Subir
Das and Yoshihiro Ohba for their deep contribution to the initial
security work, and to Diego Dujovne for starting and leading the SF0
effort.
Special thanks also to Pat Kinney for his support in maintaining the
connection active and the design in line with work happening at
IEEE802.15.4.
Special thanks to Ted Lemon who was the INT Area A-D while this
specification was developed for his great support and help
throughout.
Also special thanks to Ralph Droms who performed the first INT Area
Directorate review, that was very deep and through and radically
changed the orientations of this document.
7.3. And Do not Forget
This specification is the result of multiple interactions, in
particular during the 6TiSCH (bi)Weekly Interim call, relayed through
the 6TiSCH mailing list at the IETF.
The authors wish to thank: Alaeddine Weslati, Chonggang Wang,
Georgios Exarchakos, Zhuo Chen, Alfredo Grieco, Bert Greevenbosch,
Cedric Adjih, Deji Chen, Martin Turon, Dominique Barthel, Elvis
Vogli, Geraldine Texier, Malisa Vucinic, Guillaume Gaillard, Herman
Storey, Kazushi Muraoka, Ken Bannister, Kuor Hsin Chang, Laurent
Toutain, Maik Seewald, Maria Rita Palattella, Michael Behringer,
Nancy Cam Winget, Nicola Accettura, Nicolas Montavont, Oleg Hahm,
Patrick Wetterwald, Paul Duffy, Peter van der Stock, Rahul Sen,
Pieter de Mil, Pouria Zand, Rouhollah Nabati, Rafa Marin-Lopez,
Raghuram Sudhaakar, Sedat Gormus, Shitanshu Shah, Steve Simlo,
Tengfei Chang, Tina Tsou, Tom Phinney, Xavier Lagrange, Ines Robles
and Samita Chakrabarti for their participation and various
contributions.
8. References
Thubert Expires December 12, 2016 [Page 40]
Internet-Draft 6tisch-architecture June 2016
8.1. Normative References
[I-D.finn-detnet-architecture]
Finn, N., Thubert, P., and M. Teener, "Deterministic
Networking Architecture", draft-finn-detnet-
architecture-04 (work in progress), March 2016.
[I-D.ietf-6lo-backbone-router]
Thubert, P., Bertz, et al. Expires November 19, 2018 [Page 88]
Internet-Draft Diameter Credit-Control Application May 2018
0 The AVP MUST NOT be present in the message.
0+ Zero or more instances of the AVP MAY be present in the
message.
0-1 Zero or one instance of the AVP MAY be present in the
message. It is considered an error if there is more
than one instance of the AVP.
1 One instance of the AVP MUST be present in the message.
1+ At least one instance of the AVP MUST be present in the
message.
10.1. Credit-Control AVP Table
The table in this section is used to represent which credit-control
applications specific AVPs defined in this document are to be present
in the credit-control messages.
+-----------+
| Command |
| Code |
|-----+-----+
Attribute Name | CCR | CCA |
------------------------------|-----+-----+
Acct-Multi-Session-Id | 0-1 | 0-1 |
Auth-Application-Id | 1 | 1 |
CC-Correlation-Id | 0-1 | 0 |
CC-Session-Failover | 0 | 0-1 |
CC-Request-Number | 1 | 1 |
CC-Request-Type | 1 | 1 |
CC-Sub-Session-Id | 0-1 | 0-1 |
Check-Balance-Result | 0 | 0-1 |
Cost-Information | 0 | 0-1 |
Credit-Control-Failure- | 0 | 0-1 |
Handling | | |
Destination-Host | 0-1 | 0 |
Destination-Realm | 1 | 0 |
Direct-Debiting-Failure- | 0 | 0-1 |
Handling | | |
Event-Timestamp | 0-1 | 0-1 |
Failed-AVP | 0 | 0+ |
Final-Unit-Indication | 0 | 0-1 |
QoS-Final-Unit-Indication | 0 | 0-1 |
Granted-Service-Unit | 0 | 0-1 |
Multiple-Services-Credit- | 0+ | 0+ |
Control | | |
Multiple-Services-Indicator | 0-1 | 0 |
Origin-Host | 1 | 1 |
Origin-Realm | 1 | 1 |
Origin-State-Id | 0-1 | 0-1 |
Bertz, et al. Expires November 19, 2018 [Page 89]
Internet-Draft Diameter Credit-Control Application May 2018
Proxy-Info | 0+ | 0+ |
Redirect-Host | 0 | 0+ |
Redirect-Host-Usage | 0 | 0-1 |
Redirect-Max-Cache-Time | 0 | 0-1 |
Requested-Action | 0-1 | 0 |
Requested-Service-Unit | 0-1 | 0 |
Route-Record | 0+ | 0+ |
Result-Code | 0 | 1 |
Service-Context-Id | 1 | 0 |
Service-Identifier | 0-1 | 0 |
Service-Parameter-Info | 0+ | 0 |
Session-Id | 1 | 1 |
Subscription-Id | 0+ | 0 |
Subscription-Id-Extension | 0+ | 0 |
Termination-Cause | 0-1 | 0 |
User-Equipment-Info | 0-1 | 0 |
User-Equipment-Info-Extension | 0-1 | 0 |
Used-Service-Unit | 0+ | 0 |
User-Name | 0-1 | 0-1 |
Validity-Time | 0 | 0-1 |
------------------------------|-----+-----+
10.2. Re-Auth-Request/Answer AVP Table
This section defines AVPs that are specific to the Diameter credit-
control application and that MAY be included in the Diameter Re-Auth-
Request/Answer (RAR/RAA) message [RFC6733].
Re-Auth-Request/Answer command MAY include the following additional
AVPs:
+---------------+
| Command Code |
|-------+-------+
Attribute Name | RAR | RAA |
------------------------------+-------+-------+
CC-Sub-Session-Id | 0-1 | 0-1 |
G-S-U-Pool-Identifier | 0-1 | 0-1 |
Service-Identifier | 0-1 | 0-1 |
Rating-Group | 0-1 | 0-1 |
------------------------------+-------+-------+
11. RADIUS/Diameter Credit-Control Interworking Model
This section defines the basic principles for the Diameter credit-
control/RADIUS prepaid inter-working model; that is, a message
translation between a RADIUS based prepaid solution and a Diameter
credit-control application. A complete description of the protocol
Bertz, et al. Expires November 19, 2018 [Page 90]
Internet-Draft Diameter Credit-Control Application May 2018
translations between RADIUS and the Diameter credit-control
application is beyond the scope of this specification and SHOULD be
addressed in another appropriate document, such as the RADIUS prepaid
specification.
