When to use RFC 6553, 6554 and IPv6-in-IPv6

RPL (IPv6 Routing Protocol for Low-Power and Lossy Networks) is a routing protocol for constrained networks. RFC 6553 defines the "RPL option" (RPI), carried within the IPv6 Hop-by-Hop header to quickly identify inconsistencies (loops) in the routing topology. RFC 6554 defines the "RPL Source Route Header" (RH3), an IPv6 Extension Header to deliver datagrams within a RPL routing domain, particularly in non-storing mode. These various items are referred to as RPL artifacts, and they are seen on all of the data-plane traffic that occurs in RPL routed networks; they do not in general appear on the RPL control plane traffic at all which is mostly hop-by-hop traffic (one exception being DAO messages in non-storing mode). It has become clear from attempts to do multi-vendor interoperability, and from a desire to compress as many of the above artifacts as possible that not all implementors agree when artifacts are necessary, or when they can be safely omitted, or removed. An interim meeting went through the 24 cases defined here to discover if there were any shortcuts, and this document is the result of that discussion. This document clarifies what is the correct and the incorrect behaviour. The related document A Routing Header Dispatch for 6LoWPAN (6LoRH) defines a method to compress RPL Option information and Routing Header type 3 , an efficient IP-in-IP technique, and use cases proposed for the involving 6loRH.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Terminology defined in applies to this document: LBR, LLN, RPL, RPL Domain and ROLL. RPL-node: A device which implements RPL, thus we can say that the device is RPL-capable or RPL-aware. Please note that the device can be found inside the LLN or outside LLN. In this document a RPL-node which is a leaf of a DODAG is called RPL-aware-leaf. RPL-not-capable: A device which does not implement RPL, thus we can say that the device is not-RPL-aware. Please note that the device can be found inside the LLN. In this document a not-RPL-aware node which is a leaf of a DODAG is called not-RPL-aware-leaf. pledge: a new device which seeks admission to a network. (from ) Join Registrar and Coordinator (JRC): a device which brings new nodes (pledges) into a network. (from ) Flag day: A "flag day" is a procedure in which the network, or a part of it, is changed during a planned outage, or suddenly, causing an outage while the network recovers

The term "hop-by-hop IPv6-in-IPv6" header refers to: adding a header that originates from a node to an adjacent node, using the addresses (usually the GUA or ULA, but could use the link-local addresses) of each node. If the packet must traverse multiple hops, then it must be decapsulated at each hop, and then re-encapsulated again in a similar fashion.

states as showed below, that in the Option Type field of the RPL Option header, the two high order bits MUST be set to '01' and the third bit is equal to '1'. The first two bits indicate that the IPv6 node MUST discard the packet if it doesn't recognize the option type, and the third bit indicates that the Option Data may change en route. The remaining bits serve as the option type.

Recent changes in (section 4, page 8), states: "it is now expected that nodes along a packet's delivery path only examine and process the Hop-by-Hop Options header if explicitly configured to do so". Processing of the Hop-by-Hop Options header (by IPv6 intermediate nodes) is now optional, but if they are configured to process the header, and if such nodes encounter an option with the first two bits set to 01, they will drop the packet (if they conform to ). Host systems should do the same, irrespective of the configuration. Based on That, if an IPv6 (intermediate) node (RPL-not-capable) receives a packet with an RPL Option, it should ignore the HBH RPL option (skip over this option and continue processing the header). Thus, this document updates the Option Type field to: the two high order bits MUST be set to '00' and the third bit is equal to '1'. The first two bits indicate that the IPv6 node MUST skip over this option and continue processing the header ( Section 4.2) if it doesn't recognize the option type, and the third bit continues to be set to indicate that the Option Data may change en route. The remaining bits serve as the option type and remain as 0x3. This ensures that a packet that leaves the RPL domain of an LLN (or that leaves the LLN entirely) will not be discarded when it contains the [RFC6553] RPL Hop-by-Hop option known as RPI. This is a significant update to .

This change creates a flag day for existing networks which are currently using 0x63 as the RPI value. A move to 0x23 will not be understood by those networks. It is suggested that implementations accept both 0x63 and 0x23 when processing. When forwarding packets, implementations SHOULD use the same value as it was received. When originating new packets, implementations SHOULD have an option to determine which value to originate with, this option is controlled by the DIO option described below. A network which is switching from straight 6lowpan compression mechanism to those described in will experience a flag day in the data compression anyway, and if possible this change can be deployed at the same time.

RPI-6LoRH header provides a compressed form for the RPL RPI . It should be considered when the Option Type in RPL Option is decompressed, should take the value of 0x23 instead of 0x63.

In order to avoid a flag day caused by lack of interoperation between new RPI (0x23) and old RPI (0x63) nodes, when there is a mix of new nodes and old nodes, the new nodes may be put into a compatibilit mode until all of the old nodes are replaced or upgraded. This can be done via a DODAG Configuration Option flag which will propogate through the network. Failure to receive this information will cause new nodes to remain in compatibility mode, and originate traffic with the old-RPI (0x63) value. As stated in the DODAG Configuration option is present in DIO messages. The DODAG Configuration option distributes configuration information. It is generally static, and does not change within the DODAG. This information is configured at the DODAG root and distributed throughout the DODAG with the DODAG Configuration option. Nodes other than the DODAG root do not modify this information when propagating the DODAG Configuration option. The DODAG Configuration Option is as follows. The Flag field is the interesting field. The remaining fields states as defined in . Flags: The 4-bits remaining unused in the Flags field are reserved for flags. The field MUST be initialized to zero by the sender and MUST be ignored by the receiver.

Bit number three of flag field in the DODAG Configuration option is to be used as follows:

In case of rebooting, the DIO is sent with flag indicating the new RPI value.

