Group Communication for CoAP
draft-ietf-core-groupcomm-09
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 7390.
|
|
---|---|---|---|
Authors | Akbar Rahman , Esko Dijk | ||
Last updated | 2013-05-29 | ||
Replaces | draft-rahman-core-groupcomm | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Reviews | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 7390 (Experimental) | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-ietf-core-groupcomm-09
Internet-Draft Group Communication for CoAP May 2013 o A large room (Room-A) with three lights (Light-1, Light-2, Light-3) controlled by a Light Switch. The devices are organized into two subnets. In reality, there could be more lights (up to several hundreds) but these are not shown for clarity. o Light-1 and the Light Switch are connected to a router (Rtr-1). o Light-2 and the Light-3 are connected to another router (Rtr-2). o The routers are connected to an IPv6 network backbone which is also multicast enabled. In the general case, this means the network backbone and Rtr-1/Rtr-2 support a PIM based multicast routing protocol, and Multicast Listener Discovery (MLD) for forming groups. In a limited case, if the network backbone is one link, then the routers only have to support MLD-snooping (Appendix A) for the following use cases to work. o A CoAP RD is connected to the network backbone. o The DNS server is optional. If the server is there (connected to the network backbone) then certain DNS based features are available (e.g., DNS resolution of URI to IP multicast address). If the DNS server is not there, then different manual provisioning of the network is required (e.g., IP multicast addresses are hard- coded into devices). o A Controller (client) is connected to the backbone, which is able to control various building functions including lighting. Network Backbone ################################################ | # ********************** Room-A # | # ** Subnet-1 ** # | Rahman & Dijk Expires November 30, 2013 [Page 15] Internet-Draft Group Communication for CoAP May 2013 # * ** # | # * +----------+ * # | # * | Light |-------+ * # | # * | Switch | | * # | # * +----------+ +---------+ * # | # * | Rtr-1 |-----------------------------+ # * +---------+ * # | # * +----------+ | * # | # * | Light-1 |--------+ * # | # * +----------+ * # | # * * # | # ** ** # | # ********************** # | # # | # ********************** # | # ** Subnet-2 ** # | # * ** # | # * +----------+ * # | # * | Light-2 |-------+ * # | # * | | | * # | # * +----------+ +---------+ * # | # * | Rtr-2 |-----------------------------+ # * +---------+ * # | # * +----------+ | * # | # * | Light-3 |--------+ * # | # * +----------+ * # +------------+ | # * * # | Controller |--+ # ** ** # | Client | | # ********************** # +------------+ | ################################################ | | +------------+ | | CoAP | | | Resource |-----------------+ | Directory | | +------------+ | +------------+ | | DNS Server | | | (Optional) |-----------------+ +------------+ Figure 1: Network Topology of a Large Room (Room-A) 4.3. Discovery of Resource Directory The protocol flow for discovery of the CoAP RD for the given network (of Figure 1) is shown in Figure 2: Rahman & Dijk Expires November 30, 2013 [Page 16] Internet-Draft Group Communication for CoAP May 2013 o The fixture for Light-2 is installed and powered on for the first time. o Light-2 will then search for the local CoAP RD by sending out a GET request (with the "/.well-known/core?rt=core.rd" request URI) to the site-local "All CoAP Nodes" multicast address. o This multicast message will then go to each node in subnet-2. Rtr-2 will then forward into to the Network Backbone where it will be received by the CoAP RD. All other nodes in subnet-2 will ignore the multicast GET because it is qualified by the query string "?rt=core.rd" (which indicates it should only be processed by the endpoint if it is a RD). o The CoAP RD will then send back a unicast response containing the requested content. o Note that the flow is shown only for Light-2 for clarity. Similar flows will happen for Light-1, Light-3 and the Light Switch when they are first powered on. The CoAP RD may also be discovered by other means such as by assuming a default location (e.g., on a 6LBR), using DHCP, anycast address, etc. However, these approaches do not invoke CoAP group communication so are not further discussed here. For other discovery use cases such as discovering local CoAP servers, services or resources group communication can be used in a similar fashion as in the above use case. Both Link-Local (LL) and site- local discovery are possible this way. Light CoAP Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 RD | | | | | | | | | | | | | | ********************************** | | | * Light-2 is installed * | | | * and powers on for first time * | | | ********************************** | | | | | | | | | | | | | | | | | | | COAP NON Mcast(GET | | | | /.well-known/core?rt=core.rd) | | | |--------->-------------------------------->| | | | | | | |--------->| | | | | | | | | | | | | | | Rahman & Dijk Expires November 30, 2013 [Page 17] Internet-Draft Group Communication for CoAP May 2013 | | COAP NON (2.05 Content | | | | </rd>;rt="core.rd";ins="Primary") |<---------| | |<------------------------------------------| | | | | | | | | Figure 2: Resource Directory Discovery via Multicast Message 4.4. Lighting Control The protocol flow for a building automation lighting control scenario for the network (Figure 1) in 6LoWPAN configuration is shown in sequence in Figure 3 for the case that the CoAP servers in each Light are configured to not generate a CoAP response to lighting control CoAP multicast requests. (See Section 3.7 for more details on response suppression by a server.) In addition, Figure 4 shows a protocol flow example for the case that servers do respond to a lighting control multicast request with (unicast) CoAP NON responses. There are two success responses and one 5.00 error response. In this particular use case the Light Switch does not check, based on the responses, that all Lights in the group actually received the multicast request, because it is not configured with an exhaustive list of IP addresses of all Lights belonging to the group. However, based on received error responses it could take additional action such as logging a fault or alerting the user via its LCD display. Reliability of CoAP multicast is not guaranteed. Therefore, one or more lights in the group may not have received the CoAP control request due to packet loss. In this use case there is no detection nor correction of such situations: the application layer expects that the multicast forwarding/routing will be of sufficient quality to provide on average a very high probability of packet delivery to all CoAP endpoints in a multicast group. An example protocol to accomplish this is the MPL forwarding protocol for LLNs [I-D.ietf-roll-trickle-mcast]. We assume the following steps have already occurred before the illustrated flows: 1. Startup phase: 6LoWPANs are formed. IPv6 addresses assigned to all devices. The CoAP network is formed. 2. Network configuration (application-independent): 6LBRs are configured with multicast address blocks to filter out or to pass through to/from the 6LoWPAN. Rahman & Dijk Expires November 30, 2013 [Page 18] Internet-Draft Group Communication for CoAP May 2013 3. Commissioning phase (application-related): The IP multicast address of the group (Room-A-Lights) has been configured in all the Lights and in the Light Switch. 4. As an alternative to the previous step, when a DNS server is available, the Light Switch and/or the Lights have been configured with a group hostname which each nodes resolves to the above IP multicast address of the group. Note for the Commissioning phase: the switch's software supports sending unicast, multicast or proxied unicast/multicast CoAP requests, including processing of the multiple responses that may be generated by a multicast CoAP request. Light Network Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone | | | | | | | | | | | | | | | | *********************** | | | | * User flips on * | | | | * light switch to * | | | | * turn on all the * | | | | * lights in Room A * | | | | *********************** | | | | | | | | | | | | | | | | | | | COAP NON Mcast(PUT, | | | | | Payload=lights ON) | | |<-------------------------------+--------->| | | ON | | | |-------------------->| | | | | | |<---------| | |<---------|<-------------------------------| | | ON ON | | | | ^ ^ ^ | | | | *********************** | | | | * Lights in Room-A * | | | | * turn on (nearly * | | | | * simultaneously) * | | | | *********************** | | | | | | | | | | | Figure 3: Light Switch Sends Multicast Control Message Light Network Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone Rahman & Dijk Expires November 30, 2013 [Page 19] Internet-Draft Group Communication for CoAP May 2013 | | | | | | | | COAP NON (2.04 Changed) | | | | |------------------------------->| | | | | | | | | | | | | | | | | | | COAP NON (2.04 Changed) | | | | |------------------------------------------>| | | | | | | |--------->| | | | | |<--------------------| | | | |<---------| | | | | | | | | | | | COAP NON (5.00 Internal Server Error) | | | |------------------------------->| | | | | | | |--------->| | | | | |<--------------------| | | | |<---------| | | | | | | | | | Figure 4: Lights (Optionally) Respond to Multicast CoAP Request Another, but similar, lighting control use case is shown in Figure 5. In this case a controller connected to the Network Backbone sends a CoAP multicast request to turn on all lights in Room-A. Every Light sends back a CoAP response to the Controller after being turned on. Network Light-1 Light-2 Light-3 Rtr-1 Rtr-2 Backbone Controller | | | | | | | | | | | | COAP NON Mcast(PUT, | | | | | Payload=lights ON) | | | | | |<-------| | | | |<----------<---------| | |<--------------------------------| | | | ON | | | | | | | |<----------<---------------------| | | | ON ON | | | | ^ ^ ^ | | | | *********************** | | | | * Lights in