The Diameter credit-control architecture may have a Translation Agent
capable of translation between RADIUS prepaid and Diameter credit-
control protocols. An AAA server (usually the home AAA server) may
act as a Translation Agent and as a Diameter credit-control client
for service elements that use credit-control mechanisms other than
Diameter credit-control for instance, RADIUS prepaid. In this case,
the home AAA server contacts the Diameter credit-control server as
part of the authorization process. The interworking architecture is
illustrated Figure 9, and interworking flow in Figure 10. In a
roaming situation the service element (e.g., the NAS) may be located
in the visited network, and a visited AAA server is usually
contacted. The visited AAA server connects then to the home AAA
server.
RADIUS Prepaid
+--------+ +---------+ protocol +------------+ +--------+
| End |<----->| Service |<---------->| Home AAA | |Business|
| User | | Element | | Server | |Support |
+--------+ +-->| | |+----------+|->|System |
| +---------+ ||CC Client || | |
| |+----------+| | |
+--------+ | +------^-----+ +----^---+
| End |<--+ Credit-Control | |
| User | Protocol | |
+--------+ +-------V--------+ |
|Credit-Control |----+
| Server |
+----------------+
Figure 9: Credit-control architecture with service element containing
translation agent, translating RADIUS prepaid to Diameter credit-
control protocol
When the AAA server acting as a Translation Agent receives an initial
RADIUS Access-Request message from service element (e.g., NAS
access), it performs regular authentication and authorization. If
the RADIUS Access-Request message indicates that the service element
is capable of credit-control, and if the home AAA server finds that
the subscriber is a prepaid subscriber, then a Diameter credit-
control request SHOULD be sent toward the credit-control server to
perform credit authorization and to establish a credit-control
session. After the Diameter credit-control server checks the end
user's account balance, rates the service, and reserves credit from
Bertz, et al. Expires November 19, 2018 [Page 91]
Internet-Draft Diameter Credit-Control Application May 2018
the end user's account, the reserved quota is returned to the home
AAA server in the Diameter Credit-Control-Answer. Then the home AAA
server sends the reserved quota to the service element in the RADIUS
Access-Accept.
At the expiry of the allocated quota, the service element sends a new
RADIUS Access-Request containing the units used this far to the home
AAA server. The home AAA server shall map a RADIUS Access-Request
containing the reported units to the Diameter credit-control server
in a Diameter Credit-Control-Request (UPDATE_REQUEST). The Diameter
credit-control server debits the used units from the end user's
account and allocates a new quota that is returned to the home AAA
server in the Diameter Credit-Control-Answer. The quota is
transferred to the service element in the RADIUS Access-Accept. When
the end user terminates the service, or when the entire quota has
been used, the service element sends a RADIUS Access-Request. To
debit the used units from the end user's account and to stop the
credit-control session, the home AAA server sends a Diameter Credit-
Control-Request (TERMINATION_REQUEST) to the credit-control server.
The Diameter credit-control server acknowledges the session
termination by sending a Diameter Credit-Control-Answer to the home
AAA server. The RADIUS Access-Accept is sent to the NAS.
A following diagram illustrates a RADIUS prepaid - Diameter credit-
control interworking sequence.
Bertz, et al. Expires November 19, 2018 [Page 92]
Internet-Draft Diameter Credit-Control Application May 2018
Service Element Translation Agent
(e.g., NAS) (CC Client) CC Server
| Access-Request | |
|----------------------->| |
| | CCR (initial) |
| |----------------------->|
| | CCA (Granted-Units) |
| |<-----------------------|
| Access-Accept | |
| (Granted-Units) | |
|<-----------------------| |
: : :
| Access-Request | |
| (Used-Units) | |
|----------------------->| |
| | CCR (update, |
| | Used-Units) |
| |----------------------->|
| | CCA (Granted-Units) |
| |<-----------------------|
| Access-Accept | |
| (Granted-Units) | |
|<-----------------------| |
: : :
| Access-Request | |
|----------------------->| |
| | CCR (terminate, |
| | Used-Units) |
| |----------------------->|
| | CCA |
| |<-----------------------|
| Access-Accept | |
|<-----------------------| |
| | |
Figure 10: Message flow example with RADIUS prepaid - Diameter
credit-control interworking
12. IANA Considerations
This section contains the namespaces that have either been created in
this specification, or the values assigned to existing namespaces
managed by IANA.
In the subsections below, when we speak about review by a Designated
Expert, please note that the designated expert will be assigned by
the IESG. Initially, such Expert discussions take place on the AAA
WG mailing list.
Bertz, et al. Expires November 19, 2018 [Page 93]
Internet-Draft Diameter Credit-Control Application May 2018
12.1. Application Identifier
This specification assigns the value 4, 'Diameter Credit Control', to
the Application Identifier namespace defined in [RFC6733]. See
Section 1.3 for more information.
12.2. Command Codes
This specification uses the value 272 from the Command code namespace
defined in [RFC6733] for the Credit-Control-Request (CCR) and Credit-
Control-Answer (CCA) commands.
12.3. AVP Codes
See Section 8 for the assignment of the namespace in this
specification.
This document describes new AVP codes beyond those described in
RFC4006. IANA is requested to allocated codes for the AVPs defined
in the following Table 7.