A RPL network in general is composed of a 6LBR (6LoWPAN Border Router), Backbone Router (6BBR), 6LR (6LoWPAN Router) and 6LN (6LoWPAN Node) as leaf logically organized in a DODAG structure. (Destination Oriented Directed Acyclic Graph). RPL defines the RPL Control messages (control plane), a new ICMPv6 message with Type 155. DIS (DODAG Information Solicitation), DIO (DODAG Information Object) and DAO (Destination Advertisement Object) messages are all RPL Control messages but with different Code values. A RPL Stack is showed in Figure 1. RPL supports two modes of Downward traffic: in storing mode (RPL-SM), it is fully stateful; in non-storing (RPL-NSM), it is fully source routed. A RPL Instance is either fully storing or fully non-storing, i.e. a RPL Instance with a combination of storing and non-storing nodes is not supported with the current specifications at the time of writing this document.

| |--+ +--- ---+ | +-------+ | | +-------+ | | | | | | | | | | | | | | | | | | D | E | | +-|-----+ +---|---+ | | | 6LR | | 6LR | | | | | +------ | | | +---|---+ | +---|---+ | | | | | | | | | +--+ | | | | | | | | | | | | | | | I | J | F | | G | H | | +-----+-+ +-|-----+ +---|--+ +---|---+ +---|---+ | Raf | | ~Raf | | Raf | | Raf | | ~Raf | | 6LN | | 6LN | | 6LN | | 6LN | | 6LN | +-------+ +-------+ +------+ +-------+ +-------+ ]]> Figure 2 shows the reference RPL Topology for this document. The letters above the nodes are there so that they may be referenced in subsequent sections. In the figure, 6LR represents a full router node. The 6LN is a RPL aware router, or host. But, the 6LN leaves (Raf - "RPL aware leaf"-) marked as (F, H and I) are RPL nodes with no children hosts. The leafs marked as ~Raf "not-RPL aware leaf" (G and J) are devices which do not speak RPL at all (not-RPL-aware), but uses Router-Advertisements, 6LowPAN DAR/DAC and efficient-ND only to participate in the network . In the document these leafs (G and J) are also refered to as an IPv6 node. The 6LBR ("A") in the figure is the root of the Global DODAG.

In the data plane a combination of RFC6553, RFC6554 and IPv6-in-IPv6 encapsulation are going to be analyzed for a number of representative traffic flows. This document assumes that the LLN is using the no-drop RPI option (0x23). The uses cases describe the communication between RPL-aware-nodes, with the root (6LBR), and with Internet. This document also describe the communication between nodes acting as leaves that do not understand RPL, but are part of the LLN. We name these nodes as not-RPL-aware-leaf. (e.g. Flow from not-RPL-aware-leaf to root) We describe also how is the communication inside of the LLN when it has the final destination addressed outside of the LLN e.g. with destination to Internet. (e.g. Flow from not-RPL-aware-leaf to Internet) The uses cases comprise as follow: Interaction between Leaf and Root: RPL-aware-leaf to root root to RPL-aware-leaf not-RPL-aware-leaf to root root to not-RPL-aware-leaf Interaction between Leaf and Internet: RPL-aware-leaf to Internet Internet to RPL-aware-leaf not-RPL-aware-leaf to Internet Internet to not-RPL-aware-leaf Interaction between Leafs: RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) RPL-aware-leaf to not-RPL-aware-leaf (non-storing) not-RPL-aware-leaf to RPL-aware-leaf (storing and non-storing) not-RPL-aware-leaf to not-RPL-aware-leaf (non-storing) This document is consistent with the rule that a Header cannot be inserted or removed on the fly inside an IPv6 packet that is being routed. This is a fundamental precept of the IPv6 architecture as outlined in . Extensions may not be added or removed except by the sender or the receiver. However, unlike , the Hop-by-Hop Option Header used for the RPI artifact has the first two bits set to '00'. This means that the RPI artifact will be ignored when received by a host or router that does not understand that option ( Section 4.2 ). This means that when the no-drop RPI option code 0x23 is used, a packet that leaves the RPL domain of an LLN (or that leaves the LLN entirely) will not be discarded when it contains the [RFC6553] RPL Hop-by-Hop option known as RPI. Thus, the RPI Hop-by-Hop option MAY be left in place even if the end host does not understand it. NOTE: There is some possible security risk when the RPI information is released to the Internet. At this point this is a theoretical situation; no clear attack has been described. At worst, it is clear that the RPI option would waste some network bandwidth when it escapes. This is traded off against the savings in the LLN by not having to encapsulate the packet in order to remove the artifact. Despite being legal to leave the RPI artifact in place, an intermediate router that needs to add an extension header (SHR3 or RPI Option) MUST still encapsulate the packet in an (additional) outer IP header. The new header is placed after this new outer IP header. A corollory is that an SHR3 or RPI Option can only be removed by an intermediate router if it is placed in an encapsulating IPv6 Header, which is addressed TO the intermediate router. When it does so, the whole encapsulating header must be removed. (A replacement may be added). This sometimes can result in outer IP headers being addressed to the next hop router using link-local addresses. Both RPI and RH3 headers may be modified in very specific ways by routers on the path of the packet without the need to add to remove an encapsulating header. Both headers were designed with this modification in mind, and both the RPL RH and the RPL option are marked mutable but recoverable: so an IPsec AH security header can be applied across these headers, but it can not secure the values which mutate. RPI should be present in every single RPL data packet. There is one exception in non-storing mode: when a packet is going down from the root. In a downward non-storing mode, the entire route is written, so there can be no loops by construction, nor any confusion about which forwarding table to use (as the root has already made all routing decisions). However, there are still cases, such as in 6tisch, where the instanceID portion of the RPI header may still be needed to pick an appropriate priority or channel at each hop. In the tables present in this document, the term "RPL aware leaf" is has been shortened to "Raf", and "not-RPL aware leaf" has been shortened to "~Raf" to make the table fit in available space. The earlier examples are more extensive to make sure that the process is clear, while later examples are more concise.