Room-A * | | | | * turn on (nearly * | | | | * simultaneously) * | | | | *********************** | | | | | | | | | | | | | | | | | | | COAP NON (2.04 Changed) | | | | |-------------------------------->| | | | Rahman & Dijk Expires November 30, 2013 [Page 20] Internet-Draft Group Communication for CoAP May 2013 | | | |-------------------->| | | | COAP NON (2.04 Changed) | |------->| | |-------------------------------->| | | | | | | |--------->| | | | | COAP NON (2.04 Changed) |------->| | | |--------------------->| | | | | | | |--------->| | | | | | | |------->| | | | | | | | Figure 5: Controller On Backbone Sends Multicast Control Message 4.5. Lighting Control in MLD Enabled Network The use case of previous section can also apply in networks where nodes support the MLD protocol [RFC3810]. The Lights then take on the role of MLDv2 listener and the routers (Rtr-1, Rtr-2) are MLDv2 Routers. In the Ethernet based network configuration, MLD may be available on all involved network interfaces. Use of MLD in the 6LoWPAN based configuration is also possible, but requires MLD support in all nodes in the 6LoWPAN which is usually not implemented in many deployments. The resulting protocol flow is shown in Figure 6. This flow is executed after the commissioning phase, as soon as Lights are configured with a group address to listen to. The (unicast) MLD Reports may require periodic refresh activity as specified by the MLD protocol. In the figure, LL denotes Link Local communication. After the shown sequence of MLD Report messages has been executed, both Rtr-1 and Rtr-2 are automatically configured to forward multicast traffic destined to Room-A-Lights onto their connected subnet. Hence, no manual Network Configuration of routers, as previously indicated in Section 4.4, is needed anymore. Light Network Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone | | | | | | | | | | | | | | | | | | | | | | MLD Report: Join | | | | | | Group (Room-A-Lights) | | | | |---LL------------------------------------->| | | | | | | |MLD Report: Join | | | | | |Group (Room-A-Lights)| | | | | |---LL---->----LL---->| Rahman & Dijk Expires November 30, 2013 [Page 21] Internet-Draft Group Communication for CoAP May 2013 | | | | | | | | | MLD Report: Join | | | | | | Group (Room-A-Lights) | | | | |---LL------------------------------------->| | | | | | | | | | | | MLD Report: Join | | | | | | Group (Room-A-Lights) | | | | |---LL-------------------------->| | | | | | | | | | | | | |MLD Report: Join | | | | | |Group (Room-A-Lights)| | | | | |<--LL-----+---LL---->| | | | | | | | | | | | | | | Figure 6: Joining Lighting Groups Using MLD 4.6. Commissioning the Network Based On Resource Directory This section outlines how devices in the lighting use case (both Switches and Lights) can be commissioned, making use of Resource Directory [I-D.shelby-core-resource-directory] and its group configuration feature. Once the Resource Directory (RD) is discovered, the Switches and Lights need to be discovered and their groups need to be defined. For the commissioning of these devices, a commissioning tool can be used that defines the entries in the RD. The commissioning tool has the authority to change the contents of the RD and the nodes. DTLS based security is used by the commissioning tool to modify operational data in RD, Switches and Lights. In our particular use case, a group of three lights is defined with one multicast address and hostname "Room-A-Lights.floor1.west.bldg6.example.com". The commissioning device has a list of the three lights and the associated multicast address. For each light in the list the tool learns the IP address of the light and instructs the RD with 3 POST commands to store the end-points associated with the three lights as prescribed by RD. Finally the commissioning device defines the group in the RD to contain these three end-points. Also the commissioning tool writes the MC address in the Lights with, for example, the POST /gp command discussed in Section 3.6. Rahman & Dijk Expires November 30, 2013 [Page 22] Internet-Draft Group Communication for CoAP May 2013 The light switch can discover the group in RD and learn the MC address of the group. The light switch will use this address to send MC commands to the members of the group. When the message arrives the Lights should recognize the MC address and accept the message. 5. Deployment Guidelines This section provides guidelines how an IP Multicast based solution for CoAP group communication can be deployed in various network configurations. 5.1. Target Network Topologies CoAP group communication can be deployed in various network topologies. First, the target network may be a regular IP network, or a LLN such as a 6LoWPAN network, or consist of mixed constrained/ unconstrained network segments. Second, it may be a single subnet only or multi-subnet; e.g., multiple 6LoWPAN networks joined by a single backbone LAN. Third, a wireless network segment may have all nodes reachable in a single IP hop, or it may require multiple IP hops for some pairs of nodes to reach each other. Each topology may pose different requirements on the configuration of routers and protocol(s), in order to enable efficient CoAP group communication. 