+-----------------------------------+-------+--------------------+
| Attribute Name | Code | Defined in section |
+-----------------------------------+-------+--------------------+
| User-Equipment-Info-Extension | TBD1 | 8.52 |
| User-Equipment-Info-IMEISV | TBD2 | 8.53 |
| User-Equipment-Info-MAC | TBD3 | 8.54 |
| User-Equipment-Info-EUI64 | TBD4 | 8.55 |
| User-Equipment-Info-ModifiedEUI64 | TBD5 | 8.56 |
| User-Equipment-Info-IMEI | TBD6 | 8.57 |
| Subscription-Id-Extension | TBD7 | 8.58 |
| Subscription-Id-E164 | TBD8 | 8.59 |
| Subscription-Id-IMSI | TBD9 | 8.60 |
| Subscription-Id-SIP-URI | TBD10 | 8.61 |
| Subscription-Id-NAI | TBD11 | 8.62 |
| Subscription-Id-Private | TBD12 | 8.63 |
| Redirect-Server-Extension | TBD13 | 8.64 |
| Redirect-Address-IPAddress | TBD14 | 8.65 |
| Redirect-Address-URL | TBD15 | 8.66 |
| Redirect-Address-SIP-URI | TBD16 | 8.67 |
| QoS-Final-Unit-Indication | TBD17 | 8.68 |
+-----------------------------------+-------+--------------------+
Table 7: Requested AVP Assignments
Bertz, et al. Expires November 19, 2018 [Page 94]
Internet-Draft Diameter Credit-Control Application May 2018
12.4. Result-Code AVP Values
This specification assigns the values 4010, 4011, 4012, 5030, 5031
from the Result-Code AVP value namespace defined in [RFC6733]. See
Section 9 for the assignment of the namespace in this specification.
12.5. CC-Request-Type AVP
As defined in Section 8.3, the CC-Request-Type AVP includes
Enumerated type values 1 - 4. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.6. CC-Session-Failover AVP
As defined in Section 8.4, the CC-Failover-Supported AVP includes
Enumerated type values 0 - 1. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.7. CC-Unit-Type AVP
As defined in Section 8.32, the CC-Unit-Type AVP includes Enumerated
type values 0 - 5. IANA has created and is maintaining a namespace
for this AVP. All remaining values are available for assignment by a
Designated Expert [RFC8126], under the conditions for enumerated
values described in [RFC7423] Section 5.6.
12.8. Check-Balance-Result AVP
As defined in Section 8.6, the Check-Balance-Result AVP includes
Enumerated type values 0 - 1. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.9. Credit-Control AVP
As defined in Section 8.13, the Credit-Control AVP includes
Enumerated type values 0 - 1. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
Bertz, et al. Expires November 19, 2018 [Page 95]
Internet-Draft Diameter Credit-Control Application May 2018
12.10. Credit-Control-Failure-Handling AVP
As defined in Section 8.14, the Credit-Control-Failure-Handling AVP
includes Enumerated type values 0 - 2. IANA has created and is
maintaining a namespace for this AVP. All remaining values are
available for assignment by a Designated Expert [RFC8126], under the
conditions for enumerated values described in [RFC7423] Section 5.6.
12.11. Direct-Debiting-Failure-Handling AVP
As defined in Section 8.15, the Direct-Debiting-Failure-Handling AVP
includes Enumerated type values 0 - 1. IANA has created and is
maintaining a namespace for this AVP. All remaining values are
available for assignment by a Designated Expert [RFC8126], under the
conditions for enumerated values described in [RFC7423] Section 5.6.
12.12. Final-Unit-Action AVP
As defined in Section 8.35, the Final-Unit-Action AVP includes
Enumerated type values 0 - 2. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.13. Multiple-Services-Indicator AVP
As defined in Section 8.40, the Multiple-Services-Indicator AVP
includes Enumerated type values 0 - 1. IANA has created and is
maintaining a namespace for this AVP. All remaining values are
available for assignment by a Designated Expert [RFC8126], under the
conditions for enumerated values described in [RFC7423] Section 5.6.
12.14. Redirect-Address-Type AVP
As defined in Section 8.38, the Redirect-Address-Type AVP includes
Enumerated type values 0 - 3. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.15. Requested-Action AVP
As defined in Section 8.41, the Requested-Action AVP includes
Enumerated type values 0 - 3. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
Bertz, et al. Expires November 19, 2018 [Page 96]
Internet-Draft Diameter Credit-Control Application May 2018
12.16. Subscription-Id-Type AVP
As defined in Section 8.47, the Subscription-Id-Type AVP includes
Enumerated type values 0 - 4. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.17. Tariff-Change-Usage AVP
As defined in Section 8.27, the Tariff-Change-Usage AVP includes
Enumerated type values 0 - 2. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
12.18. User-Equipment-Info-Type AVP
As defined in Section 8.50, the User-Equipment-Info-Type AVP includes
Enumerated type values 0 - 3. IANA has created and is maintaining a
namespace for this AVP. All remaining values are available for
assignment by a Designated Expert [RFC8126], under the conditions for
enumerated values described in [RFC7423] Section 5.6.
13. Credit-Control Application Related Parameters
Tx timer
When real-time credit-control is required, the credit-control client
contacts the credit-control server before and while the service is
provided to an end user. Due to the real-time nature of the
application, the communication delays SHOULD be minimized; e.g., to
avoid an overly long service setup time experienced by the end user.
The Tx timer is introduced to control the waiting time in the client
in the Pending state. When the Tx timer elapses, the credit-control
client takes an action to the end user according to the value of the
Credit-Control-Failure-Handling AVP
or Direct-Debiting-Failure-Handling AVP. The recommended value is 10
seconds.
Tcc timer
The Tcc timer supervises an ongoing credit-control session in the
credit-control server. It is RECOMMENDED to use the Validity-Time as
input to set the Tcc timer value. In case of transient failures in
the network, the Diameter credit-control server might change to Idle
Bertz, et al. Expires November 19, 2018 [Page 97]
Internet-Draft Diameter Credit-Control Application May 2018
state. To avoid this, the Tcc timer MAY be set so that Tcc equals to
2 x Validity-Time.
Credit-Control-Failure-Handling and Direct-Debiting-Failure-Handling
Client implementations may offer the possibility of locally
configuring these AVPs. In such a case their value and behavior is
defined in Section 5.7 for the Credit-Control-Failure-Handling and in
Section 6.5 for the Direct-Debiting-Failure-Handling.
14. Security Considerations
Security considerations regarding the Diameter protocol itself are
discussed in [RFC6733]. Use of this application of Diameter MUST
take into consideration the security issues and requirements of the
base protocol.
This application includes a mechanism for application layer replay
protection by means of the Session-Id from [RFC6733] and CC-Request-
Number, which is specified in this document. The Diameter credit-
control application is often used within one domain, and there may be
a single hop between the peers. In these environments, the use of
TLS/TCP, DTLS/SCTP or IPsec is sufficient. The details of TLS/TCP,
DTLS/SCTP or IPsec related security considerations are discussed in
the [RFC6733].
Because this application handles monetary transactions (directly or
indirectly), it increases the interest for various security attacks.