In storing mode (fully stateful), the sender can determine if the destination is inside the LLN by looking if the destination address is matched by the DIO's PIO option. The following table itemizes which headers are needed in the following scenarios, and indicates if the IP-in-IP header must be inserted on a hop-by-hop basis, or when it can target the destination node directly. There are these possible situations: hop-by-hop necessary (indicated by "hop"), or destination address possible (indicated by "dst"). In all cases hop by hop MAY be used. In cases where no IP-in-IP header is needed, the column is left blank. In all cases the RPI headers are needed, since it identifies inconsistencies (loops) in the routing topology. In all cases the RH3 is not need because we do not indicate the route in storing mode. In each case, 6LR_i are the intermediate routers from source to destination. "1 <= i >= n", n is the number of routers (6LR) that the packet go through from source (6LN) to destination. The leaf can be a router 6LR or a host, both indicated as 6LN (see ).

In this section we are going to describe the communication flow in storing mode (SM) between, RPL-aware-leaf to root root to RPL-aware-leaf not-RPL-aware-leaf to root root to not-RPL-aware-leaf

In storing mode, RFC 6553 (RPI) is used to send RPL Information instanceID and rank information. As stated in Section 16.2 of an RPL-aware-leaf node does not generally issue DIO messages; a leaf node accepts DIO messages from upstream. (When the inconsistency in routing occurs, a leaf node will generate a DIO with an infinite rank, to fix it). It may issue DAO and DIS messages though it generally ignores DAO and DIS messages. In this case the flow comprises: RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) For example, a communication flow could be: Node F --> Node E --> Node B --> Node A root(6LBR) As it was mentioned in this document 6LRs, 6LBR are always full-fledged RPL routers. The 6LN (Node F) inserts the RPI header, and sends the packet to 6LR (Node E) which decrements the rank in RPI and sends the packet up. When the packet arrives at 6LBR (Node A), the RPI is removed and the packet is processed. No IP-in-IP header is required. The RPI header can be removed by the 6LBR because the packet is addressed to the 6LBR. The 6LN must know that it is communicating with the 6LBR to make use of this scenario. The 6LN can know the address of the 6LBR because it knows the address of the root via the DODAGID in the DIO messages. Header 6LN 6LR_i 6LBR Inserted headers RPI -- -- Removed headers -- -- RPI Re-added headers -- -- -- Modified headers -- RPI -- Untouched headers -- -- --

In this case the flow comprises: root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) For example, a communication flow could be: Node A root(6LBR) --> Node B --> Node D --> Node F In this case the 6LBR inserts RPI header and sends the packet down, the 6LR is going to increment the rank in RPI (it examines the instanceID to identify the right forwarding table), the packet is processed in the 6LN and the RPI removed. No IP-in-IP header is required. Header 6LBR 6LR_i 6LN Inserted headers RPI -- -- Removed headers -- -- RPI Re-added headers -- -- -- Modified headers -- RPI -- Untouched headers -- -- --

In this case the flow comprises: root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) For example, a communication flow could be: Node A root(6LBR) --> Node B --> Node E --> Node G As the RPI extension can be ignored by the not-RPL-aware leaf, this situation is identical to the previous scenario. Header 6LBR 6LR_i IPv6 Inserted headers RPI -- -- Removed headers -- -- -- Re-added headers -- -- -- Modified headers -- RPI -- Untouched headers -- -- RPI (Ignored)

In this case the flow comprises: not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) For example, a communication flow could be: Node G --> Node E --> Node B --> Node A root(6LBR) When the packet arrives from IPv6 node (Node G) to 6LR_1 (Node E), the 6LR_1 will insert a RPI header, encapsuladed in a IPv6-in-IPv6 header. The IPv6-in-IPv6 header can be addressed to the next hop (Node B), or to the root (Node A). The root removes the header and processes the packet. Header IPv6 6LR_1 6LR_i 6LBR Inserted headers -- IP-in-IP(RPI) -- -- Removed headers -- -- -- IP-in-IP(RPI) Re-added headers -- -- -- -- Modified headers -- -- IP-in-IP(RPI) -- Untouched headers -- -- -- --

In this section we are going to describe the communication flow in storing mode (SM) between, RPL-aware-leaf to Internet Internet to RPL-aware-leaf not-RPL-aware-leaf to Internet Internet to not-RPL-aware-leaf

RPL information from RFC 6553 MAY go out to Internet as it will be ignored by nodes which have not been configured to be RPI aware. In this case the flow comprises: RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet For example, the communication flow could be: Node F --> Node D --> Node B --> Node A root(6LBR) --> Internet No IP-in-IP header is required. Note: In this use case we use a node as leaf, but this use case can be also applicable to any RPL-node type (e.g. 6LR) Header 6LN 6LR_i 6LBR Internet Inserted headers RPI -- -- -- Removed headers -- -- -- -- Re-added headers -- -- -- -- Modified headers -- RPI -- -- Untouched headers -- -- RPI RPI (Ignored)

In this case the flow comprises: Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) For example, a communication flow could be: Internet --> Node A root(6LBR) --> Node B --> Node D --> Node F When the packet arrives from Internet to 6LBR the RPI header is added in a outer IPv6-in-IPv6 header and sent to 6LR, which modifies the rank in the RPI. When the packet arrives at 6LN the RPI header is removed and the packet processed. Header Internet 6LBR 6LR_i 6LN Inserted headers -- IP-in-IP(RPI) -- -- Removed headers -- -- -- IP-in-IP(RPI) Re-added headers -- -- -- -- Modified headers -- -- IP-in-IP(RPI) -- Untouched headers -- -- -- --