5.2. Advertising Membership of Multicast Groups If a multicast routing/forwarding protocol is used in a network, server nodes that intend to receive CoAP multicast requests generally require a method to advertise the specific IP multicast address(es) they want to receive (i.e., a method to join specific IP multicast groups). This section identifies the ways in which this can be accomplished. 5.2.1. Using the MLD Listener Protocol CoAP nodes that are IP hosts (i.e., not IP routers) are generally unaware of the specific multicast routing/forwarding protocol being used. When such a host needs to join a specific (CoAP) multicast group, it requires a way to signal to multicast routers which multicast traffic it wants to receive. For efficient multicast routing (i.e., avoid always flooding IP multicast packets), routers must know which hosts need to receive packets addressed to specific IP multicast destinations. The Multicast Listener Discovery (MLD) protocol [RFC3810] (Appendix A) is the standard IPv6 method to achieve this. [RFC6636] Rahman & Dijk Expires November 30, 2013 [Page 23] Internet-Draft Group Communication for CoAP May 2013 discusses tuning of MLD for mobile and wireless networks. These guidelines may be useful when implementing MLD in LLNs. Alternatively, to avoid the use of MLD in LLN deployments, either all nodes can be configured as multicast routers in an LLN, or a multicast forwarding/flooding protocol can be used that forwards any IP multicast packet to all forwarders (routers) in the subnet (LLN). 5.2.2. Using the RPL Routing Protocol The RPL routing protocol [RFC6550] defines in Section 12 the advertisement of IP multicast destinations using DAO messages. This mechanism can be used by CoAP nodes (which are also RPL routers) to advertise IP multicast group membership to other RPL routers. Then, the RPL protocol can route multicast CoAP requests over multiple hops to the correct CoAP servers. This mechanism can be used as a means to convey IP multicast group membership information to an edge router (e.g., 6LBR), in case the edge router is also the root of the RPL DODAG. This could be useful in LLN segments where MLD is not available and the edge router needs to know what IP multicast traffic to pass through from the backbone network into the LLN subnet. 5.2.3. Using the MPL Forwarding Protocol The MPL forwarding protocol [I-D.ietf-roll-trickle-mcast] can be used in a predefined network domain for propagation of IP multicast packets to all MPL routers, over multiple hops. MPL is designed to work in LLN deployments. Due to its property of propagating all (non-link-local) IP multicast packets to all MPL routers, there is in principle no need for CoAP server nodes to advertise IP multicast group membership assuming that any IP multicast source is also part of the MPL domain. 5.3. 6LoWPAN Specific Guidelines To support multi-LoWPAN scenarios for CoAP group communication, it is recommended that a 6LoWPAN Border Router (6LBR) will act in an MLD Router role on the backbone link. If this is not possible then the 6LBR should be configured to act as an MLD Multicast Address Listener and/or MLD Snooper (Appendix A) on the backbone link. To avoid that backbone IP multicast traffic needlessly congests 6LoWPAN network segments, it is recommended that a filtering means is implemented to block IP multicast traffic from 6LoWPAN segments where none of the 6LoWPAN nodes listen to this traffic. Possible means are: Rahman & Dijk Expires November 30, 2013 [Page 24] Internet-Draft Group Communication for CoAP May 2013 o Filtering in 6LBRs based on information from the routing protocol. This allows a 6LBR to only forward multicast traffic onto the LoWPAN, for which it is known that there exists at least one listener on the LoWPAN. o Filtering in 6LBRs based on MLD reports. Similar as previous but based directly on MLD reports from 6LoWPAN nodes. This only works in a single-IP-hop 6LoWPAN network, such as a mesh-under routing network or a star topology network, because MLD relies on link- local communication. o Filtering in 6LBRs based on settings. Filtering tables with blacklists/whitelists can be configured in the 6LBR by system administration for all 6LBRs or configured on a per-6LBR basis. o Filtering in router(s) or firewalls that provide access to constrained network segments. For example, in an access router/ bridge that connects a regular intranet LAN to a building control IPv6 backbone. This backbone connects multiple 6LoWPAN segments, each segment connected via a 6LBR. 6. Security Considerations This section describes the relevant security configuration for CoAP group communication using IP multicast. The threats to CoAP group communication are also identified and various approaches to mitigate these threats are summarized. 