IPv6 Backbone Router
RFC 8929
| Document | Type | RFC - Proposed Standard (November 2020; No errata) | |
|---|---|---|---|
| Authors | Pascal Thubert , Charles Perkins , Eric Levy-Abegnoli | ||
| Last updated | 2020-11-23 | ||
| Replaces | draft-thubert-6lo-backbone-router | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats | plain text html xml pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Shwetha Bhandari | ||
| Shepherd write-up | Show (last changed 2019-10-02) | ||
| IESG | IESG state | RFC 8929 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | Suresh Krishnan | ||
| Send notices to | "Samita Chakrabarti" <samitac.ietf@gmail.com>, Carles Gomez <carlesgo@entel.upc.edu>, Shwetha Bhandari <shwethab@cisco.com> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IANA Actions | ||
Internet Engineering Task Force (IETF) P. Thubert, Ed.
Request for Comments: 8929 Cisco Systems
Updates: 6775, 8505 C.E. Perkins
Category: Standards Track Blue Meadow Networking
ISSN: 2070-1721 E. Levy-Abegnoli
Cisco Systems
November 2020
IPv6 Backbone Router
Abstract
This document updates RFCs 6775 and 8505 in order to enable proxy
services for IPv6 Neighbor Discovery by Routing Registrars called
"Backbone Routers". Backbone Routers are placed along the wireless
edge of a backbone and federate multiple wireless links to form a
single Multi-Link Subnet (MLSN).
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8929.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction
2. Terminology
2.1. Requirements Language
2.2. New Terms
2.3. Abbreviations
2.4. Background
3. Overview
3.1. Updating RFCs 6775 and 8505
3.2. Access Link
3.3. Route-Over Mesh
3.4. The Binding Table
3.5. Primary and Secondary 6BBRs
3.6. Using Optimistic DAD
4. Multi-Link Subnet Considerations
5. Optional 6LBR Serving the Multi-Link Subnet
6. Using IPv6 ND over the Backbone Link
7. Routing Proxy Operations
8. Bridging Proxy Operations
9. Creating and Maintaining a Binding
9.1. Operations on a Binding in Tentative State
9.2. Operations on a Binding in Reachable State
9.3. Operations on a Binding in Stale State
10. Registering Node Considerations
11. Security Considerations
12. Protocol Constants
13. IANA Considerations
14. Normative References
15. Informative References
Appendix A. Possible Future Extensions
Appendix B. Applicability and Requirements Served
Acknowledgments
Authors' Addresses
1. Introduction
Ethernet bridging per IEEE Std 802.1 [IEEEstd8021Q] provides an
efficient and reliable broadcast service for wired networks;
applications and protocols have been built that heavily depend on
that feature for their core operation. Unfortunately, Low-Power and
Lossy Networks (LLNs) and local wireless networks generally do not
provide the broadcast capabilities of Ethernet bridging in an
economical fashion.
As a result, protocols designed for bridged networks that rely on
multicast and broadcast often exhibit disappointing behaviors when
employed unmodified on a local wireless medium (see
[MCAST-PROBLEMS]).
Wi-Fi [IEEEstd80211] Access Points (APs) deployed in an Extended
Service Set (ESS) act as Ethernet bridges [IEEEstd8021Q], with the
property that the bridging state is established at the time of
association. This ensures connectivity to the end node (the Wi-Fi
Station (STA)) and protects the wireless medium against broadcast-
intensive transparent bridging [IEEEstd8021Q] reactive lookups. In
other words, the association process is used to register the link-
layer address of the STA to the AP. The AP subsequently proxies the
bridging operation and does not need to forward the broadcast lookups
over the radio.
In the same way as transparent bridging, the IPv6 [RFC8200] Neighbor
Discovery (IPv6 ND) protocol [RFC4861] [RFC4862] is a reactive
protocol, based on multicast transmissions to locate an on-link
correspondent and ensure the uniqueness of an IPv6 address. The
mechanism for Duplicate Address Detection (DAD) [RFC4862] was
designed for the efficient broadcast operation of Ethernet bridging.
Since broadcast can be unreliable over wireless media, DAD often
fails to discover duplications [DAD-ISSUES]. In practice, the fact
that IPv6 addresses very rarely conflict is mostly attributable to
the entropy of the 64-bit Interface IDs as opposed to the successful
operation of the IPv6 ND DAD and resolution mechanisms.
The IPv6 ND Neighbor Solicitation (NS) [RFC4861] message is used for
DAD and address lookup when a node moves or wakes up and reconnects
to the wireless network. The NS message is targeted to a Solicited-
Node Multicast Address (SNMA) [RFC4291] and should, in theory, only
reach a very small group of nodes. But, in reality, IPv6 multicast
messages are typically broadcast on the wireless medium, so they are
processed by most of the wireless nodes over the subnet (e.g., the
ESS fabric) regardless of how few of the nodes are subscribed to the
SNMA. As a result, IPv6 ND address lookups and DADs over a large
wireless network and/or LLN can consume enough bandwidth to cause a
substantial degradation to the unicast traffic service.
Because IPv6 ND messages sent to the SNMA group are broadcast at the
radio link layer, wireless nodes that do not belong to the SNMA group
still have to keep their radio turned on to listen to multicast NS
messages, which is a waste of energy for them. In order to reduce
their power consumption, certain battery-operated devices such as
Internet of Things (IoT) sensors and smartphones ignore some of the
broadcasts, making IPv6 ND operations even less reliable.
These problems can be alleviated by reducing the IPv6 ND broadcasts
over wireless access links. This has been done by splitting the
broadcast domains and routing between subnets. At the extreme, this
can be done by assigning a /64 prefix to each wireless node (see
[RFC8273]). But deploying a single large subnet can still be
attractive to avoid renumbering in situations that involve large
numbers of devices and mobility within a bounded area.
A way to reduce the propagation of IPv6 ND broadcast in the wireless
domain while preserving a large single subnet is to form a Multi-Link
Subnet (MLSN). Each link in the MLSN, including the backbone, is its
own broadcast domain. A key property of MLSNs is that link-local
unicast traffic, link-scope multicast, and traffic with a hop limit
of 1 will not transit to nodes in the same subnet on a different
link, which is something that may produce unexpected behavior in
software that expects a subnet to be entirely contained within a
single link.
This specification considers a special type of MLSN with a central
backbone that federates edge (LLN) links, with each link providing
its own protection against rogue access and tempering or replaying
packets. In particular, the use of classical IPv6 ND on the backbone
requires that the all nodes are trusted and that rogue access to the
backbone is prevented at all times (see Section 11).
In that particular topology, ND proxies can be placed at the boundary
of the edge links and the backbone to handle IPv6 ND on behalf of
Registered Nodes and to forward IPv6 packets back and forth. The ND
proxy enables the continuity of IPv6 ND operations beyond the
backbone and enables communication using Global or Unique Local
Addresses between any pair of nodes in the MLSN.
The 6LoWPAN Backbone Router (6BBR) is a Routing Registrar [RFC8505]
that provides ND proxy services. A 6BBR acting as a Bridging Proxy
provides an ND proxy function with Layer 2 continuity and can be
collocated with a Wi-Fi AP as prescribed by IEEE Std 802.11
[IEEEstd80211]. A 6BBR acting as a Routing Proxy is applicable to
any type of LLN, including LLNs that cannot be bridged onto the
backbone, such as IEEE Std 802.15.4 [IEEEstd802154].
Knowledge of which address to proxy can be obtained by snooping the
IPv6 ND protocol (see [SAVI-WLAN]), but it has been found to be
unreliable. An IPv6 address may not be discovered immediately due to
a packet loss or if a "silent" node is not currently using one of its
addresses. A change of state (e.g., due to movement) may be missed
or misordered, leading to unreliable connectivity and incomplete
knowledge of the state of the network.
With this specification, the address to be proxied is signaled
explicitly through a registration process. A 6LoWPAN Node (6LN)
registers all of its IPv6 addresses using NS messages with an
Extended Address Registration Option (EARO) as specified in [RFC8505]
to a 6LoWPAN Router (6LR) to which it is directly attached. If the
6LR is a 6BBR, then the 6LN is both the Registered Node and the
Registering Node. If not, then the 6LoWPAN Border Router (6LBR) that
serves the LLN proxies the registration to the 6BBR. In that case,
the 6LN is the Registered Node and the 6LBR is the Registering Node.
The 6BBR performs IPv6 ND operations on its backbone interface on
behalf of the 6LNs that have Registered Addresses on its LLN
interfaces, without the need of a broadcast over the wireless medium.
A Registering Node that resides on the backbone does not register to
the SNMA groups associated to its Registered Addresses and defers to
the 6BBR to answer or preferably forward the corresponding multicast
packets to it as unicast.
2. Terminology
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
2.2. New Terms
This document introduces the following terminology:
Federated: A subnet that comprises a backbone, and one or more
(wireless) access links, is said to be federated into one MLSN.
The ND proxy operation of 6BBRs over the backbone extends IPv6 ND
operation over the access links.
Sleep Proxy: A 6BBR acts as a Sleep Proxy if it answers IPv6 ND NSs
over the backbone on behalf of the Registering Node that is in a
sleep state and that cannot answer in due time.