In this case the flow comprises: not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet For example, a communication flow could be: Node G --> Node E --> Node B --> Node A root(6LBR) --> Internet The 6LR_1 (i=1) node will add an IP-in-IP(RPI) header addressed either to the root, or hop-by-hop such that the root can remove the RPI header before passing upwards. (EDNOTE: we SHOULD recommend one or the other) The originating node will ideally leave the IPv6 flow label as zero so that the packet can be better compressed through the LLN. The 6LBR will set the flow label of the packet to a non-zero value when sending to the Internet. Header IPv6 6LR_1 6LR_i [i=2,..,n]_ 6LBR Internet Inserted headers -- IP-in-IP(RPI) -- -- -- Removed headers -- -- -- IP-in-IP(RPI) -- Re-added headers -- -- -- -- -- Modified headers -- -- IP-in-IP(RPI) -- -- Untouched headers -- -- -- -- --

In this case the flow comprises: Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) For example, a communication flow could be: Internet --> Node A root(6LBR) --> Node B --> Node E --> Node G The 6LBR will have to add an RPI header within an IP-in-IP header. The IP-in-IP is addressed to the not-RPL-aware-leaf, leaving the RPI inside. Note that there is a requirement that the final node be able to remove one or more IPIP headers which are all addressed to it. (EDNOTE: this should go into ) The 6LBR MAY set the flow label on the inner IP-in-IP header to zero in order to aid in compression. Header Internet 6LBR 6LR_i IPv6 Inserted headers -- IP-in-IP(RPI) -- -- Removed headers -- -- -- -- Re-added headers -- -- -- -- Modified headers -- -- IP-in-IP(RPI) -- Untouched headers -- -- -- RPI (Ignored)

In this section we are going to describe the communication flow in storing mode (SM) between, RPL-aware-leaf to RPL-aware-leaf RPL-aware-leaf to not-RPL-aware-leaf not-RPL-aware-leaf to RPL-aware-leaf not-RPL-aware-leaf to not-RPL-aware-leaf

In RPL allows a simple one-hop optimization for both storing and non-storing networks. A node may send a packet destined to a one-hop neighbor directly to that node. See section 9 in . When the nodes are not directly connected, then in storing mode, the flow comprises: 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> 6LN For example, a communication flow could be: Node F --> Node D --> Node B --> Node E --> Node H 6LR_ia (Node D) are the intermediate routers from source to the common parent (6LR_x) (Node B) In this case, "1 <= ia >= n", n is the number of routers (6LR) that the packet go through from 6LN (Node F) to the common parent (6LR_x). 6LR_id (Node E) are the intermediate routers from the common parent (6LR_x) (Node B) to destination 6LN (Node H). In this case, "1 <= id >= m", m is the number of routers (6LR) that the packet go through from the common parent (6LR_x) to destination 6LN. It is assume that the two nodes are in the same RPL Domain (that they share the same DODAG root). At the common parent (Node B), the direction of RPI is changed (from increasing to decreasing the rank). While the 6LR nodes will update the RPI, no node needs to add or remove the RPI, so no IP-in-IP headers are necessary. This may be done regardless of where the destination is, as the included RPI will be ignored by the receiver. Header 6LN src 6LR_ia 6LR_x (common parent) 6LR_id 6LN dst Inserted headers RPI -- -- -- -- Removed headers -- -- -- -- RPI Re-added headers -- -- -- -- -- Modified headers -- RPI RPI RPI -- Untouched headers -- -- -- -- --

In this case the flow comprises: 6LN --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> not-RPL-aware 6LN (IPv6) For example, a communication flow could be: Node F --> Node D --> Node B --> Node E --> Node G 6LR_ia are the intermediate routers from source (6LN) to the common parent (6LR_x) In this case, "1 <= ia >= n", n is the number of routers (6LR) that the packet go through from 6LN to the common parent (6LR_x). 6LR_id (Node E) are the intermediate routers from the common parent (6LR_x) (Node B) to destination not-RPL-aware 6LN (IPv6) (Node G). In this case, "1 <= id >= m", m is the number of routers (6LR) that the packet go through from the common parent (6LR_x) to destination 6LN. This situation is identical to the previous situation Header 6LN src 6LR_ia 6LR_x(common parent) 6LR_id IPv6 Inserted headers RPI -- -- -- -- Removed headers -- -- -- -- RPI Re-added headers -- -- -- -- -- Modified headers -- RPI RPI RPI -- Untouched headers -- -- -- -- RPI(Ignored)

In this case the flow comprises: not-RPL-aware 6LN (IPv6) --> 6LR_ia --> common parent (6LR_x) --> 6LR_id --> 6LN For example, a communication flow could be: Node G --> Node E --> Node B --> Node D --> Node F 6LR_ia (Node E) are the intermediate routers from source (not-RPL-aware 6LN (IPv6)) (Node G) to the common parent (6LR_x) (Node B). In this case, "1 <= ia >= n", n is the number of routers (6LR) that the packet go through from source to the common parent. 6LR_id (Node D) are the intermediate routers from the common parent (6LR_x) (Node B) to destination 6LN (Node F). In this case, "1 <= id >= m", m is the number of routers (6LR) that the packet go through from the common parent (6LR_x) to destination 6LN. The 6LR_ia (ia=1) (Node E) receives the packet from the the IPv6 node (Node G) and inserts and the RPI header encapsulated in IPv6-in-IPv6 header. The IP-in-IP header is addressed to the destination 6LN (Node F). Header IPv6 6LR_ia common parent (6LRx) 6LR_id 6LN Inserted headers -- IP-in-IP(RPI) -- -- -- Removed headers -- -- -- -- IP-in-IP(RPI) Re-added headers -- -- -- -- -- Modified headers -- -- IP-in-IP(RPI) IP-in-IP(RPI) -- Untouched headers -- -- -- -- --