Therefore, all parties communicating with each other MUST be
authenticated, including, for instance, TLS client-side
authentication. In addition, authorization of the client SHOULD be
emphasized; i.e., that the client is allowed to perform credit-
control for a certain user. The specific means of authorization are
outside of the scope of this specification but can be, for instance,
manual configuration.
Another kind of threat is malicious modification, injection, or
deletion of AVPs or complete credit-control messages. The credit-
control messages contain sensitive billing related information (such
as subscription Id, granted units, used units, cost information)
whose malicious modification can have financial consequences.
Sometimes simply delaying the credit-control messages can cause
disturbances in the credit-control client or server.
Even without any modification to the messages, an adversary can
eavesdrop on transactions that contain privacy-sensitive information
about the user. Also, by monitoring the credit-control messages one
Bertz, et al. Expires November 19, 2018 [Page 98]
Internet-Draft Diameter Credit-Control Application May 2018
can collect information about the credit-control server's billing
models and business relationships.
When third-party relays or proxy are involved, the hop-by-hop
security does not necessarily provide sufficient protection for
Diameter user session. In some cases, it may be inappropriate to
send Diameter messages, such as CCR and CCA, containing sensitive
AVPs via untrusted Diameter proxy agents, as there are no assurances
that third-party proxies will not modify the credit-control commands
or AVP values.
14.1. Direct Connection with Redirects
A Diameter credit-control agent cannot always know whether agents
between it and the end user's Diameter credit-control server are
reliable. In this case, the Diameter credit-control agent doesn't
have a routing entry in its Diameter Routing Table (defined in
[RFC6733], section 2.7) for the realm of the credit-control server in
the end user's home domain. The Diameter credit-control agent can
have a default route configured to a local Redirect agent, and it
redirects the CCR message to the redirect agent. The local Redirect
agent then returns a redirect notification (Result-code 3006,
DIAMETER_REDIRECT_INDICATION) to the credit-control agent, as well as
Diameter credit-control server(s) information (Redirect-Host AVP) and
information (Redirect-Host-Usage AVP) about how the routing entry
resulting from the Redirect-Host is to be used. The Diameter credit-
control agent then forwards the CCR message directly to one of the
hosts identified by the CCA message from the redirect agent. If the
value of the Redirect-Host-Usage AVP is unequal to zero, all
following messages are sent to the host specified in the Redirect-
Host AVP until the time specified by the Redirect-Max-Cache-Time AVP
is expired.
There are some authorization issues even with redirects. There may
be attacks toward nodes that have been properly authorized, but that
abuse their authorization or have been compromised. These issues are
discussed more widely in [RFC4072], Section 8.
15. Privacy Considerations
As the Diameter protocol, and especially credit-control application,
deals with subscribers and their actions, extra care should be taken
regarding the privacy of the subscribers. In terms of [RFC6973],
both the credit-control client and credit-control server are
intermediary entities, wherein the subscribers' privacy may be
compromised even if no security issues exist, and only authorized
entities have access to the privacy-sensitive information.
"IPv6 Backbone Router", draft-ietf-6lo-
backbone-router-01 (work in progress), March 2016.
[I-D.ietf-6tisch-minimal]
Vilajosana, X. and K. Pister, "Minimal 6TiSCH
Configuration", draft-ietf-6tisch-minimal-15 (work in
progress), February 2016.
[I-D.ietf-6tisch-terminology]
Palattella, M., Thubert, P., Watteyne, T., and Q. Wang,
"Terminology in IPv6 over the TSCH mode of IEEE
802.15.4e", draft-ietf-6tisch-terminology-07 (work in
progress), March 2016.
[I-D.ietf-roll-routing-dispatch]
Thubert, P., Bormann, C., Toutain, L., and R. Cragie,
"6LoWPAN Routing Header", draft-ietf-roll-routing-
dispatch-00 (work in progress), March 2016.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
DOI 10.17487/RFC0768, August 1980,
<http://www.rfc-editor.org/info/rfc768>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<http://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<http://www.rfc-editor.org/info/rfc4862>.
Thubert Expires December 12, 2016 [Page 41]
Internet-Draft 6tisch-architecture June 2016
[RFC6282] Hui, J., Ed. and P. Thubert, "Compression Format for IPv6
Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
DOI 10.17487/RFC6282, September 2011,
<http://www.rfc-editor.org/info/rfc6282>.
[RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks", RFC 6550,
DOI 10.17487/RFC6550, March 2012,
<http://www.rfc-editor.org/info/rfc6550>.
[RFC6551] Vasseur, JP., Ed., Kim, M., Ed., Pister, K., Dejean, N.,
and D. Barthel, "Routing Metrics Used for Path Calculation
in Low-Power and Lossy Networks", RFC 6551,
DOI 10.17487/RFC6551, March 2012,
<http://www.rfc-editor.org/info/rfc6551>.
[RFC6552] Thubert, P., Ed., "Objective Function Zero for the Routing
Protocol for Low-Power and Lossy Networks (RPL)",
RFC 6552, DOI 10.17487/RFC6552, March 2012,
<http://www.rfc-editor.org/info/rfc6552>.
[RFC6553] Hui, J. and JP. Vasseur, "The Routing Protocol for Low-
Power and Lossy Networks (RPL) Option for Carrying RPL
Information in Data-Plane Datagrams", RFC 6553,
DOI 10.17487/RFC6553, March 2012,
<http://www.rfc-editor.org/info/rfc6553>.
[RFC6554] Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6
Routing Header for Source Routes with the Routing Protocol
for Low-Power and Lossy Networks (RPL)", RFC 6554,
DOI 10.17487/RFC6554, March 2012,
<http://www.rfc-editor.org/info/rfc6554>.
[RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
Bormann, "Neighbor Discovery Optimization for IPv6 over
Low-Power Wireless Personal Area Networks (6LoWPANs)",
RFC 6775, DOI 10.17487/RFC6775, November 2012,
<http://www.rfc-editor.org/info/rfc6775>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252,
DOI 10.17487/RFC7252, June 2014,
<http://www.rfc-editor.org/info/rfc7252>.
Thubert Expires December 12, 2016 [Page 42]
Internet-Draft 6tisch-architecture June 2016
[RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
Internet of Things (IoT): Problem Statement", RFC 7554,
DOI 10.17487/RFC7554, May 2015,
<http://www.rfc-editor.org/info/rfc7554>.