Routing Proxy: A Routing Proxy provides IPv6 ND proxy functions and
enables the MLSN operation over federated links that may not be
compatible for bridging. The Routing Proxy advertises its own
link-layer address as the Target Link-Layer Address (TLLA) in the
proxied Neighbor Advertisements (NAs) over the backbone and routes
at the network layer between the federated links.
Bridging Proxy: A Bridging Proxy provides IPv6 ND proxy functions
while preserving forwarding continuity at the link layer. In that
case, the link-layer address and the mobility of the Registering
Node is visible across the bridged backbone. The Bridging Proxy
advertises the link-layer address of the Registering Node in the
TLLAO in the proxied NAs over the backbone, and it proxies ND for
all unicast addresses including link-local addresses. Instead of
replying on behalf of the Registering Node, a Bridging Proxy will
preferably forward the NS(Lookup) and Neighbor Unreachability
Detection (NUD) messages that target the Registered Address to the
Registering Node as unicast frames, so it can respond in its own.
Binding Table: The Binding Table is an abstract database that is
maintained by the 6BBR to store the state associated with its
registrations.
Binding: A Binding is an abstract state associated to one
registration; in other words, it's associated to one entry in the
Binding Table.
2.3. Abbreviations
This document uses the following abbreviations:
6BBR: 6LoWPAN Backbone Router
6LBR: 6LoWPAN Border Router
6LN: 6LoWPAN Node
6LR: 6LoWPAN Router
AP: Access Point
ARO: Address Registration Option
DAC: Duplicate Address Confirmation
DAD: Duplicate Address Detection
DAR: Duplicate Address Request
DODAG: Destination-Oriented Directed Acyclic Graph
EARO: Extended Address Registration Option
EDAC: Extended Duplicate Address Confirmation
EDAR: Extended Duplicate Address Request
ESS: Extended Service Set
LLA: Link-Layer Address
LLN: Low-Power and Lossy Network
MLSN: Multi-Link Subnet
MTU: Maximum Transmission Unit
NA: Neighbor Advertisement
NCE: Neighbor Cache Entry
ND: Neighbor Discovery
NS: Neighbor Solicitation
NUD: Neighbor Unreachability Detection
ODAD: Optimistic DAD
RA: Router Advertisement
ROVR: Registration Ownership Verifier
RPL: Routing Protocol for LLNs
RS: Router Solicitation
SLLAO: Source Link-Layer Address Option
SNMA: Solicited-Node Multicast Address
STA: Station
TID: Transaction ID
TLLAO: Target Link-Layer Address Option
2.4. Background
In this document, readers will encounter terms and concepts that are
discussed in the following documents:
Classical IPv6 ND: "Neighbor Discovery for IP version 6 (IPv6)"
[RFC4861], "IPv6 Stateless Address Autoconfiguration" [RFC4862],
and "Optimistic Duplicate Address Detection (DAD) for IPv6"
[RFC4429];
IPv6 ND over multiple links: "Neighbor Discovery Proxies (ND Proxy)"
[RFC4389] and "Multi-Link Subnet Issues" [RFC4903];
6LoWPAN: "Problem Statement and Requirements for IPv6 over Low-Power
Wireless Personal Area Network (6LoWPAN) Routing" [RFC6606]; and
6LoWPAN ND: Neighbor Discovery Optimization for IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs) [RFC6775],
"Registration Extensions for IPv6 over Low-Power Wireless Personal
Area Network (6LoWPAN) Neighbor Discovery" [RFC8505], and
"Address-Protected Neighbor Discovery for Low-Power and Lossy
Networks" [RFC8928].
3. Overview
This section and its subsections present a non-normative high-level
view of the operation of the 6BBR. The following sections cover the
normative part.
Figure 1 illustrates a Backbone Link that federates a collection of
LLNs as a single IPv6 subnet, with a number of 6BBRs providing ND
proxy services to their attached LLNs.
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| | | | | |
+------+ +------+ +------+
o Wireless Side o o o o o o
o o o o o o o o o o o o o o o o o o o o
o o o o o o o o o o o o o o o o o o o
o o o o o o o o o LLN o o o o o o o o o
o o o o o o o o o o o o o o
o o o
Figure 1: Backbone Link and Backbone Routers
The LLN may be a hub-and-spoke access link such as (Low-Power) IEEE
Std 802.11 (Wi-Fi) [IEEEstd80211] and IEEE Std 802.15.1 (Bluetooth)
[IEEEstd802151] or a mesh-under or a route-over network [RFC8505].
The proxy state can be distributed across multiple 6BBRs attached to
the same backbone.
The main features of a 6BBR are as follows:
* MLSN functions (provided by the 6BBR on the backbone) performed on
behalf of Registered Nodes
* Routing Registrar services that reduce multicast within the LLN:
- Binding Table management
- failover, e.g., due to mobility
Each Backbone Router (6BBR) maintains a data structure for its
Registered Addresses called a Binding Table. The abstract data that
is stored in the Binding Table includes the Registered Address;
anchor information on the Registering Node such as the connecting
interface, link-local address, and link-layer address (LLA) of the
Registering Node on that interface; the EARO including ROVR and TID;
a state that can be either Reachable, Tentative, or Stale; and other
information such as a trust level that may be configured, e.g., to
protect a server. The combined Binding Tables of all the 6BBRs on a
backbone form a distributed database of Registered Nodes that reside
in the LLNs or on the IPv6 Backbone.
Unless otherwise configured, a 6BBR does the following:
* Creates a new entry in a Binding Table for a newly Registered
Address and ensures that the address is not duplicated over the
backbone.
* Advertises a Registered Address over the backbone using an NA
message as either unsolicited or a response to an NS message.
This includes joining the multicast group associated to the SNMA
derived from the Registered Address, as specified in Section 7.2.1
of [RFC4861], over the backbone.
* The 6BBR MAY respond immediately as a proxy in lieu of the
Registering Node, e.g., if the Registering Node has a sleep cycle
that the 6BBR does not want to interrupt or if the 6BBR has a
recent state that is deemed fresh enough to permit the proxied
response. It is preferred, though, that the 6BBR checks whether
the Registering Node is still responsive on the Registered
Address. To that effect:
- as a Bridging Proxy:
the 6BBR forwards the multicast DAD and address lookup messages
as a unicast link-layer frame to the link-layer address of the
Registering Node that matches the target in the ND message; the
Neighbor Unreachability Detection (NUD) message is unicast and
is forwarded as is. In all cases, the goal is to let the
Registering Node answer with the ND Message and options that it
sees fit.
- as a Routing Proxy:
the 6BBR checks the liveliness of the Registering Node, e.g.,
using a NUD verification, before answering on its behalf.
* Delivers packets arriving from the LLN, using Neighbor
Solicitation messages to look up the destination over the
backbone.
* Forwards or bridges packets between the LLN and the backbone.
* Verifies liveness for a registration, when needed.
The first of these functions enables the 6BBR to fulfill its role as
a Routing Registrar for each of its attached LLNs. The remaining
functions fulfill the role of the 6BBRs as the border routers that
federate the Multi-Link IPv6 Subnet.
The operation of IPv6 ND and ND proxy are not mutually exclusive on
the backbone, meaning that nodes attached to the backbone and using
IPv6 ND can transparently interact with 6LNs that rely on a 6BBR to
ND proxy for them, whether the 6LNs are reachable over an LLN or
directly attached to the backbone.
The registration mechanism [RFC8505] used to learn addresses to be
proxied may coexist in a 6BBR with a proprietary snooping or the
traditional bridging functionality of an AP, in order to support
legacy LLN nodes that do not support this specification.
The registration to a proxy service uses an NS/NA exchange with EARO.
The 6BBR operation resembles that of a Mobile IPv6 (MIPv6) [RFC6275]
Home Agent (HA). The combination of a 6BBR and a MIPv6 HA enables
full mobility support for 6LNs, inside and outside the links that
form the subnet.
6BBRs perform IPv6 ND functions over the backbone as follows:
* The EARO [RFC8505] is used in IPv6 ND exchanges over the backbone
between the 6BBRs to help distinguish duplication from movement.
Extended Duplicate Address Messages (EDAR and EDAC) may also be
used to communicate with a 6LBR, if one is present. Address
duplication is detected using the ROVR field. Conflicting
registrations to different 6BBRs for the same Registered Address
are resolved using the TID field, which forms an order of
registrations.
* The LLA that the 6BBR advertises for the Registered Address on
behalf of the Registered Node over the backbone can belong to the
Registering Node; in that case, the 6BBR (acting as a Bridging
Proxy (see Section 8)) bridges the unicast packets.
Alternatively, the LLA can be that of the 6BBR on the backbone
interface, in which case, the 6BBR (acting as a Routing Proxy (see
Section 7)) receives the unicast packets at Layer 3 and routes
over.
3.1. Updating RFCs 6775 and 8505
This specification adds the EARO as a possible option in RS, NS(DAD),
and NA messages over the backbone. This document specifies the use
of those ND messages by 6BBRs over the backbone, at a high level in
Section 6 and in more detail in Section 9.
| Note: [RFC8505] requires that the registration NS(EARO) contain
| a Source Link-Layer Address Option (SLLAO). [RFC4862] requires
| that the NS(DAD) be sent from the unspecified address for which
| there cannot be an SLLAO. Consequently, an NS(DAD) cannot be
| confused with a registration.