In this case the flow comprises: not-RPL-aware 6LN (IPv6 src)--> 6LR_1--> 6LR_ia --> 6LR_id --> not-RPL-aware 6LN (IPv6 dst) For example, a communication flow could be: Node G --> Node E --> Node B --> Node A (root) --> Node C --> Node J Internal nodes 6LR_ia (e.g: Node E or Node B) are the intermediate routers from the not-RPL-aware source (Node G) to the root (6LBR) (Node A). In this case, "1 < ia >= n", n is the number of routers (6LR) that the packet go through from IPv6 src to the root. 6LR_id (C) are the intermediate routers from the root (Node A) to the destination Node J. In this case, "1 <= id >= m", m is the number of routers (6LR) that the packet go through from the root to destination (IPv6 dst). Note that this flow is identical to , except for where the IPIP header is inserted. The 6LR_1 (Node E) receives the packet from the the IPv6 node (Node G) and inserts the RPI header (RPIa), encapsulated in an IPv6-in-IPv6 header. The IPv6-in-IPv6 header is addressed to the final destination. Header IPv6 src 6LR_1 6LR_ia 6LR_m IPv6 dst Inserted headers -- IP-in-IP(RPI) -- -- -- Removed headers -- -- -- -- -- Re-added headers -- -- -- -- -- Modified headers -- -- IP-in-IP(RPI) IP-in-IP(RPI) -- Untouched headers -- -- -- -- --

In Non Storing Mode (Non SM) (fully source routed), the 6LBR (DODAG root) has complete knowledge about the connectivity of all DODAG nodes, and all traffic flows through the root node. Thus, there is no need for all nodes to know about the existence of non-RPL aware nodes. Only the 6LBR needs to act if compensation is necessary for non-RPL aware receivers. The following table summarizes what headers are needed in the following scenarios, and indicates when the RPI, RH3 and IP-in-IP header must be inserted. There are these possible situations: destination address possible (indicated by "dst"), to a 6LR, to a 6LN or to the root. In cases where no IP-in-IP header is needed, the column is left blank. The leaf can be a router 6LR or a host, both indicated as 6LN (Figure 3).

In this section we are going to describe the communication flow in Non Storing Mode (Non-SM) between, RPL-aware-leaf to root root to RPL-aware-leaf not-RPL-aware-leaf to root root to not-RPL-aware-leaf

In non-storing mode the leaf node uses default routing to send traffic to the root. The RPI header must be included to avoid/detect loops. RPL-aware-leaf (6LN) --> 6LR_i --> root(6LBR) For example, a communication flow could be: Node F --> Node D --> Node B --> Node A (root) 6LR_i are the intermediate routers from source to destination. In this case, "1 <= i >= n", n is the number of routers (6LR) that the packet go through from source (6LN) to destination (6LBR). This situation is the same case as storing mode. Header 6LN 6LR_i 6LBR Inserted headers RPI -- -- Removed headers -- -- RPI Re-added headers -- -- -- Modified headers -- RPI -- Untouched headers -- -- --

In this case the flow comprises: root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) For example, a communication flow could be: Node A (root) --> Node B --> Node D --> Node F 6LR_i are the intermediate routers from source to destination. In this case, "1 <= i >= n", n is the number of routers (6LR) that the packet go through from source (6LBR) to destination (6LN). The 6LBR will insert an RH3, and may optionally insert an RPI header. No IP-in-IP header is necessary as the traffic originates with an RPL aware node, the 6LBR. The destination is known to RPL-aware because, the root knows the whole topology in non-storing mode. Header 6LBR 6LR_i 6LN Inserted headers (opt: RPI), RH3 -- -- Removed headers -- -- RH3,RPI Re-added headers -- -- -- Modified headers -- RH3 -- Untouched headers -- -- --

In this case the flow comprises: root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) For example, a communication flow could be: Node A (root) --> Node B --> Node E --> Node G 6LR_i are the intermediate routers from source to destination. In this case, "1 <= i >= n", n is the number of routers (6LR) that the packet go through from source (6LBR) to destination (IPv6). In 6LBR the RH3 is added, it is modified at each intermediate 6LR (6LR_1 and so on) and it is fully consumed in the last 6LR (6LR_n), but left there. If RPI is left present, the IPv6 node which does not understand it will ignore it (following 2460bis), thus encapsulation is not necesary. Due the complete knowledge of the topology at the root, the 6LBR may optionally address the IP-in-IP header to the last 6LR, such that it is removed prior to the IPv6 node. Header 6LBR 6LR_i(i=1) 6LR_n(i=n) IPv6 Inserted headers (opt: RPI), RH3 -- -- -- Removed headers -- RH3 -- -- Re-added headers -- -- -- -- Modified headers -- (opt: RPI), RH3 (opt: RPI), RH3 -- Untouched headers -- -- -- RPI

In this case the flow comprises: not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i --> root (6LBR) For example, a communication flow could be: Node G --> Node E --> Node B --> Node A (root) 6LR_i are the intermediate routers from source to destination. In this case, "1 < i >= n", n is the number of routers (6LR) that the packet go through from source (IPv6) to destination (6LBR). For example, 6LR_1 (i=1) is the router that receives the packets from the IPv6 node. In this case the RPI is added by the first 6LR (6LR1) (Node E), encapsulated in an IP-in-IP header, and is modified in the following 6LRs. The RPI and entire packet is consumed by the root. Header IPv6 6LR_1 6LR_i 6LBR Inserted headers -- IP-in-IP(RPI) -- -- Removed headers -- -- -- IP-in-IP(RPI) Re-added headers -- -- -- -- Modified headers -- -- IP-in-IP(RPI) -- Untouched headers -- -- -- --