6.1. Security Configuration As defined in [I-D.ietf-core-coap], CoAP group communication based on IP multicast must use the following security modes: o Group communication MUST operate in CoAP NoSec (No Security) mode. o Group communication MUST NOT use "coaps" scheme. That is, all group communication MUST use only "coap" scheme. 6.2. Threats Essentially the above configuration means that there is no security at the CoAP layer for group communication. This is due to the fact that the current DTLS based approach for CoAP is exclusively unicast oriented and does not support group security features such as group key exchange and group authentication. As a direct consequence of this, CoAP group communication is vulnerable to all attacks mentioned in [I-D.ietf-core-coap] for IP multicast. Rahman & Dijk Expires November 30, 2013 [Page 25] Internet-Draft Group Communication for CoAP May 2013 6.3. Threat Mitigation [I-D.ietf-core-coap] identifies various threat mitigation techniques for CoAP IP multicast. In addition to those guidelines, it is recommended that for sensitive data or safety-critical control, a combination of appropriate link-layer security and administrative control of IP multicast boundaries should be used. Some examples are given below. 6.3.1. WiFi Scenario In a home automation scenario (using WiFi), the WiFi encryption should be enabled to prevent rogue nodes from joining. Also, if MAC address filtering at the WiFi Access Point is supported that should also be enabled. The IP router should have the fire wall enabled to isolate the home network from the rest of the Internet. In addition, the domain of the IP multicast should be set to be either link-local scope or site-local scope. Finally, if possible, devices should be configured to accept only Source Specific Multicast (SSM) packets (see [RFC4607]) from within the trusted home network. For example, all lights in a particular room should only accept IP multicast traffic originating from the master light switch in that room. In this case, the Spoofed Source Address considerations of Section 7.4 of [RFC4607] should be heeded. 6.3.2. 6LoWPAN Scenario In a building automation scenario, a particular room may have a single 6LoWPAN topology with a single Edge Router (6LBR). Nodes on the subnet can use link-layer encryption to prevent rogue nodes from joining. The 6LBR can be configured so that it blocks any incoming IP multicast traffic. Another example topology could be a multi- subnet 6LoWPAN in a large conference room. In this case, the backbone can implement port authentication (IEEE 802.1X) to ensure only authorized devices can join the Ethernet backbone. The access router to this secured segment can also be configured to block incoming IP multicast traffic. 6.3.3. Future Evolution In the future, to further mitigate the threats, the developing approach for DTLS-based IP multicast security for CoAP networks (see [I-D.keoh-tls-multicast-security]) or similar approaches should be considered once they mature. 7. IANA Considerations Rahman & Dijk Expires November 30, 2013 [Page 26] Internet-Draft Group Communication for CoAP May 2013 7.1. New 'core.gp' Resource Type This memo registers a new resource type (rt) from the CoRE Parameters Registry called 'core.gp'. (Note to IANA/RFC Editor: This registration follows the process described in section 7.4 of [RFC6690]). Attribute Value: core.gp Description: Optional Group Configuration resource. This resource is used to query/manage the group membership of a CoAP server. Reference: See Section 3.6. 7.2. New 'coap-group+json' Internet Media Type This memo registers a new Internet Media Type for CoAP group configuration resource called 'application/coap-group+json'. (Note to IANA/RFC Editor: This registration follows the guidance from [RFC6839], and [I-D.ietf-core-coap] section 12.3 (last paragraph)). Type name: application Subtype name: coap-group+json Required parameters: None Optional parameters: None Encoding considerations: 8bit if UTF-8; binary if UTF-16 or UTF-32. JSON may be represented using UTF-8, UTF-16, or UTF-32. When JSON is written in UTF-8, JSON is 8bit compatible. When JSON is written in UTF-16 or UTF-32, the binary content-transfer-encoding must be used. If the client is aware that the server group configuration resource is 8bit encoded (which is most efficient for a constrained device), that encoding should be respected by the client (i.e., it should not try to replace it by a binary encoded group configuration resource). Security considerations: Denial of Service attacks could be performed by constantly setting the group configuration resource of a CoAP endpoint. This will cause the endpoint to register (or de-register) from the related IP multicast group. To prevent this it is mandatory that DTLS-secured Rahman & Dijk Expires November 30, 2013 [Page 27] Internet-Draft Group Communication for CoAP May 2013 CoAP communication be used for setting the group configuration resource. Thus only authorized clients will be allowed by a server to configure its group membership. Interoperability considerations: None Published specification: (This I-D when it becomes an RFC) Applications that use this media type: CoAP client and server implementations that wish to set/read the group configuration resource via 'application/coap-group+json' payload as described in Section 3.6. Additional Information: Magic number(s): None File extension(s): *.json Macintosh file type code(s): TEXT Intended usage: COMMON Restrictions on usage: None Author: CoRE WG Change controller: IETF 8. Acknowledgements Thanks to Peter Bigot, Carsten Bormann, Anders Brandt, Angelo Castellani, Bjoern Hoehrmann, Matthias Kovatsch, Guang Lu, Salvatore Loreto, Kerry Lynn, Dale Seed, Zach Shelby, Peter van der Stok, and Juan Carlos Zuniga for their helpful comments and discussions that have helped shape this document. 