This specification allows the deployment of a 6LBR on the backbone
where EDAR and EDAC messages coexist with classical ND. It also adds
the capability to insert IPv6 ND options in the EDAR and EDAC
messages. A 6BBR acting as a 6LR for the Registered Address can
insert an SLLAO in the EDAR to the 6LBR in order to avoid causing a
multicast NS(lookup) back. This enables the 6LBR to store the link-
layer address associated with the Registered Address on a link and to
serve as a mapping server as described in [UNICAST-LOOKUP].
This specification allows an address to be registered to more than
one 6BBR. Consequently, a 6LBR that is deployed on the backbone MUST
be capable of maintaining state for each of the 6BBRs that have
registered with the same TID and same ROVR.
3.2. Access Link
The simplest MLSN topology from the Layer 3 perspective occurs when
the wireless network appears as a single-hop hub-and-spoke network as
shown in Figure 2. The Layer 2 operation may effectively be hub-and-
spoke (e.g., Wi-Fi) or mesh-under, with a Layer 2 protocol handling
the complex topology.
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
| 6LR | | 6LR | | 6LR |
+------+ +------+ +------+
(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
Figure 2: Access Link Use Case
Figure 3 illustrates a flow where 6LN forms an IPv6 address and
registers it to a 6BBR acting as a 6LR [RFC8505]. The 6BBR applies
Optimistic Duplicate Address Detection (ODAD) (see Section 3.6) to
the Registered Address to enable connectivity while the message flow
is still in progress.
6LN(STA) 6BBR(AP) 6LBR default GW
| | | |
| LLN Access Link | IPv6 Backbone (e.g., Ethernet) |
| | | |
| RS(multicast) | | |
|---------------->| | |
| RA(PIO, Unicast)| | |
|<----------------| | |
| NS(EARO) | | |
|---------------->| | |
| | Extended DAR | |
| |--------------->| |
| | Extended DAC | |
| |<---------------| |
| | |
| | NS-DAD(EARO, multicast) |
| |--------> |
| |----------------------------------->|
| | |
| | RS(no SLLAO, for ODAD) |
| |----------------------------------->|
| | if (no fresher Binding) NS(Lookup) |
| | <----------------|
| |<-----------------------------------|
| | NA(SLLAO, not(O), EARO) |
| |----------------------------------->|
| | RA(unicast) |
| |<-----------------------------------|
| | |
| IPv6 Packets in Optimistic Mode |
|<---------------------------------------------------->|
| | |
| |
| NA(EARO) |<DAD timeout>
|<----------------|
| |
Figure 3: Initial Registration Flow to a 6BBR Acting as a Routing
Proxy
In this example, a 6LBR is deployed on the Backbone Link to serve the
whole subnet, and EDAR/EDAC messages are used in combination with DAD
to enable coexistence with IPv6 ND over the backbone.
The RS sent initially by the 6LN (e.g., a Wi-Fi STA) is transmitted
as a multicast, but since it is intercepted by the 6BBR, it is never
effectively broadcast. The multiple arrows associated to the ND
messages on the backbone denote a real Layer 2 broadcast.
3.3. Route-Over Mesh
A more complex MLSN topology occurs when the wireless network appears
as a Layer 3 mesh network as shown in Figure 4. A so-called route-
over routing protocol exposes routes between 6LRs towards both 6LRs
and 6LNs, and a 6LBR acts as the Root of the Layer 3 mesh network and
proxy-registers the LLN addresses to the 6BBR.
|
+-----+ +-----+ +-----+ IPv6
(default) | | (optional) | | | | Node
Router | | 6LBR | | | | or
+-----+ +-----+ +-----+ 6LN
| Backbone Side | |
----+-------+-----------------+---+-------------+----+-----
| | |
+------+ +------+ +------+
| 6BBR | | 6BBR | | 6BBR |
+------+ +------+ +------+
| | |
+------+ +------+ +------+
| 6LBR | | 6LBR | | 6LBR |
+------+ +------+ +------+
(6LN) (6LR) (6LN) (6LR) (6LN) (6LR) (6LR) (6LR)(6LN)
(6LN)(6LR) (6LR) (6LN) (6LN) (6LR)(6LN) (6LR) (6LR) (6LR) (6LN)
(6LR)(6LR) (6LR) (6LR) (6LR)(6LN) (6LR) (6LR)(6LR)
(6LR) (6LR) (6LR) (6LR) (6LN)(6LR) (6LR) (6LR) (6LR) (6LR)
(6LN) (6LN)(6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN) (6LN)
Figure 4: Route-Over Mesh Use Case
Figure 5 illustrates IPv6 signaling that enables a 6LN (the
Registered Node) to form a Global or a Unique Local Address and
register it to the 6LBR that serves its LLN using [RFC8505] and a
neighboring 6LR as relay. The 6LBR (the Registering Node) then
proxies the registration [RFC8505] to the 6BBR to obtain ND proxy
services from the 6BBR.
The RS sent initially by the 6LN is transmitted as a multicast and
contained within 1-hop broadcast range where hopefully a 6LR is
found. The 6LR is expected to be already connected to the LLN and
capable of reaching the 6LBR, which is possibly multiple hops away,
using unicast messages.
6LoWPAN Node 6LR 6LBR 6BBR
(mesh leaf) (mesh router) (mesh root)
| | | |
| 6LoWPAN ND |6LoWPAN ND | 6LoWPAN ND | IPv6 ND
| LLN Link |Route-Over Mesh|Ethernet/Serial| Backbone
| | |/Internal Call |
| IPv6 ND RS | | |
|-------------->| | |
|-----------> | | |
|------------------> | |
| IPv6 ND RA | | |
|<--------------| | |
| | | |
| NS(EARO) | | |
|-------------->| | |
| 6LoWPAN ND | Extended DAR | |
| |-------------->| |
| | | NS(EARO) |
| | |-------------->|
| | | (proxied) | NS-DAD
| | | |------>
| | | | (EARO)
| | | |
| | | NA(EARO) |<timeout>
| | |<--------------|
| | Extended DAC | |
| |<--------------| |
| NA(EARO) | | |
|<--------------| | |
| | | |
Figure 5: Initial Registration Flow over Route-Over Mesh
As a non-normative example of a route-over mesh, the IPv6 over the
TSCH mode of IEEE 802.15.4e (6TiSCH) architecture [6TiSCH] suggests
using the RPL [RFC6550] and collocating the RPL root with a 6LBR that
serves the LLN. The 6LBR is also either collocated with or directly
connected to the 6BBR over an IPv6 link.
3.4. The Binding Table
Addresses in an LLN that are reachable from the backbone by way of
the 6BBR function must be registered to that 6BBR, using an NS(EARO)
with the R flag set [RFC8505]. The 6BBR answers with an NA(EARO) and
maintains a state for the registration in an abstract Binding Table.
An entry in the Binding Table is called a "Binding". A Binding may
be in Tentative, Reachable, or Stale state.
The 6BBR uses a combination of [RFC8505] and IPv6 ND over the
backbone to advertise the registration and avoid a duplication.
Conflicting registrations are solved by the 6BBRs transparently to
the Registering Nodes.
Only one 6LN may register a given address, but the address may be
registered to multiple 6BBRs for higher availability.
Over the LLN, Binding Table management is as follows:
* De-registrations (newer TID, same ROVR, null Lifetime) are
accepted with a status code of 4 ("Removed"); the entry is
deleted.
* Newer registrations (newer TID, same ROVR, non-null Lifetime) are
accepted with a status code of 0 ("Success"); the Binding is
updated with the new TID, the Registration Lifetime, and the
Registering Node. In Tentative state, the EDAC response is held
and may be overwritten; in other states, the Registration Lifetime
timer is restarted, and the entry is placed in Reachable state.
* Identical registrations (same TID, same ROVR) from the same
Registering Node are accepted with a status code of 0 ("Success").
In Tentative state, the response is held and may be overwritten,
but the response is eventually produced, carrying the result of
the DAD process.
* Older registrations (older TID, same ROVR) from the same
Registering Node are discarded.
* Identical and older registrations (not-newer TID, same ROVR) from
a different Registering Node are rejected with a status code of 3
("Moved"); this may be rate-limited to avoid undue interference.
* Any registration for the same address but with a different ROVR is
rejected with a status code of 1 ("Duplicate Address").
The operation of the Binding Table is specified in detail in
Section 9.
3.5. Primary and Secondary 6BBRs
A Registering Node MAY register the same address to more than one
6BBR, in which case, the Registering Node uses the same EARO in all
the parallel registrations. On the other hand, there is no provision
in 6LoWPAN ND for a 6LN (acting as Registered Node) to select its
6LBR (acting as Registering Node), so it cannot select more than one
either. To allow for this, NS(DAD) and NA messages with an EARO
received over the backbone that indicate an identical Binding in
another 6BBR (same Registered Address, same TID, same ROVR) are
silently ignored except for the purpose of selecting the primary 6BBR
for that registration.