This section will describe the communication flow in Non Storing Mode (Non-SM) between: RPL-aware-leaf to Internet Internet to RPL-aware-leaf not-RPL-aware-leaf to Internet Internet to not-RPL-aware-leaf

In this case the flow comprises: RPL-aware-leaf (6LN) --> 6LR_i --> root (6LBR) --> Internet For example, a communication flow could be: Node F --> Node D --> Node B --> Node A --> Internet 6LR_i are the intermediate routers from source to destination. In this case, "1 <= i >= n", n is the number of routers (6LR) that the packet go through from source (6LN) to 6LBR. This case is identical to storing-mode case. The IPv6 flow label should be set to zero to aid in compression, and the 6LBR will set it to a non-zero value when sending towards the Internet. Header 6LN 6LR_i 6LBR Internet Inserted headers RPI -- -- -- Removed headers -- -- -- -- Re-added headers -- -- -- -- Modified headers -- RPI -- -- Untouched headers -- -- RPI RPI (Ignored)

In this case the flow comprises: Internet --> root (6LBR) --> 6LR_i --> RPL-aware-leaf (6LN) For example, a communication flow could be: Internet --> Node A (root) --> Node B --> Node D --> Node F 6LR_i are the intermediate routers from source to destination. In this case, "1 <= i >= n", n is the number of routers (6LR) that the packet go through from 6LBR to destination(6LN). The 6LBR must add an RH3 header. As the 6LBR will know the path and address of the target node, it can address the IP-in-IP header to that node. The 6LBR will zero the flow label upon entry in order to aid compression. The RPI may be added or not as required by networks such as 6tisch. The RPI is unnecessary for loop detection. Header Internet 6LBR 6LR_i 6LN Inserted headers -- IP-in-IP (RH3,opt:RPI) -- -- Removed headers -- -- -- IP-in-IP (RH3,opt:RPI) Re-added headers -- -- -- -- Modified headers -- -- IP-in-IP (RH3,opt:RPI) -- Untouched headers -- -- -- --

In this case the flow comprises: not-RPL-aware-leaf (IPv6) --> 6LR_1 --> 6LR_i -->root (6LBR) --> Internet For example, a communication flow could be: Node G --> Node E --> Node B --> Node A --> Internet 6LR_i are the intermediate routers from source to destination. In this case, "1 < i >= n", n is the number of routers (6LR) that the packet go through from source(IPv6) to 6LBR. e.g 6LR_1 (i=1). In this case the flow label is recommended to be zero in the IPv6 node. As RPL headers are added in the IPv6 node, the first 6LR (6LR_1) will add an RPI header inside a new IP-in-IP header. The IP-in-IP header will be addressed to the root. This case is identical to the storing-mode case (see ). Header IPv6 6LR_1 6LR_i [i=2,..,n]_ 6LBR Internet Inserted headers -- IP-in-IP (RPI) -- -- -- Removed headers -- -- -- IP-in-IP (RPI) -- Re-added headers -- -- -- -- -- Modified headers -- -- IP-in-IP (RPI) -- -- Untouched headers -- -- -- -- --

In this case the flow comprises: Internet --> root (6LBR) --> 6LR_i --> not-RPL-aware-leaf (IPv6) For example, a communication flow could be: Internet --> Node A (root) --> Node B --> Node E --> Node G 6LR_i are the intermediate routers from source to destination. In this case, "1 < i >= n", n is the number of routers (6LR) that the packet go through from 6LBR to not-RPL-aware-leaf (IPv6). The 6LBR must add an RH3 header inside an IP-in-IP header. The 6LBR will know the path, and will recognize that the final node is not an RPL capable node as it will have received the connectivity DAO from the nearest 6LR. The 6LBR can therefore make the IP-in-IP header destination be the last 6LR. The 6LBR will set to zero the flow label upon entry in order to aid compression. Header Internet 6LBR 6LR_1 6LR_i(i=2,..,n) IPv6 Inserted headers -- IP-in-IP (RH3, opt:RPI) -- -- -- Removed headers -- -- -- IP-in-IP (RH3,RPI) -- Re-added headers -- -- -- -- -- Modified headers -- -- IP-in-IP (RH3,RPI) IP-in-IP (RH3,RPI) -- Untouched headers -- -- -- -- RPI

In this section we are going to describe the communication flow in Non Storing Mode (Non-SM) between, RPL-aware-leaf to RPL-aware-leaf RPL-aware-leaf to not-RPL-aware-leaf not-RPL-aware-leaf to RPL-aware-leaf not-RPL-aware-leaf to not-RPL-aware-leaf