8.2. Informative References
[I-D.ietf-6tisch-6top-interface]
Wang, Q. and X. Vilajosana, "6TiSCH Operation Sublayer
(6top) Interface", draft-ietf-6tisch-6top-interface-04
(work in progress), July 2015.
[I-D.ietf-6tisch-6top-protocol]
Wang, Q. and X. Vilajosana, "6top Protocol (6P)", draft-
ietf-6tisch-6top-protocol-00 (work in progress), April
2016.
[I-D.ietf-6tisch-6top-sf0]
Dujovne, D., Grieco, L., Palattella, M., and N. Accettura,
"6TiSCH 6top Scheduling Function Zero (SF0)", draft-ietf-
6tisch-6top-sf0-00 (work in progress), May 2016.
[I-D.ietf-6tisch-coap]
Sudhaakar, R. and P. Zand, "6TiSCH Resource Management and
Interaction using CoAP", draft-ietf-6tisch-coap-03 (work
in progress), March 2015.
[I-D.ietf-detnet-use-cases]
Grossman, E., Gunther, C., Thubert, P., Wetterwald, P.,
Raymond, J., Korhonen, J., Kaneko, Y., Das, S., Zha, Y.,
Varga, B., Farkas, J., Goetz, F., and J. Schmitt,
"Deterministic Networking Use Cases", draft-ietf-detnet-
use-cases-09 (work in progress), March 2016.
[I-D.ietf-manet-aodvv2]
Perkins, C., Ratliff, S., Dowdell, J., Steenbrink, L., and
V. Mercieca, "Ad Hoc On-demand Distance Vector Version 2
(AODVv2) Routing", draft-ietf-manet-aodvv2-16 (work in
progress), May 2016.
[I-D.ietf-roll-rpl-industrial-applicability]
Phinney, T., Thubert, P., and R. Assimiti, "RPL
applicability in industrial networks", draft-ietf-roll-
rpl-industrial-applicability-02 (work in progress),
October 2013.
Thubert Expires December 12, 2016 [Page 43]
Internet-Draft 6tisch-architecture June 2016
[I-D.richardson-6tisch-security-architecture]
Richardson, M., "security architecture for 6top:
requirements and structure", draft-richardson-6tisch-
security-architecture-02 (work in progress), April 2014.
[I-D.struik-6tisch-security-architecture-elements]
Struik, R., Ohba, Y., and S. Das, "6TiSCH Security
Architectural Elements, Desired Protocol Properties, and
Framework", draft-struik-6tisch-security-architecture-
elements-01 (work in progress), October 2014.
[I-D.svshah-tsvwg-deterministic-forwarding]
Shah, S. and P. Thubert, "Deterministic Forwarding PHB",
draft-svshah-tsvwg-deterministic-forwarding-04 (work in
progress), August 2015.
[I-D.svshah-tsvwg-lln-diffserv-recommendations]
Shah, S. and P. Thubert, "Differentiated Service Class
Recommendations for LLN Traffic", draft-svshah-tsvwg-lln-
diffserv-recommendations-04 (work in progress), February
2015.
[I-D.thubert-6lo-rfc6775-update-reqs]
Thubert, P. and P. Stok, "Requirements for an update to
6LoWPAN ND", draft-thubert-6lo-rfc6775-update-reqs-07
(work in progress), April 2016.
[I-D.thubert-roll-forwarding-frags]
Thubert, P. and J. Hui, "LLN Fragment Forwarding and
Recovery", draft-thubert-roll-forwarding-frags-02 (work in
progress), September 2013.
[I-D.vanderstok-core-comi]
Stok, P. and A. Bierman, "CoAP Management Interface",
draft-vanderstok-core-comi-09 (work in progress), March
2016.
[I-D.wang-6tisch-6top-sublayer]
Wang, Q. and X. Vilajosana, Bertz, et al. Expires November 19, 2018 [Page 99]
Internet-Draft Diameter Credit-Control Application May 2018
15.1. Privacy Sensitive AVPs
The following AVPs contain privacy-sensitive information at different
levels:
1. CC-Correlation-Id AVP: may contain privacy-sensitive information
as the service-provider may encode personal information that
helps it correlate different subscriptions and access
technologies.
2. Check-Balance-Result AVP: contains information on the balance
status of the subscriber.
3. Currency-Code AVP: contains information on the subscriber's
locale.
4. Cost-Unit AVP: contains privacy-sensitive information, as a
human readable format of the Cost-Information AVP.
5. Service-Identifier AVP: may contain privacy-sensitive
information about the subscriber's internet activity.
6. Rating-Group AVP: may contain privacy-sensitive information
about the subscriber's internet activity.
7. Restriction-Filter-Rule AVP: the information inside IPFilterRule
may be used to infer services used by the subscriber.
8. Redirect-Server-Address AVP: the service-provider may embed
personal information on the subscriber in the URL/I (e.g. to
create a personalized message). However, the service-provider
may anonymise the subscriber's identity instead in the URL/I,
and let the redirect server query the information directly.
Similar AVPs are: Redirect-Address-URL, Redirect-Address-SIP-
URI.
9. Service-Context-Id AVP: depending with how the service-provider
uses it, it may contain privacy-sensitive information about the
service (e.g. in a 3GPP network Service-Context-Id AVP has a
different value for: Packet Switching, SMS and MMS etc.)
10. Service-Parameter-Info AVP: depending with how the service-
provider uses it, it may contain privacy-sensitive information
about the subscriber (e.g. location).
11. Subscription-Id-Data AVP: contains the identity of the
subscriber. Similar AVPs are: Subscription-Id-E164,
Bertz, et al. Expires November 19, 2018 [Page 100]
Internet-Draft Diameter Credit-Control Application May 2018
Subscription-Id-IMSI, Subscription-Id-SIP-URI, Subscription-Id-
NAI, Subscription-Id-Private.
12. User-Equipment-Info-Value AVP: contains the identity of the
device of the subscriber. Similar AVPs are: User-Equipment-
Info-IMEISV, User-Equipment-Info-MAC, User-Equipment-Info-EUI64,
User-Equipment-Info-ModifiedEUI64, User-Equipment-Info-IMEI.
13. QoS-Final-Unit-Indication AVP: grouped AVP which may contains
privacy-sensitive information in its sub-AVPs (e.g IPFilterRule,
redirect address).