A 6BBR may be either primary or secondary. The primary is the 6BBR
that has the highest 64-bit Extended Unique Identifier (EUI-64)
address of all the 6BBRs that share a registration for the same
Registered Address, with the same ROVR and same Transaction ID, and
the EUI-64 address is considered an unsigned 64-bit integer. A given
6BBR can be primary for a given address and secondary for another
address, regardless of whether or not the addresses belong to the
same 6LN.
In the following sections, it is expected that an NA will be sent
over the backbone only if the node is primary or does not support the
concept of primary. More than one 6BBR claiming or defending an
address generates unwanted traffic, but there is no reachability
issue since all 6BBRs provide reachability from the backbone to the
6LN.
If a Registering Node loses connectivity to its 6BBR or one of the
6BBRs to which it registered an address, it retries the registration
to the (one or more) available 6BBR(s). When doing that, the
Registering Node MUST increment the TID in order to force the
migration of the state to the new 6BBR and the reselection of the
primary 6BBR if it is the node that was lost.
3.6. Using Optimistic DAD
ODAD [RFC4429] specifies how an IPv6 address can be used before
completion of DAD. ODAD guarantees that this behavior will not cause
harm if the new address is a duplicate.
Support for ODAD avoids delays in installing the Neighbor Cache Entry
(NCE) in the 6BBRs and the default router, enabling immediate
connectivity to the Registered Node. As shown in Figure 3, if the
6BBR is aware of the LLA of a router, then the 6BBR sends a Router
Solicitation (RS), using the Registered Address as the IP Source
Address, to the known router(s). The RS is sent without an SLLAO, to
avoid invalidating a preexisting NCE in the router.
Following ODAD, the router may then send a unicast RA to the
Registered Address, and it may resolve that address using an
NS(Lookup) message. In response, the 6BBR sends an NA with an EARO
and the Override flag [RFC4861] that is not set. The router can then
determine the freshest EARO in case of conflicting NA(EARO) messages,
using the method described in Section 5.2.1 of [RFC8505]. If the
NA(EARO) is the freshest answer, the default router creates a Binding
with the SLLAO of the 6BBR (in Routing Proxy mode) or that of the
Registering Node (in Bridging Proxy mode), so traffic from/to the
Registered Address can flow immediately.
4. Multi-Link Subnet Considerations
The backbone and the federated LLN links are considered to be
different links in the MLSN, even if multiple LLNs are attached to
the same 6BBR. ND messages are link-scoped and are not forwarded by
the 6BBR between the backbone and the LLNs, though some packets may
be reinjected in Bridging Proxy mode (see Section 8).
Legacy nodes located on the backbone expect that the subnet is
deployed within a single link and that there is a common Maximum
Transmission Unit (MTU) for intra-subnet communication: the Link MTU.
They will not perform the IPv6 Path MTU Discovery [RFC8201] for a
destination within the subnet. For that reason, the MTU MUST have
the same value on the backbone and on all federated LLNs in the MLSN.
As a consequence, the 6BBR MUST use the same MTU value in RAs over
the backbone and in the RAs that it transmits toward the LLN links.
5. Optional 6LBR Serving the Multi-Link Subnet
A 6LBR can be deployed to serve the whole MLSN as shown in Figure 4.
It may be attached to the backbone, in which case it can be
discovered by its capability advertisement (see Section 4.3 of
[RFC8505]) in RA messages.
When a 6LBR is present, the 6BBR uses an EDAR/EDAC message exchange
with the 6LBR to check if the new registration corresponds to a
duplication or a movement. This is done prior to the NS(DAD)
process, which may be avoided if the 6LBR already maintains a
conflicting state for the Registered Address.
If this registration is a duplicate or not the freshest, then the
6LBR replies with an EDAC message with a status code of 1 ("Duplicate
Address") or 3 ("Moved"), respectively. If this registration is the
freshest, then the 6LBR replies with a status code of 0 ("Success").
In that case, if this registration is fresher than an existing
registration for another 6BBR, then the 6LBR also sends an
asynchronous EDAC with a status code of 4 ("Removed") to the older
6BBR.
The EDAR message SHOULD carry the SLLAO used in NS messages by the
6BBR for that Binding, and the EDAC message SHOULD carry the Target
Link-Layer Address Option (TLLAO) associated with the currently
accepted registration. This enables a 6BBR to locate the new
position of a mobile 6LN in the case of a Routing Proxy operation and
opens the capability for the 6LBR to serve as a mapping server in the
future.
Note that if link-local addresses are registered, then the scope of
uniqueness on which the address duplication is checked is the total
collection of links that the 6LBR serves, as opposed to the sole link
on which the link-local address is assigned.
6. Using IPv6 ND over the Backbone Link
On the backbone side, the 6BBR MUST join the SNMA group corresponding
to a Registered Address as soon as it creates a Binding for that
address and maintain that SNMA membership as long as it maintains the
registration. The 6BBR uses either the SNMA or plain unicast to
defend the Registered Addresses in its Binding Table over the
backbone (as specified in [RFC4862]). The 6BBR advertises and
defends the Registered Addresses over the Backbone Link using RS,
NS(DAD), and NA messages with the Registered Address as the Source or
Target Address.
The 6BBR MUST place an EARO in the IPv6 ND messages that it generates
on behalf of the Registered Node. Note that an NS(DAD) does not
contain an SLLAO and cannot be confused with a proxy registration
such as performed by a 6LBR.
IPv6 ND operates as follows on the backbone:
* Section 7.2.8 of [RFC4861] specifies that an NA message generated
as a proxy does not have the Override flag set in order to ensure
that if the real owner is present on the link, its own NA will
take precedence, and this NA does not update the NCE for the real
owner if one exists.
* A node that receives multiple NA messages updates an existing NCE
only if the Override flag is set; otherwise, the node will probe
the cached address.
* When an NS(DAD) is received for a tentative address, which means
that two nodes form the same address at nearly the same time, the
node that first claimed the address cannot be detected per
Section 5.4.3 of [RFC4862], and the address is abandoned.
* In any case, [RFC4862] indicates that a node never responds to a
Neighbor Solicitation for a tentative address.
This specification adds information about proxied addresses that
helps to sort out a duplication (different ROVR) from a movement
(same ROVR, different TID); in the latter case, the older
registration is sorted out from the fresher one (by comparing TIDs).
When a Registering Node moves from one 6BBR to the next, the 6BBRs
send NA messages over the backbone to update existing NCEs. A node
that receives multiple NA messages with an EARO option and the same
ROVR MUST favor the NA with the freshest EARO over the others.
The new 6BBR MAY set the Override flag in the NA messages if it does
not compete with the Registering Node for the NCE in backbone nodes.
This is assured if the Registering Node is attached via an interface
that cannot be bridged onto the backbone, making it impossible for
the Registering Node to defend its own addresses there. This may
also be signaled by the Registering Node through a protocol extension
that is not in scope for this specification.
When the Binding is in Tentative state, the 6BBR acts as follows:
* an NS(DAD) that indicates a duplication can still not be asserted
for first come, but the situation can be avoided using a 6LBR on
the backbone that will serialize the order of appearance of the
address and ensure first-come, first-served.
* an NS or an NA that denotes an older registration for the same
Registered Node is not interpreted as a duplication as specified
in Sections 5.4.3 and 5.4.4 of [RFC4862], respectively.
When the Binding is no longer in Tentative state, the 6BBR acts as
follows:
* an NS or an NA with an EARO that denotes a duplicate registration
(different ROVR) is answered with an NA message that carries an
EARO with a status code of 1 ("Duplicate Address"), unless the
received message is an NA that carries an EARO with a status code
of 1 ("Duplicate Address").
In any state, the 6BBR acts as follows:
* an NS or an NA with an EARO that denotes an older registration
(same ROVR) is answered with an NA message that carries an EARO
with a status code of 3 ("Moved") to ensure that the Stale state
is removed rapidly.
This behavior is specified in more detail in Section 9.
This specification enables proxy operation for the IPv6 ND resolution
of LLN devices, and a prefix that is used across an MLSN MAY be
advertised as on-link over the backbone. This is done for backward
compatibility with existing IPv6 hosts by setting the L flag in the
Prefix Information Option (PIO) of RA messages [RFC4861].
For movement involving a slow reattachment, the NUD procedure defined
in [RFC4861] may timeout too quickly. Nodes on the backbone SHOULD
support [RFC7048] whenever possible.
7. Routing Proxy Operations
A Routing Proxy provides IPv6 ND proxy functions for Global and
Unique Local Addresses between the LLN and the backbone, but not for
link-local addresses. It operates as an IPv6 border router and
provides a full link-layer isolation.
In this mode, it is not required that the link-layer addresses of the
6LNs be visible at Layer 2 over the backbone. Thus, it is useful
when the messaging over the backbone that is associated with wireless
mobility becomes expensive, e.g., when the Layer 2 topology is
virtualized over a wide area IP underlay.
This mode is definitely required when the LLN uses a link-layer
address format that is different from that on the backbone (e.g.,
EUI-64 versus EUI-48). Since a 6LN may not be able to resolve an
arbitrary destination in the MLSN directly, a prefix that is used
across a MLSN MUST NOT be advertised as on-link in RA messages sent
towards the LLN.