9. References 9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Rahman & Dijk Expires November 30, 2013 [Page 28] Internet-Draft Group Communication for CoAP May 2013 [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, "Advanced Sockets Application Program Interface (API) for IPv6", RFC 3542, May 2003. [RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery Version 2 (MLDv2) for IPv6", RFC 3810, June 2004. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. [RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas, "Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised)", RFC 4601, August 2006. [RFC4607] Holbrook, H. and B. Cain, "Source-Specific Multicast for IP", RFC 4607, August 2006. [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, "Transmission of IPv6 Packets over IEEE 802.15.4 Networks", RFC 4944, September 2007. [RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for IPv4 Multicast Address Assignments", BCP 51, RFC 5771, March 2010. [RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur, JP., and R. Alexander, "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks", RFC 6550, March 2012. [RFC6636] Asaeda, H., Liu, H., and Q. Wu, "Tuning the Behavior of the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) for Routers in Mobile and Wireless Networks", RFC 6636, May 2012. [RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link Format", RFC 6690, August 2012. [RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann, "Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs)", RFC 6775, November 2012. [RFC6839] Hansen, T. and A. Melnikov, "Additional Media Type Structured Syntax Suffixes", RFC 6839, January 2013. [I-D.ietf-core-coap] Rahman & Dijk Expires November 30, 2013 [Page 29] Internet-Draft Group Communication for CoAP May 2013 Shelby, Z., Hartke, K., and C. Bormann, "Constrained Application Protocol (CoAP)", draft-ietf-core-coap-17 (work in progress), May 2013. 9.2. Informative References [I-D.ietf-core-block] Bormann, C. and Z. Shelby, "Blockwise transfers in CoAP", draft-ietf-core-block-11 (work in progress), March 2013. [I-D.vanderstok-core-dna] Stok, P., Lynn, K., and A. Brandt, "CoRE Discovery, Naming, and Addressing", draft-vanderstok-core-dna-02 (work in progress), July 2012. [I-D.ietf-roll-trickle-mcast] Hui, J. and R. Kelsey, "Multicast Protocol for Low power and Lossy Networks (MPL)", draft-ietf-roll-trickle- mcast-04 (work in progress), February 2013. [I-D.keoh-tls-multicast-security] Keoh, S., Kumar, S., and E. Dijk, "DTLS-based Multicast Security for Low-Power and Lossy Networks (LLNs)", draft- keoh-tls-multicast-security-00 (work in progress), October 2012. [I-D.shelby-core-resource-directory] Shelby, Z., Krco, S., and C. Bormann, "CoRE Resource Directory", draft-shelby-core-resource-directory-05 (work in progress), February 2013. Appendix A. Multicast Listener Discovery (MLD) In order to extend the scope of IP multicast beyond link-local scope, an IP multicast routing or forwarding protocol has to be active in routers on an LLN. To achieve efficient multicast routing (i.e., avoid always flooding IP multicast packets), routers have to learn which hosts need to receive packets addressed to specific IP multicast destinations. The Multicast Listener Discovery (MLD) protocol [RFC3810] (or its IPv4 pendant IGMP) is today the method of choice used by an (IP multicast enabled) router to discover the presence of multicast listeners on directly attached links, and to discover which multicast addresses are of interest to those listening nodes. MLD was specifically designed to cope with fairly dynamic situations in which multicast listeners may join and leave at any time. Rahman & Dijk Expires November 30, 2013 [Page 30] Internet-Draft Group Communication for CoAP May 2013 IGMP/MLD Snooping is a technique implemented in some corporate LAN routing/switching devices. An MLD snooping switch listens to MLD State Change Report messages from MLD listeners on attached links. Based on this, the switch learns on what LAN segments there is interest for what IP multicast traffic. If the switch receives at some point an IP multicast packet, it uses the stored information to decide onto which LAN segment(s) to send the packet. This improves network efficiency compared to the regular behavior of forwarding every incoming multicast packet onto all LAN segments. An MLD