Note that some AVPs which are used in this document are defined in
[RFC6733] and may contain privacy-sensitive information. These AVPs
are not listed above.
15.2. Data Minimization
Due to the nature of the credit-control application, some personal
data and identity information must be stored in both credit-control
client and credit-control server. This, however, could be minimized
by following these guidelines:
1. Data stored in the credit-control client does not need to be
persisted across sessions. All data could be deleted once the
session end, and reconstructed once a new session is initialized.
Note that, while the credit-control server is usually owned by
the service provider with which the subscriber already has some
direct legal or business relationship (where privacy level could
be agreed upon), this is not always true for the credit-control
client, that may be owned by a third-party.
2. Some information about the subscriber has to be stored in
persistent storage in the credit-control server (e.g. identity,
balance), however, per transaction information does not have to
be stored in persistent storage, and per session information may
be deleted from persistent storage once the session ends.
3. In some cases, per transaction information has to be stored on
the credit-control server, client, or both, for regulatory,
auditability or debugging reasons. However, this could be
minimized by following these guidelines:
A. Data retention does not need to exceed the required duration.
B. Transaction information could be aggregated in some cases.
E.g. prefer information per sessions over information per
Bertz, et al. Expires November 19, 2018 [Page 101]
Internet-Draft Diameter Credit-Control Application May 2018
rating-group; prefer hourly byte summary over per transaction
byte counts.
C. If not strictly needed, the more sensitive information (E.g.
location, equipment type) could be filtered out of such logs.
This information is often used to make rating decisions, and
in this case, the rating decision should be logged instead of
the data used to make them.
D. Due to the reasons explained in 1, the credit-control server
would be a preferred location for storing such transaction
information, instead of the credit-control client
15.3. Diameter Agents
Diameter agents, as described in [RFC6733], may be owned by third-
parties. If end-to-end security is supported between credit-control
client and credit-control server, the operator can use it to encrypt
privacy-sensitive AVPs (as listed in Section 15.1), and prevent such
information from leaking into the agent.
In some cases, the Diameter agent needs access into privacy-sensitive
AVPs, in order to take correct routing decisions, or even modify the
content of these AVPs. For example, a proxy agent may need to look
into the Subscription-Id-IMSI AVP, in order to extract the mobile
country and network codes of the user, and use them to lookup the
destination to which the request should be routed (see: section 2.8.2
in [RFC6733]). In such a case, the credit-control client and credit-
control server may use a mechanism that anonymizes the identity of
the subscriber, as well as a mechanism to encrypt other AVPs not used
by the agent.
16. References
16.1. Normative References
[CE164] "Complement to ITU-T Recommendation E.164 (05/1997):"List
of ITU-T Recommendation E.164 assigned country codes"",
June 2000.
[CE212] "Complement to ITU-T Recommendation E.212 (11/1997):" List
of mobile country or geographical area codes"", February
1999.
[E164] "Recommendation E.164/I.331 (05/97): The International
Public Telecommunication Numbering Plan.", 1997.
Bertz, et al. Expires November 19, 2018 [Page 102]
Internet-Draft Diameter Credit-Control Application May 2018
[E212] "Recommendation E.212 (11/98): The international
identification plan for mobile terminals and mobile
users.", 1998.
[EUI64] IEEE, ""Guidelines for 64-bit Global Identifier (EUI-64)
Registration Authority"", March 1997,
<http://standards.ieee.org/regauth/oui/tutorials/
EUI64.html >.
[ISO4217] "Codes for the representation of currencies and funds,
International Standard ISO 4217", 2001.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston,
A., Peterson, J., Sparks, R., Handley, M., and E.
Schooler, "SIP: Session Initiation Protocol", RFC 3261,
DOI 10.17487/RFC3261, June 2002,
<https://www.rfc-editor.org/info/rfc3261>.
[RFC3539] Aboba, B. and J. Wood, "Authentication, Authorization and
Accounting (AAA) Transport Profile", RFC 3539,
DOI 10.17487/RFC3539, June 2003,
<https://www.rfc-editor.org/info/rfc3539>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC4006] Hakala, H., Mattila, L., Koskinen, J-P., Stura, M., and J.
Loughney, "Diameter Credit-Control Application", RFC 4006,
DOI 10.17487/RFC4006, August 2005,
<https://www.rfc-editor.org/info/rfc4006>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
Bertz, et al. Expires November 19, 2018 [Page 103]
Internet-Draft Diameter Credit-Control Application May 2018
[RFC5777] Korhonen, J., Tschofenig, H., Arumaithurai, M., Jones, M.,
Ed., and A. Lior, "Traffic Classification and Quality of
Service (QoS) Attributes for Diameter", RFC 5777,
DOI 10.17487/RFC5777, February 2010,
<https://www.rfc-editor.org/info/rfc5777>.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
Address Text Representation", RFC 5952,
DOI 10.17487/RFC5952, August 2010,
<https://www.rfc-editor.org/info/rfc5952>.
[RFC6733] Fajardo, V., Ed., Arkko, J., Loughney, J., and G. Zorn,
Ed., "Diameter Base Protocol", RFC 6733,
DOI 10.17487/RFC6733, October 2012,
<https://www.rfc-editor.org/info/rfc6733>.
[RFC7155] Zorn, G., Ed., "Diameter Network Access Server
Application", RFC 7155, DOI 10.17487/RFC7155, April 2014,
<https://www.rfc-editor.org/info/rfc7155>.
[RFC7423] Morand, L., Ed., Fajardo, V., and H. Tschofenig, "Diameter
Applications Design Guidelines", BCP 193, RFC 7423,
DOI 10.17487/RFC7423, November 2014,
<https://www.rfc-editor.org/info/rfc7423>.
[RFC7542] DeKok, A., "The Network Access Identifier", RFC 7542,
DOI 10.17487/RFC7542, May 2015,
<https://www.rfc-editor.org/info/rfc7542>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[TGPPIMEI]
3rd Generation Partnership Project, "Technical
Specification Group Core Network, Numbering, addressing
and identification, (release 13), 3GPP TS 23.003 v.
13.5.0", 2016-04.
16.2. Informative References
[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866,
DOI 10.17487/RFC2866, June 2000,
<https://www.rfc-editor.org/info/rfc2866>.