In order to maintain IP connectivity, the 6BBR installs a connected
host route to the Registered Address on the LLN interface, via the
Registering Node as identified by the source address and the SLLAO in
the NS(EARO) messages.
When operating as a Routing Proxy, the 6BBR MUST use its Layer 2
address on its backbone interface in the SLLAO of the RS messages and
the TLLAO of the NA messages that it generates to advertise the
Registered Addresses.
For each Registered Address, multiple peers on the backbone may have
resolved the address with the 6BBR link-layer address, maintaining
that mapping in their Neighbor Cache. The 6BBR SHOULD maintain a
list of the peers on the backbone that have associated its link-layer
address with the Registered Address. If that Registered Address
moves to another 6BBR, the previous 6BBR SHOULD unicast a gratuitous
NA to each such peer, to supply the LLA of the new 6BBR in the TLLAO
for the address. A 6BBR that does not maintain this list MAY
multicast a gratuitous NA message; this NA will possibly hit all the
nodes on the backbone, whether or not they maintain an NCE for the
Registered Address. In either case, the 6BBR MAY set the Override
flag if it is known that the Registered Node cannot attach to the
backbone; this will avoid interruptions and save probing flows in the
future.
If a correspondent fails to receive the gratuitous NA, it will keep
sending traffic to a 6BBR to which the node was previously
registered. Since the previous 6BBR removed its host route to the
Registered Address, it will look up the address over the backbone,
resolve the address with the LLA of the new 6BBR, and forward the
packet to the correct 6BBR. The previous 6BBR SHOULD also issue a
redirect message [RFC4861] to update the cache of the correspondent.
8. Bridging Proxy Operations
A Bridging Proxy provides IPv6 ND proxy functions between the LLN and
the backbone while preserving the forwarding continuity at the link
layer. It acts as a Layer 2 bridge for all types of unicast packets
including link-scoped, and it appears as an IPv6 Host on the
backbone.
The Bridging Proxy registers any Binding, including a link-local
address to the 6LBR (if present), and defends it over the backbone in
IPv6 ND procedures.
To achieve this, the Bridging Proxy intercepts the IPv6 ND messages
and may reinject them on the other side, respond directly, or drop
them. For instance, an NS(Lookup) from the backbone that matches a
Binding can be responded to directly or turned into a unicast on the
LLN side to let the 6LN respond.
As a Bridging Proxy, the 6BBR MUST use the Registering Node's Layer 2
address in the SLLAO of the NS/RS messages and the TLLAO of the NA
messages that it generates to advertise the Registered Addresses.
The Registering Node's Layer 2 address is found in the SLLAO of the
registration NS(EARO) and maintained in the Binding Table.
The MLSN prefix SHOULD NOT be advertised as on-link in RA messages
sent towards the LLN. If a destination address is seen as on-link,
then a 6LN may use NS(Lookup) messages to resolve that address. In
that case, the 6BBR MUST either answer the NS(Lookup) message
directly or reinject the message on the backbone, as either a Layer 2
unicast or a multicast.
If the Registering Node owns the Registered Address, meaning that the
Registering Node is the Registered Node, then its mobility does not
impact existing NCEs over the backbone. In a network where proxy
registrations are used, meaning that the Registering Node acts on
behalf of the Registered Node, if the Registered Node selects a new
Registering Node, then the existing NCEs across the backbone pointing
at the old Registering Node must be updated. In that case, the 6BBR
SHOULD attempt to fix the existing NCEs across the backbone pointing
at other 6BBRs using NA messages as described in Section 7.
This method can fail if the multicast message is not received; one or
more correspondent nodes on the backbone might maintain a stale NCE,
and packets to the Registered Address may be lost. When this
condition happens, it is eventually discovered and resolved using NUD
as defined in [RFC4861].
9. Creating and Maintaining a Binding
Upon receiving a registration for a new address (i.e., an NS(EARO)
with the R flag set), the 6BBR creates a Binding and operates as a
6LR according to [RFC8505], interacting with the 6LBR if one is
present.
An implementation of a Routing Proxy that creates a Binding MUST also
create an associated host route pointing to the Registering Node in
the LLN interface from which the registration was received.
Acting as a 6BBR, the 6LR operation is modified as follows:
* Acting as a Bridging Proxy, the 6LR MUST ND proxy over the
backbone for registered link-local addresses.
* EDAR and EDAC messages SHOULD carry an SLLAO and a TLLAO,
respectively.
* An EDAC message with a status code of 9 ("6LBR Registry
Saturated") is assimilated as a status code of 0 ("Success") if a
following DAD process protects the address against duplication.
This specification enables nodes on a Backbone Link to coexist along
with nodes implementing IPv6 ND [RFC4861] as well as other non-
normative specifications such as [SAVI-WLAN]. It is possible that
not all IPv6 addresses on the backbone are registered and known to
the 6LBR, and an EDAR/EDAC exchange with the 6LBR might succeed even
for a duplicate address. Consequently, the 6BBR still needs to
perform IPv6 ND DAD over the backbone after an EDAC with a status
code of 0 ("Success") or 9 ("6LBR Registry Saturated").
For the DAD operation, the Binding is placed in Tentative state for a
duration of TENTATIVE_DURATION (Section 12), and an NS(DAD) message
is sent as a multicast message over the backbone to the SNMA
associated with the Registered Address [RFC4862]. The EARO from the
registration MUST be placed unchanged in the NS(DAD) message.
If a registration is received for an existing Binding with a non-null
Registration Lifetime and the registration is fresher (same ROVR,
fresher TID), then the Binding is updated with the new Registration
Lifetime, TID, and possibly Registering Node. In Tentative state
(see Section 9.1), the current DAD operation continues unaltered. In
other states (see Sections 9.2 and 9.3 ), the Binding is placed in
Reachable state for the Registration Lifetime, and the 6BBR returns
an NA(EARO) to the Registering Node with a status code of 0
("Success").
Upon a registration that is identical (same ROVR, TID, and
Registering Node), the 6BBR does not alter its current state. In
Reachable state, it returns an NA(EARO) back to the Registering Node
with a status code of 0 ("Success"). A registration that is not as
fresh (same ROVR, older TID) is ignored.
If a registration is received for an existing Binding and a
Registration Lifetime of 0, then the Binding is removed, and the 6BBR
returns an NA(EARO) back to the Registering Node with a status code
of 0 ("Success"). An implementation of a Routing Proxy that removes
a Binding MUST remove the associated host route pointing on the
Registering Node.
The old 6BBR removes its Binding Table entry and notifies the
Registering Node with a status code of 3 ("Moved") if a new 6BBR
claims a fresher registration (same ROVR, fresher TID) for the same
address. The old 6BBR MAY preserve a temporary state in order to
forward packets in flight. The state may be, for instance, an NCE
that was formed when an NA message was received. It may also be a
Binding Table entry in Stale state, pointing at the new 6BBR on the
backbone or any other abstract cache entry that can be used to
resolve the link-layer address of the new 6BBR. The old 6BBR SHOULD
also use REDIRECT messages pointing at the new 6BBR to update the
correspondents of the Registered Address, as specified in [RFC4861].
9.1. Operations on a Binding in Tentative State
The Tentative state covers a DAD period over the backbone during
which an address being registered is checked for duplication using
the procedures defined in [RFC4862].
For a Binding in Tentative state:
* The Binding MUST be removed if an NA message is received over the
backbone for the Registered Address with no EARO or with an EARO
that indicates an existing registration owned by a different
Registering Node (different ROVR). In that case, an NA is sent
back to the Registering Node with a status code of 1 ("Duplicate
Address") to indicate that the Binding has been rejected. This
behavior might be overridden by policy, in particular if the
registration is trusted, e.g., based on the validation of the ROVR
field (see [RFC8928]).
* The Binding MUST be removed if an NS(DAD) message is received over
the backbone for the Registered Address with no EARO or with an
EARO that has a different ROVR that indicates a tentative
registration by a different Registering Node. In that case, an NA
is sent back to the Registering Node with a status code of 1
("Duplicate Address"). This behavior might be overridden by
policy, in particular if the registration is trusted, e.g., based
on the validation of the ROVR field (see [RFC8928]).
* The Binding MUST be removed if an NA or an NS(DAD) message is
received over the backbone for the Registered Address and contains
an EARO that indicates a fresher registration [RFC8505] for the
same Registering Node (same ROVR). In that case, an NA MUST be
sent back to the Registering Node with a status code of 3
("Moved").
* The Binding MUST be kept unchanged if an NA or an NS(DAD) message
is received over the backbone for the Registered Address and
contains an EARO that indicates an older registration [RFC8505]
for the same Registering Node (same ROVR). The message is
answered with an NA that carries an EARO with a status code of 3
("Moved") and the Override flag not set. This behavior might be
overridden by policy, in particular if the registration is not
trusted.
* Other NS(DAD) and NA messages from the backbone are ignored.
* NS(Lookup) and NS(NUD) messages SHOULD be optimistically answered
with an NA message containing an EARO with a status code of 0
("Success") and the Override flag not set (see Section 3.6). If
optimistic DAD is disabled, then they SHOULD be queued to be
answered when the Binding goes to Reachable state.