snooping switch may also send out MLD Query messages (which is normally done by a device in MLD Router role) if no MLD Router is present. [RFC6636] discusses optimal tuning of the parameters of MLD for routers for mobile and wireless networks. These guidelines may be useful when implementing MLD in LLNs. Appendix B. Change Log Changes from ietf-08 to ietf-09: o Cleaned up requirements language in general. Also, requirements language are now only used in section 3 (Protocol Considerations) and section 6 (Security Considerations). Requirements language has been removed from other sections to keep them to a minimum (#271). o Addressed final comment from Peter van der Stok to define what "IP stack" meant (#296). Following the lead of CoAP-17, we know refer instead to "APIs such as IPV6_RECVPKTINFO [RFC3542]". o Changed text in section 3.4 (Group Methods) to allow multicast POST under specific conditions and highlighting the risks with using it (#328). o Various editorial updates for improved readability. Changes from ietf-07 to ietf-08: o Updated text in section 3.6 (Configuring Group Membership in Endpoints) to make it more explicit that the Internet Media Type is used in the processing rules (#299). o Addressed various comments from Peter van der Stok (#296). o Various editorial updates for improved readability including defining all acronyms. Rahman & Dijk Expires November 30, 2013 [Page 31] Internet-Draft Group Communication for CoAP May 2013 Changes from ietf-06 to ietf-07: o Added an IANA request (in section 7.2) for a dedicated content- format (Internet Media type) for the group management JSON format called 'application/coap-group+json' (#299). o Clarified semantics (in section 3.6) of group management JSON format (#300). o Added details of IANA request (in section 7.1) for a new CORE Resource Type called 'core.gp'. o Clarified that DELETE method (in section 3.6) is also a valid group management operation. o Various editorial updates for improved readability. Changes from ietf-05 to ietf-06: o Added a new section on commissioning flow when using discovery services when end devices discover in which multicast group they are allocated (#295). o Added a new section on CoAP Proxy Operation (section 3.9) that outlines the potential issues and limitations of doing CoAP multicast requests via a CoAP Proxy (#274). o Added use case of multicasting controller on the backbone (#279). o Use cases were updated to show only a single CoAP RD (to replace the previous multiple RDs with one in each subnet). This is a more efficient deployment and also avoids RD specific issues such as synchronization of RD information between serves (#280). o Added text to section 3.6 (Configuring Group Membership in Endpoints) that clarified that any (unicast) operation to change an endpoint's group membership must use DTLS-secured CoAP. o Clarified relationship of this document to [I-D.ietf-core-coap] in section 2.2 (Scope). o Removed IPSec related requirement, as IPSec is not part of [I-D.ietf-core-coap] anymore. Rahman & Dijk Expires November 30, 2013 [Page 32] Internet-Draft Group Communication for CoAP May 2013 o Editorial reordering of subsections in section 3 to have a better flow of topics. Also renamed some of the (sub)sections to better reflect their content. Finally, moved the URI Configuration text to the same section as the Port Configuration section as it was a more natural grouping (now in section 3.3) . o Editorial rewording of section 3.7 (Multicast Request Acceptance and Response Suppression) to make the logic easier to comprehend (parse). o Various editorial updates for improved readability. Changes from ietf-04 to ietf-05: o Added a new section 3.9 (Exceptions) that highlights that IP multicast (and hence group communication) is not always available (#187). o Updated text on the use of [RFC2119] language (#271) in Section 1. o Included guidelines on when (not) to use CoAP responses to multicast requests and when (not) to accept multicast requests (#273). o Added guideline on use of core-block for minimizing response size (#275). o Restructured section 6 (Security Considerations) to more fully describe threats and threat mitigation (#277). o Clearly indicated that DNS resolution and reverse DNS lookup are optional. o Removed confusing text about a single group having multiple IP addresses. If multiple IP addresses are required then multiple groups (with the same members) should be created. o Removed repetitive text about the fact that group communication is not guaranteed. o Merged previous section 5.2 (Multicast Routing) into 3.1 (IP Multicast Routing Background) and added link to section 5.2 (Advertising Membership of Multicast Groups). o Clarified text in section 3.8 (Congestion Control) regarding precedence of use of IP multicast domains (i.e. first try to use link-local scope, then site-local scope, and only use global IP multicast as a last resort). Rahman & Dijk Expires November 30, 2013 [Page 33] Internet-Draft Group Communication for CoAP May 2013 o Extended group resource manipulation guidelines