In this case the flow comprises: 6LN src --> 6LR_ia --> root (6LBR) --> 6LR_id --> 6LN dst For example, a communication flow could be: Node F --> Node D --> Node B --> Node A (root) --> Node B --> Node E --> Node H 6LR_ia are the intermediate routers from source to the root In this case, "1 <= ia >= n", n is the number of routers (6LR) that the packet go through from 6LN to the root. 6LR_id are the intermediate routers from the root to the destination. In this case, "1 <= ia >= m", m is the number of the intermediate routers (6LR). This case involves only nodes in same RPL Domain. The originating node will add an RPI header to the original packet, and send the packet upwards. The originating node SHOULD put the RPI into an IP-in-IP header addressed to the root, so that the 6LBR can remove that header. If it does not, then additional resources are wasted on the way down to carry the useless RPI option. The 6LBR will need to insert an RH3 header, which requires that it add an IP-in-IP header. It SHOULD be able to remove the RPI, as it was contained in an IP-in-IP header addressed to it. Otherwise, there MAY be an RPI header buried inside the inner IP header, which should get ignored. Networks that use the RPL P2P extension are essentially non-storing DODAGs and fall into this scenario or scenario , with the originating node acting as 6LBR. Header 6LN src 6LR_ia 6LBR 6LR_id 6LN dst Inserted headers IP-in-IP (RPI1) -- IP-in-IP (RH3->6LN, opt RPI2) -- -- Removed headers -- -- IP-in-IP (RPI1) -- IP-in-IP (RH3, opt RPI2) Re-added headers -- -- -- -- -- Modified headers -- RPI1 -- RPI2 -- Untouched headers -- -- -- -- --

In this case the flow comprises: 6LN --> 6LR_ia --> root (6LBR) --> 6LR_id --> not-RPL-aware (IPv6) For example, a communication flow could be: Node F --> Node D --> Node B --> Node A (root) --> Node B --> Node E --> Node G 6LR_ia are the intermediate routers from source to the root In this case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 6LR_id are the intermediate routers from the root to the destination. In this case, "1 <= ia >= m", m is the number of the intermediate routers (6LR). As in the previous case, the 6LN will insert an RPI (RPI_1) header which MUST be in an IP-in-IP header addressed to the root so that the 6LBR can remove this RPI. The 6LBR will then insert an RH3 inside a new IP-in-IP header addressed to the 6LN destination node. The RPI is optional from 6LBR to 6LR_id (RPI_2). Header 6LN 6LR_1 6LBR 6LR_id IPv6 Inserted headers IP-in-IP (RPI1) -- IP-in-IP (RH3, opt RPI_2) -- -- Removed headers -- -- IP-in-IP (RPI_1) IP-in-IP (RH3, opt RPI_2) -- Re-added headers -- -- -- -- -- Modified headers -- IP-in-IP (RPI_1) -- IP-in-IP (RH3, opt RPI_2) -- Untouched headers -- -- -- -- opt RPI_2

In this case the flow comprises: not-RPL-aware 6LN (IPv6) --> 6LR_ia --> root (6LBR) --> 6LR_id --> 6LN For example, a communication flow could be: Node G --> Node E --> Node B --> Node A (root) --> Node B --> Node E --> Node H 6LR_ia are the intermediate routers from source to the root. In this case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 6LR_id are the intermediate routers from the root to the destination. In this case, "1 <= ia >= m", m is the number of the intermediate routers (6LR). This scenario is mostly identical to the previous one. The RPI is added by the first 6LR (6LR_1) inside an IP-in-IP header addressed to the root. The 6LBR will remove this RPI, and add it's own IP-in-IP header containing an RH3 header and optional RPI (RPI_2). Header IPv6 6LR_1 6LBR 6LR_id 6LN Inserted headers -- IP-in-IP (RPI_1) IP-in-IP (RH3, opt RPI_2) -- -- Removed headers -- -- IP-in-IP (RPI_1) -- IP-in-IP (RH3, opt RPI_2) Re-added headers -- -- -- -- -- Modified headers -- -- -- IP-in-IP (RH3, opt RPI_2) -- Untouched headers -- -- -- -- --

In this case the flow comprises: not-RPL-aware 6LN (IPv6 src)--> 6LR_ia --> root (6LBR) --> 6LR_id --> not-RPL-aware (IPv6 dst) For example, a communication flow could be: Node G --> Node E --> Node B --> Node A (root) --> Node C --> Node J 6LR_ia are the intermediate routers from source to the root. In this case, "1 <= ia >= n", n is the number of intermediate routers (6LR) 6LR_id are the intermediate routers from the root to the destination. In this case, "1 <= ia >= m", m is the number of the intermediate routers (6LR). This scenario is the combination of the previous two cases. Header IPv6 src 6LR_1 6LBR 6LR_id IPv6 dst Inserted headers -- IP-in-IP (RPI_1) IP-in-IP (RH3) -- -- Removed headers -- -- IP-in-IP (RPI_1) IP-in-IP (RH3, opt RPI_2) -- Re-added headers -- -- -- -- -- Modified headers -- -- -- -- -- Untouched headers -- -- -- -- --

shows that the hop-by-hop IP-in-IP header can be compressed using IP-in-IP 6LoRH (IP-in-IP-6LoRH) header as described in Section 7 of the document. There are potential significant advantages to having a single code path that always processes IP-in-IP headers with no options. Thanks to the change of the RPI option type from 0x63 to 0x23, there is no longer any uncertainty about when to use an IP-in-IP header in the storing mode. A Hop-by-Hop Options Header containing the RPI option SHOULD always be added when 6LRs originate packets (without IP-in-IP headers), and IP-in-IP headers should always be added (addressed to the root when on the way up, to the end-host when on the way down) when a 6LR find that it needs to insert a Hop-by-Hop Options Header containing the RPI option.

In the non-storing case, dealing with non-RPL aware leaf nodes is much easier as the 6LBR (DODAG root) has complete knowledge about the connectivity of all DODAG nodes, and all traffic flows through the root node. The 6LBR can recognize non-RPL aware leaf nodes because it will receive a DAO about that node from the 6LN immediately above that node. This means that the non-storing mode case can avoid ever using hop-by-hop IP-in-IP headers for traffic originating from the root to leafs. The non-storing mode case does not require the type change from 0x63 to 0x23, as the root can always create the right packet. The type change does not adversely affect the non-storing case.