When the TENTATIVE_DURATION (Section 12) timer elapses, the Binding
is placed in Reachable state for the Registration Lifetime, and the
6BBR returns an NA(EARO) to the Registering Node with a status code
of 0 ("Success").
The 6BBR also attempts to take over any existing Binding from other
6BBRs and to update existing NCEs in backbone nodes. This is done by
sending an NA message with an EARO and the Override flag not set over
the backbone (see Sections 7 and 8).
9.2. Operations on a Binding in Reachable State
The Reachable state covers an active registration after a successful
DAD process.
If the Registration Lifetime is of a long duration, an implementation
might be configured to reassess the availability of the Registering
Node at a lower period, using a NUD procedure as specified in
[RFC7048]. If the NUD procedure fails, the Binding SHOULD be placed
in Stale state immediately.
For a Binding in Reachable state:
* The Binding MUST be removed if an NA or an NS(DAD) message is
received over the backbone for the Registered Address and contains
an EARO that indicates a fresher registration [RFC8505] for the
same Registered Node (i.e., same ROVR but fresher TID). A status
code of 4 ("Removed") is returned in an asynchronous NA(EARO) to
the Registering Node. Based on configuration, an implementation
may delay this operation by a timer with a short setting, e.g., a
few seconds to a minute, in order to allow for a parallel
registration to reach this node, in which case the NA might be
ignored.
* NS(DAD) and NA messages containing an EARO that indicates a
registration for the same Registered Node that is not as fresh as
this Binding MUST be answered with an NA message containing an
EARO with a status code of 3 ("Moved").
* An NS(DAD) with no EARO or with an EARO that indicates a duplicate
registration (i.e., different ROVR) MUST be answered with an NA
message containing an EARO with a status code of 1 ("Duplicate
Address") and the Override flag not set, unless the received
message is an NA that carries an EARO with a status code of 1
("Duplicate Address"), in which case the node refrains from
answering.
* Other NS(DAD) and NA messages from the backbone are ignored.
* NS(Lookup) and NS(NUD) messages SHOULD be answered with an NA
message containing an EARO with a status code of 0 ("Success") and
the Override flag not set. The 6BBR MAY check whether the
Registering Node is still available using a NUD procedure over the
LLN prior to answering; this behavior depends on the use case and
is subject to configuration.
When the Registration Lifetime timer elapses, the Binding is placed
in Stale state for a duration of STALE_DURATION (Section 12).
9.3. Operations on a Binding in Stale State
The Stale state enables tracking of the backbone peers that have a
NCE pointing to this 6BBR in case the Registered Address shows up
later.
If the Registered Address is claimed by another 6LN on the backbone,
with an NS(DAD) or an NA, the 6BBR does not defend the address.
For a Binding in Stale state:
* The Binding MUST be removed if an NA or an NS(DAD) message is
received over the backbone for the Registered Address with no EARO
or with an EARO that indicates either a fresher registration for
the same Registered Node or a duplicate registration. A status
code of 4 ("Removed") MAY be returned in an asynchronous NA(EARO)
to the Registering Node.
* NS(DAD) and NA messages containing an EARO that indicates a
registration for the same Registered Node that is not as fresh as
this MUST be answered with an NA message containing an EARO with a
status code of 3 ("Moved").
* If the 6BBR receives an NS(Lookup) or an NS(NUD) message for the
Registered Address, the 6BBR MUST attempt a NUD procedure as
specified in [RFC7048] to the Registering Node, targeting the
Registered Address, prior to answering. If the NUD procedure
succeeds, the operation in Reachable state applies. If the NUD
fails, the 6BBR refrains from answering.
* Other NS(DAD) and NA messages from the backbone are ignored.
When the STALE_DURATION (Section 12) timer elapses, the Binding MUST
be removed.
10. Registering Node Considerations
A Registering Node MUST implement [RFC8505] in order to interact with
a 6BBR (which acts as a Routing Registrar). Following [RFC8505], the
Registering Node signals that it requires IPv6 ND proxy services from
a 6BBR by registering the corresponding IPv6 address using an
NS(EARO) message with the R flag set.
The Registering Node may be the 6LN owning the IPv6 address or a 6LBR
that performs the registration on its behalf in a route-over mesh.
A 6LN MUST register all of its IPv6 addresses to its 6LR, which is
the 6BBR when they are connected at Layer 2. Failure to register an
address may result in the address being unreachable by other parties.
This would happen, for instance, if the 6BBR propagates the
NS(Lookup) from the backbone only to the LLN nodes that do not
register their addresses.
The Registering Node MUST refrain from using multicast NS(Lookup)
when the destination is not known as on-link, e.g., if the prefix is
advertised in a PIO with the L flag not set. In that case, the
Registering Node sends its packets directly to its 6LR.
The Registering Node SHOULD also follow BCP 202 [RFC7772] in order to
limit the use of multicast RAs. It SHOULD also implement "Simple
Procedures for Detecting Network Attachment in IPv6" [RFC6059] (DNA
procedures) to detect movements and support "Packet-Loss Resiliency
for Router Solicitations" [RFC7559] in order to improve reliability
for the unicast RS messages.
11. Security Considerations
The procedures in this document modify the mechanisms used for IPv6
ND and DAD and should not affect other aspects of IPv6 or higher-
level-protocol operation. As such, the main classes of attacks that
are in play are those that work to block Neighbor Discovery or to
forcibly claim an address that another node is attempting to use. In
the absence of cryptographic protection at higher layers, the latter
class of attacks can have significant consequences, with the attacker
being able to read all the "stolen" traffic that was directed to the
target of the attack.
This specification applies to LLNs and a backbone in which the
individual links are protected against rogue access on the LLN by
authenticating a node that attaches to the network and encrypting the
transmissions at the link layer and on the backbone side, using the
physical security and access control measures that are typically
applied there; thus, packets may neither be forged nor overheard.
In particular, the LLN link layer is required to provide secure
unicast to/from the Backbone Router and secure broadcast from the
routers in a way that prevents tampering with or replaying the ND
messages.
For the IPv6 ND operation over the backbone, and unless the classical
ND is disabled (e.g., by configuration), the classical ND messages
are interpreted as emitted by the address owner and have precedence
over the 6BBR that is only a proxy.
As a result, the security threats that are detailed in Section 11.1
of [RFC4861] fully apply to this specification as well. In short:
* Any node that can send a packet on the backbone can take over any
address, including addresses of LLN nodes, by claiming it with an
NA message and the Override bit set. This means that the real
owner will stop receiving its packets.
* Any node that can send a packet on the backbone can forge traffic
and pretend it is issued from an address that it does not own,
even if it did not claim the address using ND.
* Any node that can send a packet on the backbone can present itself
as a preferred router to intercept all traffic outgoing on the
subnet. It may even expose a prefix on the subnet as "not-on-
link" and intercept all the traffic within the subnet.
* If the rogue can receive a packet from the backbone, it can also
snoop all the intercepted traffic, by stealing an address or the
role of a router.
This means that any rogue access to the backbone must be prevented at
all times, and nodes that are attached to the backbone must be fully
trusted / never compromised.
Using address registration as the sole ND mechanism on a link and
coupling it with [RFC8928] guarantees the ownership of a Registered
Address within that link.
* The protection is based on a proof of ownership encoded in the
ROVR field, and it protects against address theft and
impersonation by a 6LN, because the 6LR can challenge the
Registered Node for a proof of ownership.
* The protection extends to the full LLN in the case of an LLN link,
but it does not extend over the backbone since the 6BBR cannot
provide the proof of ownership when it defends the address.
A possible attack over the backbone can be done by sending an NS with
an EARO and expecting the NA(EARO) back to contain the TID and ROVR
fields of the existing state. With that information, the attacker
can easily increase the TID and take over the Binding.
If the classical ND is disabled on the backbone and the use of
[RFC8928] and a 6LBR are mandated, the network will benefit from the
following new advantages:
Zero-trust security for ND flows within the whole subnet: the
increased security that [RFC8928] provides on the LLN will also
apply to the backbone; it becomes impossible for an attached node
to claim an address that belongs to another node using ND, and the
network can filter packets that are not originated by the owner of
the source address (Source Address Validation Improvement (SAVI)),
as long as the routers are known and trusted.
Remote ND DoS attack avoidance: the complete list of addresses in
the network will be known to the 6LBR and available to the default
router; with that information, the router does not need to send a
multicast NS(Lookup) in case of a Neighbor Cache miss for an
incoming packet, which is a source of remote DoS attack against
the network.
Less IPv6 ND-related multicast on the backbone: DAD and NS(Lookup)
become unicast queries to the 6LBR.
Better DAD operation on wireless: DAD has been found to fail to
detect duplications on large Wi-Fi infrastructures due to the
unreliable broadcast operation on wireless; using a 6LBR enables a
unicast lookup.