with use of pre- configured ports/paths for the multicast group. o Consolidated all text relating to ports in a new section 3.3 (Port Configuration). o Clarified that all methods (GET/PUT/POST) for configuring group membership in endpoints should be unicast (and not multicast) in section 3.7 (Configuring Group Membership In Endpoints). o Various editorial updates for improved readability, including editorial comments by Peter van der Stok to WG list of December 18th, 2012. Changes from ietf-03 to ietf-04: o Removed section 2.3 (Potential Solutions for Group Communication) as it is purely background information and moved section to draft- dijk-core-groupcomm-misc (#266). o Added reference to draft-keoh-tls-multicast-security to section 6 (Security Considerations). o Removed Appendix B (CoAP-Observe Alternative to Group Communications) as it is as an alternative to IP Multicast that the WG has not adopted and moved section to draft-dijk-core- groupcomm-misc (#267). o Deleted section 8 (Conclusions) as it is redundant (#268). o Simplified light switch use case (#269) by splitting into basic operations and additional functions (#269). o Moved section 3.7 (CoAP Multicast and HTTP Unicast Interworking) to draft-dijk-core-groupcomm-misc (#270). o Moved section 3.3.1 (DNS-SD) and 3.3.2 (CoRE Resource Directory) to draft-dijk-core-groupcomm-misc as these sections essentially just repeated text from other drafts regarding DNS based features. Clarified remaining text in this draft relating to DNS based features to clearly indicate that these features are optional (#272). o Focus section 3.5 (Configuring Group Membership) on a single proposed solution. o Scope of section 5.3 (Use of MLD) widened to multicast destination advertisement methods in general. Rahman & Dijk Expires November 30, 2013 [Page 34] Internet-Draft Group Communication for CoAP May 2013 o Rewrote section 2.2 (Scope) for improved readability. o Moved use cases that are not addressed to draft-dijk-core- groupcomm-misc. o Various editorial updates for improved readability. Changes from ietf-02 to ietf-03: o Clarified that a group resource manipulation may return back a mixture of successful and unsuccessful responses (section 3.4 and Figure 6) (#251). o Clarified that security option for group communication must be NoSec mode (section 6) (#250). o Added mechanism for group membership configuration (#249). o Removed IANA request for multicast addresses (section 7) and replaced with a note indicating that the request is being made in [I-D.ietf-core-coap] (#248). o Made the definition of 'group' more specific to group of CoAP endpoints and included text on UDP port selection (#186). o Added explanatory text in section 3.4 regarding why not to use group communication for non-idempotent messages (i.e. CoAP POST) (#186). o Changed link-local RD discovery to site-local in RD discovery use case to make it more realistic. o Fixed lighting control use case CoAP proxying; now returns individual CoAP responses as in coap-12. o Replaced link format I-D with RFC6690 reference. o Various editorial updates for improved readability Changes from ietf-01 to ietf-02: o Rewrote congestion control section based on latest CoAP text including Leisure concept (#188) o Updated the CoAP/HTTP interworking section and example use case with more details and use of MLD for multicast group joining o Key use cases added (#185) Rahman & Dijk Expires November 30, 2013 [Page 35] Internet-Draft Group Communication for CoAP May 2013 o References to [I-D.vanderstok-core-dna] and draft-castellani-core- advanced-http-mapping added o Moved background sections on "MLD" and "CoAP-Observe" to Appendices o Removed requirements section (and moved it to draft-dijk-core- groupcomm-misc) o Added details for IANA request for group communication multicast addresses o Clarified text to distinguish between "link local" and general multicast cases o Moved lengthy background section 5 to draft-dijk-core-groupcomm- misc and replaced with a summary o Various editorial updates for improved readability o Change log added Changes from ietf-00 to ietf-01: o Moved CoAP-observe solution section to section 2 o Editorial changes o Moved security requirements into requirements section o Changed multicast POST to PUT in example use case o Added CoAP responses in example use case Changes from rahman-07 to ietf-00: o Editorial changes o Use cases section added o CoRE Resource Directory section added o Removed section 3.3.5. IP Multicast Transmission Methods o Removed section 3.4 Overlay Multicast o Removed section 3.5 CoAP Application Layer Group Management Rahman & Dijk Expires November 30, 2013 [Page 36] Internet-Draft Group Communication for CoAP May 2013 o Clarified section 4.3.1.3 RPL Routers with Non-RPL Hosts case o References added and some normative/informative status changes Authors' Addresses Akbar Rahman (editor) InterDigital Communications, LLC Email: Akbar.Rahman@InterDigital.com Esko Dijk (editor) Philips Research Email: esko.dijk@philips.com Rahman & Dijk Expires November 30, 2013 [Page 37]