The proposes a compression method for RPI, RH3 and IPv6-in-IPv6. In Storing Mode, for the examples of Flow from RPL-aware-leaf to non-RPL-aware-leaf and non-RPL-aware-leaf to non-RPL-aware-leaf comprise an IP-in-IP and RPI compression headers. The type of this case is critical since IP-in-IP is encapsulating a RPI header.

This document updates the registration made in Destination Options and Hop-by-Hop Options registry from 0x63 to 0x23.

The DODAG Configuration Option Flags in the DODAG Configuration option is updated as follows:

The security considerations covering of and apply when the packets get into RPL Domain. The IPIP mechanism described in this document is much more limited than the general mechanism described in . The willingness of each node in the LLN to decapsulate packets and forward them could be exploited by nodes to disguise the origin of an attack. Nodes outside of the LLN will need to pass IPIP traffic through the RPL root to perform this attack. To counter, the RPL root SHOULD either restrict ingress of IPIP packets (the simpler solution), or it SHOULD do a deep packet inspection wherein it walks the IP header extension chain until it can inspect the upper-layer-payload as described in . In particular, the RPL root SHOULD do BCP38 () processing on the source addresses of all IP headers that it examines in both directions. Note: there are some situations where a prefix will spread across multiple LLNs via mechanisms such as described in . In this case the BCP38 filtering needs to take this into account. Nodes with the LLN can use the IPIP mechanism to mount an attack on another part of the LLN, while disguising the origin of the attack. The mechanism can even be abused to make it appear that the attack is coming from outside the LLN, and unless countered, this could be used to mount a Distributed Denial Of Service attack upon nodes elsewhere in the Internet. See for an example of such attacks already seen in the real world. While a typical LLN may be a very poor origin for attack traffic (as the networks tend to be very slow, and the nodes often have very low duty cycles) given enough nodes, they could still have a significant impact, particularly if the attack was on another LLN! Additionally, some uses of RPL involve large backbone ISP scale equipment , which may be equipped with multiple 100Gb/s interfaces. Blocking or careful filtering of IPIP traffic entering the LLN as described above will make sure that any attack that is mounted must originate compromised nodes within the LLN. The use of BCP38 filtering at the RPL root on egress traffic will both alert the operator to the existence of the attack, as well as drop the attack traffic. As the RPL network is typically numbered from a single prefix, which is itself assigned by RPL, BCP38 filtering involves a single prefix comparison and should be trivial to automatically configure. There are some scenarios where IPIP traffic SHOULD be allowed to pass through the RPL root, such as the IPIP mediated communications between a new Pledge and the Join Registrar/Coordinator (JRC) when using and . This is the case for the RPL root to do careful filtering: it occurs only when the Join Coordinator is not co-located inside the RPL root. With the above precautions, an attack using IPIP tunnels will be by a node within the LLN on another node within the LLN. Such an attack could, of course, be done directly. An attack of this kind is meaningful only if the source addresses are either fake or if the point is to amplify return traffic. Such an attack, could also be done without the use of IPIP headers using forged source addresses. If the attack requires bi-directional communication, then IPIP provides no advantages. suggests that tunnel entry and exit points can be secured, via the "Use IPsec". This solution has all the problems that goes into. In an LLN such a solution would degenerate into every node having a tunnel with every other node. It would provide a small amount of origin address authentication at a very high cost; doing BCP38 at every node (linking layer-3 addresses to layer-2 addresses, and to already present layer-2 cryptographic mechanisms) would be cheaper should RPL be run in an environment where hostile nodes are likely to be a part of the LLN. The RH3 header usage described here can be abused in equivalent ways with an IPIP header to add the needed RH3 header. As such, the attacker's RH3 header will not be seen by the network until it reaches the end host, which will decapsulate it. An end-host SHOULD be suspicious about a RH3 header which has additional hops which have not yet been processed, and SHOULD ignore such a second RH3 header. In addition, the LLN will likely use to compress the IPIP and RH3 headers. As such, the compressor at the RPL-root will see the second RH3 header and MAY choose to discard the packet if the RH3 header has not been completely consumed. A consumed (inert) RH3 header could be present in a packet that flows from one LLN, crosses the Internet, and enters another LLN. As per the discussion in this document, such headers do not need to be removed. However, there is no case described in this document where an RH3 is inserted in a non-storing network on traffic that is leaving the LLN, but this document SHOULD NOT preclude such a future innovation. It should just be noted that an incoming RH3 must be fully consumed, or very carefully inspected. The RPI header, if permitted to enter the LLN, could be used by an attacker to change the priority of a packet by selecting a different RPL instanceID, perhaps one with a higher energy cost, for instance. It could also be that not all nodes are reachable in an LLN using the default instanceID, but a change of instanceID would permit an attacker to bypass such filtering. Like the RH3, an RPI header is to be inserted by the RPL root on traffic entering the LLN by first inserting an IPIP header. The attacker's RPI header therefore will not be seen by the network. Upon reaching the destination node the RPI header has no further meaning and is just skipped; the presence of a second RPI header will have no meaning to the end node as the packet has already been identified as being at it's final destination. The RH3 and RPI headers could be abused by an attacker inside of the network to route packets on non-obvious ways, perhaps eluding observation. This usage is in fact part of and can not be restricted at all. This is a feature, not a bug. deals with many other threats to LLNs not directly related to the use of IPIP headers, and this document does not change that analysis.

This work is partially funded by the FP7 Marie Curie Initial Training Network (ITN) METRICS project (grant agreement No. 607728). The authors would like to acknowledge the review, feedback, and comments of (alphabetical order): Robert Cragie, Simon Duquennoy, Ralph Droms, Cenk Gündogan, C. M. Heard, Rahul Jadhav, Matthias Kovatsch, Peter van der Stok, Xavier Vilajosana and Thomas Watteyne.