Less Layer 2 churn on the backbone: Using the Routing Proxy
approach, the link-layer address of the LLN devices and their
mobility are not visible in the backbone; only the link-Layer
addresses of the 6BBR and backbone nodes are visible at Layer 2 on
the backbone. This is mandatory for LLNs that cannot be bridged
on the backbone and useful in any case to scale down, stabilize
the forwarding tables at Layer 2, and avoid the gratuitous frames
that are typically broadcasted to fix the transparent bridging
tables when a wireless node roams from an AP to the next.
This specification introduces a 6BBR that is a router on the path of
the LLN traffic and a 6LBR that is used for the lookup. They could
be interesting targets for an attacker. A compromised 6BBR can
accept a registration but block the traffic or refrain from proxying.
A compromised 6LBR may unduly accept the transfer of ownership of an
address or block a newcomer by faking that its address is a
duplicate. But those attacks are possible in a classical network
from a compromised default router and a DHCP server, respectively,
and can be prevented using the same methods.
A possible attack over the LLN can still be done by compromising a
6LR. A compromised 6LR may modify the ROVR of EDAR messages in
flight and transfer the ownership of the Registered Address to itself
or a tier. It may also claim that a ROVR was validated when it
really wasn't and reattribute an address to itself or to an attached
6LN. This means that 6LRs, as well as 6LBRs and 6BBRS, must still be
fully trusted / never compromised.
This specification mandates checking on the 6LBR on the backbone
before doing the classical DAD, in case the address already exists.
This may delay the DAD operation and should be protected by a short
timer, in the order of 100 ms or less, which will only represent a
small extra delay versus the 1 s wait of the DAD operation.
12. Protocol Constants
This specification uses the following constants:
TENTATIVE_DURATION: 800 milliseconds
In LLNs with long-lived addresses such as Low-Power WAN (LPWANs),
STALE_DURATION SHOULD be configured with a relatively long value to
cover an interval when the address may be reused and before it is
safe to expect that the address was definitively released. A good
default value is 24 hours. In LLNs where addresses are renewed
rapidly, e.g., for privacy reasons, STALE_DURATION SHOULD be
configured with a relatively shorter value -- 5 minutes by default.
13. IANA Considerations
This document has no IANA actions.
14. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, DOI 10.17487/RFC4291, February
2006, <https://www.rfc-editor.org/info/rfc4291>.
[RFC4429] Moore, N., "Optimistic Duplicate Address Detection (DAD)
for IPv6", RFC 4429, DOI 10.17487/RFC4429, April 2006,
<https://www.rfc-editor.org/info/rfc4429>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC4862] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
Address Autoconfiguration", RFC 4862,
DOI 10.17487/RFC4862, September 2007,
<https://www.rfc-editor.org/info/rfc4862>.
[RFC6059] Krishnan, S. and G. Daley, "Simple Procedures for
Detecting Network Attachment in IPv6", RFC 6059,
DOI 10.17487/RFC6059, November 2010,
<https://www.rfc-editor.org/info/rfc6059>.
[RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
Bormann, "Neighbor Discovery Optimization for IPv6 over
Low-Power Wireless Personal Area Networks (6LoWPANs)",
RFC 6775, DOI 10.17487/RFC6775, November 2012,
<https://www.rfc-editor.org/info/rfc6775>.
[RFC7048] Nordmark, E. and I. Gashinsky, "Neighbor Unreachability
Detection Is Too Impatient", RFC 7048,
DOI 10.17487/RFC7048, January 2014,
<https://www.rfc-editor.org/info/rfc7048>.
[RFC7559] Krishnan, S., Anipko, D., and D. Thaler, "Packet-Loss
Resiliency for Router Solicitations", RFC 7559,
DOI 10.17487/RFC7559, May 2015,
<https://www.rfc-editor.org/info/rfc7559>.
[RFC7772] Yourtchenko, A. and L. Colitti, "Reducing Energy
Consumption of Router Advertisements", BCP 202, RFC 7772,
DOI 10.17487/RFC7772, February 2016,
<https://www.rfc-editor.org/info/rfc7772>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", STD 86, RFC 8200,
DOI 10.17487/RFC8200, July 2017,
<https://www.rfc-editor.org/info/rfc8200>.
[RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
"Path MTU Discovery for IP version 6", STD 87, RFC 8201,
DOI 10.17487/RFC8201, July 2017,
<https://www.rfc-editor.org/info/rfc8201>.
[RFC8505] Thubert, P., Ed., Nordmark, E., Chakrabarti, S., and C.
Perkins, "Registration Extensions for IPv6 over Low-Power
Wireless Personal Area Network (6LoWPAN) Neighbor
Discovery", RFC 8505, DOI 10.17487/RFC8505, November 2018,
<https://www.rfc-editor.org/info/rfc8505>.
15. Informative References
[6TiSCH] Thubert, P., "An Architecture for IPv6 over the TSCH mode
of IEEE 802.15.4", Work in Progress, Internet-Draft,
draft-ietf-6tisch-architecture-29, 27 August 2020,
<https://tools.ietf.org/html/draft-ietf-6tisch-
architecture-29>.
[DAD-APPROACHES]
Nordmark, E., "Possible approaches to make DAD more robust
and/or efficient", Work in Progress, Internet-Draft,
draft-nordmark-6man-dad-approaches-02, 19 October 2015,
<https://tools.ietf.org/html/draft-nordmark-6man-dad-
approaches-02>.
[DAD-ISSUES]
Yourtchenko, A. and E. Nordmark, "A survey of issues
related to IPv6 Duplicate Address Detection", Work in
Progress, Internet-Draft, draft-yourtchenko-6man-dad-
issues-01, 3 March 2015, <https://tools.ietf.org/html/
draft-yourtchenko-6man-dad-issues-01>.
[IEEEstd80211]
IEEE, "IEEE Standard for Information technology--
Telecommunications and information exchange between
systems Local and metropolitan area networks--Specific
requirements - Part 11: Wireless LAN Medium Access Control
(MAC) and Physical Layer (PHY) Specifications",
IEEE 802.11-2012, DOI 10.1109/ieeestd.2016.7786995,
December 2016,
<https://ieeexplore.ieee.org/document/7786995>.
[IEEEstd802151]
IEEE, "IEEE Standard for Information technology--Local and
metropolitan area networks--Specific requirements--Part
15.1a: Wireless Medium Access Control (MAC) and Physical
Layer (PHY) specifications for Wireless Personal Area
Networks (WPAN)", IEEE 802.15.1-2005,
DOI 10.1109/ieeestd.2005.96290, June 2005,
<https://ieeexplore.ieee.org/document/1490827>.
[IEEEstd802154]
IEEE, "IEEE Standard for Local and metropolitan area
networks--Part 15.4: Low-Rate Wireless Personal Area
Networks (LR-WPANs)", IEEE 802.15.4-2011,
DOI 10.1109/ieeestd.2011.6012487, September 2011,
<https://ieeexplore.ieee.org/document/6012487>.
[IEEEstd8021Q]
IEEE, "IEEE Standard for Local and Metropolitan Area
Networks--Bridges and Bridged Networks", IEEE 802.1Q-2018,
DOI 10.1109/IEEESTD.2018.8403927, July 2018,
<https://ieeexplore.ieee.org/document/8403927>.
[MCAST-PROBLEMS]
Perkins, C. E., McBride, M., Stanley, D., Kumari, W., and
J. C. Zuniga, "Multicast Considerations over IEEE 802
Wireless Media", Work in Progress, Internet-Draft, draft-
ietf-mboned-ieee802-mcast-problems-12, 26 October 2020,
<https://tools.ietf.org/html/draft-ietf-mboned-ieee802-
mcast-problems-12>.
[RFC4271] Rekhter, Y., Ed., Li, T., Ed., and S. Hares, Ed., "A
Border Gateway Protocol 4 (BGP-4)", RFC 4271,
DOI 10.17487/RFC4271, January 2006,
<https://www.rfc-editor.org/info/rfc4271>.
[RFC4389] Thaler, D., Talwar, M., and C. Patel, "Neighbor Discovery
Proxies (ND Proxy)", RFC 4389, DOI 10.17487/RFC4389, April
2006, <https://www.rfc-editor.org/info/rfc4389>.
[RFC4903] Thaler, D., "Multi-Link Subnet Issues", RFC 4903,
DOI 10.17487/RFC4903, June 2007,
<https://www.rfc-editor.org/info/rfc4903>.
[RFC5340] Coltun, R., Ferguson, D., Moy, J., and A. Lindem, "OSPF
for IPv6", RFC 5340, DOI 10.17487/RFC5340, July 2008,
<https://www.rfc-editor.org/info/rfc5340>.
[RFC5415] Calhoun, P., Ed., Montemurro, M., Ed., and D. Stanley,
Ed., "Control And Provisioning of Wireless Access Points
(CAPWAP) Protocol Specification", RFC 5415,
DOI 10.17487/RFC5415, March 2009,
<https://www.rfc-editor.org/info/rfc5415>.
[RFC6275] Perkins, C., Ed., Johnson, D., and J. Arkko, "Mobility
Support in IPv6", RFC 6275, DOI 10.17487/RFC6275, July
2011, <https://www.rfc-editor.org/info/rfc6275>.
[RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks", RFC 6550,
DOI 10.17487/RFC6550, March 2012,
<https://www.rfc-editor.org/info/rfc6550>.