Bertz, et al. Expires November 19, 2018 [Page 104]
Internet-Draft Diameter Credit-Control Application May 2018
[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G., and J. Roese,
"IEEE 802.1X Remote Authentication Dial In User Service
(RADIUS) Usage Guidelines", RFC 3580,
DOI 10.17487/RFC3580, September 2003,
<https://www.rfc-editor.org/info/rfc3580>.
[RFC3725] Rosenberg, J., Peterson, J., Schulzrinne, H., and G.
Camarillo, "Best Current Practices for Third Party Call
Control (3pcc) in the Session Initiation Protocol (SIP)",
BCP 85, RFC 3725, DOI 10.17487/RFC3725, April 2004,
<https://www.rfc-editor.org/info/rfc3725>.
[RFC4004] Calhoun, P., Johansson, T., Perkins, C., Hiller, T., Ed.,
and P. McCann, "Diameter Mobile IPv4 Application",
RFC 4004, DOI 10.17487/RFC4004, August 2005,
<https://www.rfc-editor.org/info/rfc4004>.
[RFC4072] Eronen, P., Ed., Hiller, T., and G. Zorn, "Diameter
Extensible Authentication Protocol (EAP) Application",
RFC 4072, DOI 10.17487/RFC4072, August 2005,
<https://www.rfc-editor.org/info/rfc4072>.
[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
Morris, J., Hansen, M., and R. Smith, "Privacy
Considerations for Internet Protocols", RFC 6973,
DOI 10.17487/RFC6973, July 2013,
<https://www.rfc-editor.org/info/rfc6973>.
[TGPPCHARG]
3rd Generation Partnership Project, "Technical
Specification Group Services and System Aspects, Service
aspects; Charging and Billing, (release 13), 3GPP TS
22.115 v. 13.3.0", 2016-03.
Appendix A. Acknowledgements
The original authors of RFC4006 are: Harri Hakala, Leena Mattila,
Juha-Pekka Koskinen, Marco Stura, and John Loughney.
The authors would like to thank Bernard Aboba, Jari Arkko, Robert
Ekblad, Pasi Eronen, Benny Gustafsson, Robert Karlsson, Avi Lior,
Paco Marin, Jussi Maki, Jeff Meyer, Anne Narhi, John Prudhoe,
Christopher Richards, Juha Vallinen, and Mark Watson for their
comments and suggestions.
Bertz, et al. Expires November 19, 2018 [Page 105]
Internet-Draft Diameter Credit-Control Application May 2018
Appendix B. Credit-Control Sequences
B.1. Flow I
NAS
End User (CC Client) AAA Server CC Server
|(1)User Logon |(2)AA Request (CC AVPs) |
|------------------>|------------------->| |
| | |(3)CCR(initial, CC AVPs)
| | |------------------->|
| | | (4)CCA(Granted-Units)
| | |<-------------------|
| |(5)AA Answer(Granted-Units) |
|(6)Access granted |<-------------------| |
|<----------------->| | |
| | | |
: : : :
| |(7)CCR(update,Used-Units) |
| |------------------->|(8)CCR |
| | | (update,Used-Units)
| | |------------------->|
| | |(9)CCA(Granted-Units)
| |(10)CCA(Granted-Units)<------------------|
| |&"6TiSCH Operation Sublayer
(6top)", draft-wang-6tisch-6top-sublayer-04 (work in
progress), November 2015.
[RFC2474] Nichols, K., Blake, S., Baker, F., and D. Black,
"Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474,
DOI 10.17487/RFC2474, December 1998,
<http://www.rfc-editor.org/info/rfc2474>.
Thubert Expires December 12, 2016 [Page 44]
Internet-Draft 6tisch-architecture June 2016
[RFC2545] Marques, P. and F. Dupont, "Use of BGP-4 Multiprotocol
Extensions for IPv6 Inter-Domain Routing", RFC 2545,
DOI 10.17487/RFC2545, March 1999,
<http://www.rfc-editor.org/info/rfc2545>.
[RFC3209] Awduche, D., Berger, L., Gan, D., Li, T., Srinivasan, V.,
and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP
Tunnels", RFC 3209, DOI 10.17487/RFC3209, December 2001,
<http://www.rfc-editor.org/info/rfc3209>.
[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between
Information Models and Data Models", RFC 3444,
DOI 10.17487/RFC3444, January 2003,
<http://www.rfc-editor.org/info/rfc3444>.
[RFC3610] Whiting, D., Housley, R., and N. Ferguson, "Counter with
CBC-MAC (CCM)", RFC 3610, DOI 10.17487/RFC3610, September
2003, <http://www.rfc-editor.org/info/rfc3610>.
[RFC3963] Devarapalli, V., Wakikawa, R., Petrescu, A., and P.
Thubert, "Network Mobility (NEMO) Basic Support Protocol",
RFC 3963, DOI 10.17487/RFC3963, January 2005,
<http://www.rfc-editor.org/info/rfc3963>.
[RFC3971] Arkko, J., Ed., Kempf, J., Zill, B., and P. Nikander,
"SEcure Neighbor Discovery (SEND)", RFC 3971,
DOI 10.17487/RFC3971, March 2005,
<http://www.rfc-editor.org/info/rfc3971>.
[RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)",
RFC 3972, DOI 10.17487/RFC3972, March 2005,
<http://www.rfc-editor.org/info/rfc3972>.
[RFC4080] Hancock, R., Karagiannis, G., Loughney, J., and S. Van den
Bosch, "Next Steps in Signaling (NSIS): Framework",
RFC 4080, DOI 10.17487/RFC4080, June 2005,
<http://www.rfc-editor.org/info/rfc4080>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <http://www.rfc-editor.org/info/rfc4291>.
[RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
Proxies (ND Proxy)", RFC 4389, DOI 10.17487/RFC4389, April
2006, <http://www.rfc-editor.org/info/rfc4389>.
Thubert Expires December 12, 2016 [Page 45]
Internet-Draft 6tisch-architecture June 2016
[RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD)
for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006,
<http://www.rfc-editor.org/info/rfc4429>.
[RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903,
DOI 10.17487/RFC4903, June 2007,
<http://www.rfc-editor.org/info/rfc4903>.
[RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
over Low-Power Wireless Personal Area Networks (6LoWPANs):
Overview, Assumptions, Problem Statement, and Goals",
RFC 4919, DOI 10.17487/RFC4919, August 2007,
<http://www.rfc-editor.org/info/rfc4919>.