[RFC6606] Kim, E., Kaspar, D., Gomez, C., and C. Bormann, "Problem
Statement and Requirements for IPv6 over Low-Power
Wireless Personal Area Network (6LoWPAN) Routing",
RFC 6606, DOI 10.17487/RFC6606, May 2012,
<https://www.rfc-editor.org/info/rfc6606>.
[RFC6830] Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
Locator/ID Separation Protocol (LISP)", RFC 6830,
DOI 10.17487/RFC6830, January 2013,
<https://www.rfc-editor.org/info/rfc6830>.
[RFC7432] Sajassi, A., Ed., Aggarwal, R., Bitar, N., Isaac, A.,
Uttaro, J., Drake, J., and W. Henderickx, "BGP MPLS-Based
Ethernet VPN", RFC 7432, DOI 10.17487/RFC7432, February
2015, <https://www.rfc-editor.org/info/rfc7432>.
[RFC8273] Brzozowski, J. and G. Van de Velde, "Unique IPv6 Prefix
per Host", RFC 8273, DOI 10.17487/RFC8273, December 2017,
<https://www.rfc-editor.org/info/rfc8273>.
[RFC8928] Thubert, P., Ed., Sarikaya, B., Sethi, M., and R. Struik,
"Address-Protected Neighbor Discovery for Low-Power and
Lossy Networks", RFC 8928, DOI 10.17487/RFC8928, November
2020, <https://www.rfc-editor.org/info/rfc8928>.
[RIFT] Przygienda, T., Sharma, A., Thubert, P., Rijsman, B., and
D. Afanasiev, "RIFT: Routing in Fat Trees", Work in
Progress, Internet-Draft, draft-ietf-rift-rift-12, 26 May
2020,
<https://tools.ietf.org/html/draft-ietf-rift-rift-12>.
[RPL-LEAVES]
Thubert, P. and M. C. Richardson, "Routing for RPL
Leaves", Work in Progress, Internet-Draft, draft-ietf-
roll-unaware-leaves-23, 10 November 2020,
<https://tools.ietf.org/html/draft-ietf-roll-unaware-
leaves-23>.
[RS-REFRESH]
Nordmark, E., Yourtchenko, A., and S. Krishnan, "IPv6
Neighbor Discovery Optional RS/RA Refresh", Work in
Progress, Internet-Draft, draft-ietf-6man-rs-refresh-02,
31 October 2016, <https://tools.ietf.org/html/draft-ietf-
6man-rs-refresh-02>.
[SAVI-WLAN]
Bi, J., Wu, J., Wang, Y., and T. Lin, "A SAVI Solution for
WLAN", Work in Progress, Internet-Draft, draft-bi-savi-
wlan-20, 14 November 2020,
<https://tools.ietf.org/html/draft-bi-savi-wlan-20>.
[UNICAST-LOOKUP]
Thubert, P. and E. Levy-Abegnoli, "IPv6 Neighbor Discovery
Unicast Lookup", Work in Progress, Internet-Draft, draft-
thubert-6lo-unicast-lookup-00, 25 January 2019,
<https://tools.ietf.org/html/draft-thubert-6lo-unicast-
lookup-00>.
Appendix A. Possible Future Extensions
With the current specification, the 6LBR is not leveraged to avoid
multicast NS(Lookup) on the backbone. This could be done by adding a
lookup procedure in the EDAR/EDAC exchange.
By default, the specification does not have a fine-grained trust
model: all nodes that can authenticate to the LLN link layer or
attach to the backbone are equally trusted. It would be desirable to
provide a stronger authorization model, e.g., whereby nodes that
associate their address with a proof of ownership [RFC8928] should be
trusted more than nodes that do not. Such a trust model and related
signaling could be added in the future to override the default
operation and favor trusted nodes.
As an alternate to the ND Proxy operation, the registration may be
redistributed as a host route in a routing protocol that would
operate over the backbone; this is already happening in IoT networks
[RPL-LEAVES] and Data Center Routing [RIFT] and could be extended to
other protocols, e.g., BGP [RFC4271] and OSPFv3 [RFC5340]. The
registration may also be advertised in an overlay protocol such as
Mobile IPv6 (MIPv6) [RFC6275], the Locator/ID Separation Protocol
(LISP) [RFC6830], or Ethernet VPN (EVPN) [RFC7432].
Appendix B. Applicability and Requirements Served
This document specifies ND proxy functions that can be used to
federate an IPv6 Backbone Link and multiple IPv6 LLNs into a single
MLSN. The ND proxy functions enable IPv6 ND services for DAD and
address lookup that do not require broadcasts over the LLNs.
The term LLN is used to cover multiple types of WLANs and WPANs,
including (Low-Power) Wi-Fi, BLUETOOTH(R) Low Energy, IEEE Std
802.11ah and IEEE Std 802.15.4 wireless meshes, and the types of
networks listed in "Requirements Related to Various Low-Power Link
Types" (see Appendix B.3 of [RFC8505]).
Each LLN in the subnet is attached to a 6BBR. The Backbone Routers
interconnect the LLNs and advertise the addresses of the 6LNs over
the Backbone Link using ND proxy operations.
This specification updates IPv6 ND over the backbone to distinguish
address movement from duplication and eliminate Stale state in the
backbone routers and backbone nodes once a 6LN has roamed. This way,
mobile nodes may roam rapidly from one 6BBR to the next, and
requirements are met per "Requirements Related to Mobility" (see
Appendix B.1 of [RFC8505]).
A 6LN can register its IPv6 addresses and thereby obtain ND proxy
services over the backbone, meeting the requirements expressed in
"Requirements Related to Proxy Operations" (see Appendix B.4 of
[RFC8505].
The negative impact of the IPv6 ND-related broadcasts can be limited
to one of the federated links, enabling the number of 6LNs to grow.
The Routing Proxy operation avoids the need to expose the link-layer
addresses of the 6LNs onto the backbone, keeping the Layer 2 topology
simple and stable. This meets the requirements in "Requirements
Related to Scalability" (see Appendix B.6 of [RFC8505]), as long as
the 6BBRs are dimensioned for the number of registrations that each
needs to support.
In the case of a Wi-Fi access link, a 6BBR may be collocated with the
AP, a Fabric Edge (FE), or a Control and Provisioning of Wireless
Access Points (CAPWAP) [RFC5415] Wireless LAN Controller (WLC). In
those cases, the wireless client (STA) is the 6LN that makes use of
[RFC8505] to register its IPv6 address(es) to the 6BBR acting as the
Routing Registrar. The 6LBR can be centralized and either connected
to the Backbone Link or reachable over IP. The 6BBR ND proxy
operations eliminate the need for wireless nodes to respond
synchronously when a lookup is performed for their IPv6 addresses.
This provides the function of a Sleep Proxy for ND [DAD-APPROACHES].
For the Time-Slotted Channel Hopping (TSCH) mode of [IEEEstd802154],
the 6TiSCH architecture [6TiSCH] describes how a 6LoWPAN ND host
could connect to the Internet via a RPL mesh network, but doing so
requires extensions to the 6LOWPAN ND protocol to support mobility
and reachability in a secure and manageable environment. The
extensions detailed in this document also work for the 6TiSCH
architecture, serving the requirements listed in "Requirements
Related to Routing Protocols" (see Appendix B.2 of [RFC8505]).
The registration mechanism may be seen as a more reliable alternate
to snooping [SAVI-WLAN]. Note that registration and snooping are not
mutually exclusive. Snooping may be used in conjunction with the
registration for nodes that do not register their IPv6 addresses.
The 6BBR assumes that if a node registers at least one IPv6 address
to it, then the node registers all of its addresses to the 6BBR.
With this assumption, the 6BBR can possibly cancel all undesirable
multicast NS messages that would otherwise have been delivered to
that node.
Scalability of the MLSN [RFC4903] requires avoidance of multicast/
broadcast operations as much as possible even on the backbone
[MCAST-PROBLEMS]. Although hosts can connect to the backbone using
IPv6 ND operations, multicast RAs can be saved by using [RS-REFRESH],
which also requires the support of [RFC7559].
Acknowledgments
Many thanks to Dorothy Stanley, Thomas Watteyne, and Jerome Henry for
their various contributions. Also, many thanks to Timothy Winters
and Erik Nordmark for their help, review, and support in preparation
for the IESG cycle and to Kyle Rose, Elwyn Davies, Barry Leiba, Mirja
Kühlewind, Alvaro Retana, Roman Danyliw, and especially Dominique
Barthel and Benjamin Kaduk for their useful contributions through the
IETF Last Call and IESG process.
Authors' Addresses
Pascal Thubert (editor)
Cisco Systems, Inc.
Building D
45 Allee des Ormes - BP1200
06254 MOUGINS - Sophia Antipolis
France
Phone: +33 497 23 26 34
Email: pthubert@cisco.com
Charles E. Perkins
Blue Meadow Networking
Saratoga, CA 95070
United States of America
Email: charliep@computer.org
Eric Levy-Abegnoli
Cisco Systems, Inc.
Building D
45 Allee des Ormes - BP1200
06254 MOUGINS - Sophia Antipolis
France
Phone: +33 497 23 26 20
Email: elevyabe@cisco.com