[RFC5191] Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H.,
and A. Yegin, "Protocol for Carrying Authentication for
Network Access (PANA)", RFC 5191, DOI 10.17487/RFC5191,
May 2008, <http://www.rfc-editor.org/info/rfc5191>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<http://www.rfc-editor.org/info/rfc5340>.
[RFC5889] Baccelli, E., Ed. and M. Townsley, Ed., "IP Addressing
Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889,
September 2010, <http://www.rfc-editor.org/info/rfc5889>.
[RFC5974] Manner, J., Karagiannis, G., and A. McDonald, "NSIS
Signaling Layer Protocol (NSLP) for Quality-of-Service
Signaling", RFC 5974, DOI 10.17487/RFC5974, October 2010,
<http://www.rfc-editor.org/info/rfc5974>.
[RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility
Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July
2011, <http://www.rfc-editor.org/info/rfc6275>.
[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
January 2012, <http://www.rfc-editor.org/info/rfc6347>.
[RFC6620] Nordmark, E., Bagnulo, M., and E. Levy-Abegnoli, "FCFS
SAVI: First-Come, First-Served Source Address Validation
Improvement for Locally Assigned IPv6 Addresses",
RFC 6620, DOI 10.17487/RFC6620, May 2012,
<http://www.rfc-editor.org/info/rfc6620>.
Thubert Expires December 12, 2016 [Page 46]
Internet-Draft 6tisch-architecture June 2016
[RFC6655] McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for
Transport Layer Security (TLS)", RFC 6655,
DOI 10.17487/RFC6655, July 2012,
<http://www.rfc-editor.org/info/rfc6655>.
[RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
Locator/ID Separation Protocol (LISP)", RFC 6830,
DOI 10.17487/RFC6830, January 2013,
<http://www.rfc-editor.org/info/rfc6830>.
[RFC6997] Goyal, M., Ed., Baccelli, E., Philipp, M., Brandt, A., and
J. Martocci, "Reactive Discovery of Point-to-Point Routes
in Low-Power and Lossy Networks", RFC 6997,
DOI 10.17487/RFC6997, August 2013,
<http://www.rfc-editor.org/info/rfc6997>.
[RFC7426] Haleplidis, E., Ed., Pentikousis, K., Ed., Denazis, S.,
Hadi Salim, J., Meyer, D., and O. Koufopavlou, "Software-
Defined Networking (SDN): Layers and Architecture
Terminology", RFC 7426, DOI 10.17487/RFC7426, January
2015, <http://www.rfc-editor.org/info/rfc7426>.
8.3. Other Informative References
[ACE] IETF, "Authentication and Authorization for Constrained
Environments", <https://dataTracker.ietf.org/doc/charter-
ietf-ace/>.
[CCAMP] IETF, "Common Control and Measurement Plane",
<https://dataTracker.ietf.org/doc/charter-ietf-ccamp/>.
[DETNET] IETF, "Deterministic Networking",
<https://datatracker.ietf.org/doc/charter-ietf-detnet/>.
[DICE] IETF, "DTLS In Constrained Environments",
<https://dataTracker.ietf.org/doc/charter-ietf-dice/>.
[HART] www.hartcomm.org, "Highway Addressable remote Transducer,
a group of specifications for industrial process and
control devices administered by the HART Foundation".
[IEC62439]
IEC, "Industrial communication networks - High
availability automation networks - Part 3: Parallel
Redundancy Protocol (PRP) and High-availability Seamless
Redundancy (HSR) - IEC62439-3", 2012,
<https://webstore.iec.ch/publication/7018>.
Thubert Expires December 12, 2016 [Page 47]
Internet-Draft 6tisch-architecture June 2016
[IEEE802.1TSNTG]
IEEE Standards Association, "IEEE 802.1 Time-Sensitive
Networks Task Group", March 2013,
<http://www.ieee802.org/1/pages/avbridges.html>.
[IEEE802154]
IEEE standard for Information Technology, "IEEE std.
802.15.4, Part. 15.4: Wireless Medium Access Control (MAC)
and Physical Layer (PHY) Specifications for Low-Rate
Wireless Personal Area Networks".
[IEEE802154e]
IEEE standard for Information Technology, "IEEE standard
for Information Technology, IEEE std. 802.15.4, Part.
15.4: Wireless Medium Access Control (MAC) and Physical
Layer (PHY) Specifications for Low-Rate Wireless Personal
Area Networks, June 2011 as amended by IEEE std.
802.15.4e, Part. 15.4: Low-Rate Wireless Personal Area
Networks (LR-WPANs) Amendment 1: MAC sublayer", April
2012.
[ISA100] ISA/ANSI, "ISA100, Wireless Systems for Automation",
<https://www.isa.org/isa100/>.
[ISA100.11a]
ISA/ANSI, "Wireless Systems for Industrial Automation:
Process Control and Related Applications - ISA100.11a-2011
- IEC 62734", 2011, <http://www.isa.org/Community/
SP100WirelessSystemsforAutomation>.
[PCE] IETF, "Path Computation Element",
<https://dataTracker.ietf.org/doc/charter-ietf-pce/>.
[TEAS] IETF, "Traffic Engineering Architecture and Signaling",
<https://dataTracker.ietf.org/doc/charter-ietf-teas/>.
[WirelessHART]
www.hartcomm.org, "Industrial Communication Networks -
Wireless Communication Network and Communication Profiles
- WirelessHART - IEC 62591", 2010.
Appendix A. Personal submissions relevant to upcoming work
This document covers a portion of the total work that is needed to
cover the full 6TiSCH architecture. Missing portions at this time
include Deterministic Networking with Track Forwarding, Dynamic
Scheduling, and Security.
Thubert Expires December 12, 2016 [Page 48]
Internet-Draft 6tisch-architecture June 2016
[I-D.richardson-6tisch-security-architecture] elaborates on the
potential use of 802.1AR certificates, and some options for the join
process are presented in more details.
[I-D.struik-6tisch-security-architecture-elements] describes 6TiSCH
security architectural elements with high level requirements and the
security framework that are relevant for the design of the 6TiSCH
security solution.
Author's Address
Pascal Thubert (editor)
Cisco Systems, Inc
Building D
45 Allee des Ormes - BP1200
MOUGINS - Sophia Antipolis 06254
FRANCE
Phone: +33 497 23 26 34
Email: pthubert@cisco.com
Thubert Expires December 12, 2016 [Page 49]