Network Working Group T. Clausen Internet-Draft A. Colin de Verdiere Intended status: Informational J. Yi Expires: April 30, 2015 LIX, Ecole Polytechnique U. Herberg Fujitsu Laboratories of America Y. Igarashi Hitachi, Ltd., Yokohama Research Laboratory October 27, 2014 Observations of RPL: IPv6 Routing Protocol for Low power and Lossy Networks draft-clausen-lln-rpl-experiences-09 Abstract With RPL - the "IPv6 Routing Protocol for Low-power Lossy Networks" - having been published as a Proposed Standard after a ~2-year development cycle, this document presents an evaluation of the resulting protocol, of its applicability, and of its limits. The documents presents a selection of observations of the protocol characteristics, exposes experiences acquired when producing various prototype implementations of RPL, and presents results obtained from testing this protocol - by way of network simulations, in network testbeds and in deployments. The document aims at providing a better understanding of possible limits of RPL, notably the possible directions that further protocol developments should explore, in order to address these. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on April 30, 2015. Clausen, et al. Expires April 30, 2015 [Page 1] Internet-Draft Observations of RPL October 2014 Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Clausen, et al. Expires April 30, 2015 [Page 2] Internet-Draft Observations of RPL October 2014 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. RPL Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. RPL Message Emission Timing - Trickle Timers . . . . . . . 7 4. Requirement Of DODAG Root . . . . . . . . . . . . . . . . . . 8 4.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 8 5. RPL Data Traffic Flows . . . . . . . . . . . . . . . . . . . . 9 5.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 11 6. Fragmentation Of RPL Control Messages And Data Packet . . . . 12 6.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 13 7. The DAO Mechanism: Downward and Point-to-Point Routes . . . . 15 7.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 15 8. Address Aggregation and Summarization . . . . . . . . . . . . 17 8.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 18 9. Link Bidirectionality Verification . . . . . . . . . . . . . . 19 9.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 19 10. Neighbor Unreachability Detection For Unidirectional Links . . 20 10.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 20 11. RPL Implementability and Complexity . . . . . . . . . . . . . 22 11.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 22 12. Underspecification . . . . . . . . . . . . . . . . . . . . . . 22 12.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 23 13. Protocol Convergence . . . . . . . . . . . . . . . . . . . . . 24 13.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 24 13.2. Caveat . . . . . . . . . . . . . . . . . . . . . . . . . . 25 14. Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 14.1. Observations . . . . . . . . . . . . . . . . . . . . . . . 25 15. Security Considerations . . . . . . . . . . . . . . . . . . . 27 16. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 17. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 27 18. Informative References . . . . . . . . . . . . . . . . . . . . 27 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 30 Clausen, et al. Expires April 30, 2015 [Page 3] Internet-Draft Observations of RPL October 2014 1. Introduction RPL - the "Routing Protocol for Low Power and Lossy Networks" [RFC6550] - is a proposal for an IPv6 routing protocol for Low-power Lossy Networks (LLNs), by the ROLL Working Group in the Internet Engineering Task Force (IETF). This routing protocol is intended to be the IPv6 routing protocol for LLNs and sensor networks, applicable in all kinds of deployments and applications of LLNs. The objective of RPL and ROLL is to provide routing in networks which "comprise up to thousands of nodes" [roll-charter], where the majority of the nodes have very constrained resources [RFC7102], and where handling mobility is not an explicit design criteria [RFC5867], [RFC5826], [RFC5673], [RFC5548]. [roll-charter] states that "Typical traffic patterns are not simply unicast flows (e.g. in some cases most if not all traffic can be point to multipoint)", and [RFC7102] further categorizes the supported traffic types into "upward" traffic from sensors to a collection sink or LBR (LLN Border Router) (denoted multipoint-to- point), "downward" traffic from the collection sink or LBR to the sensors (denoted point-to-multipoint) and traffic from "sensor to sensor" (denoted point-to-point traffic), and establishes this terminology for these traffic types. Thus, while the target for RPL and ROLL is to support all of these traffic types, the emphasis among these, according to [roll-charter], appears to be to optimize for multipoint-to-point traffic, while also supporting point-to- multipoint and point-to-point traffic. With experiences obtained since the publication of RPL as [RFC6550], it is opportune to document observations of the protocol, in order to understand which aspects of it work well and which necessitate further investigations. Understanding possible limitations is important to identify issues which may restrict the deployment scope of the protocol and which may need further protocol work or enhancements. The observations made in this document, except for when explicitly noted otherwise, do not depend on any specific implementation or deployment, but can be understood from simply analyzing the protocol specification [RFC6550]. That said, all observations made have been confirmed to also be present in, at least, some deployments or test platforms with RPL, i.e., have been experimentally confirmed. This document is explicitly not an implementation guidebook for RPL. It has as objective to document observations of behaviors of [RFC6550], in the spirit of better understanding the characteristics and limits of the protocol. Clausen, et al. Expires April 30, 2015 [Page 4] Internet-Draft Observations of RPL October 2014 2. Terminology This document uses the terminology and notation defined in [RFC6550]. Additionally, this document uses terminology from [RFC7102], specifically the terms defined for the traffic types "MP2P" (Multipoint-to-Point), "P2P" (Point To Point) and "P2MP" (Point-to- Multipoint). 3. RPL Overview The basic construct in RPL is a "Destination Oriented Directed Acyclic Graph" (DODAG), depicted in Figure 1, with a single router acting as DODAG Root. The DODAG Root has responsabilities in addition to those of other routers, including for initiating, configuring, and managing the DODAG, and (in some cases) acting as a central relay for traffic through and between routers in the LLN. (s) ^ ^ ^ / | \ (a) | (b) ^ (c) ^ / ^ (d) (f) | ^ ^ (e)--/ \ (g) Figure 1: RPL DODAG In an LLN, in which RPL has converged to a stable state, each router has identified a stable set of parents, each of which is a potential next-hop on a route towards the DODAG Root. One of the parents is selected as preferred parent. Each router, which is part of a DODAG (i.e., which has selected parents and a preferred parent) will emit DODAG Information Object (DIO) messages, using link-local multicast, indicating its respective rank in the DODAG (i.e., distance to the DODAG Root according to some metric(s), in the simplest form hop- count). Upon having received a (number of such) DIO messages, a router will calculate its own rank such that it is greater than the rank of each of its parents, select a preferred parent and then itself start emitting DIO messages. DODAG formation thus starts at the DODAG Root (initially, the only router which is part of a DODAG), and spreads gradually to cover the whole LLN as DIOs are received, parents and preferred parents are selected, and further routers participate in the DODAG. The DODAG Clausen, et al. Expires April 30, 2015 [Page 5] Internet-Draft Observations of RPL October 2014 Root also includes, in DIO messages, a DODAG Configuration Object, describing common configuration attributes for all routers in that network - including their mode of operation, timer characteristics etc. routers in a DODAG include a verbatim copy of the last received DODAG Configuration Object in their DIO messages, permitting also such configuration parameters propagating through the network. As a Distance Vector protocol, RPL restricts the ability for a router to change rank. A router can freely assume a smaller rank than previously advertised (i.e., logically move closer to the DODAG Root) if it discovers a parent advertising a lower rank, and must then disregard all previous parents of ranks higher than the router's new rank. The ability for a router to assume a greater rank (i.e., logically move farther from the DODAG Root) than previously advertised is restricted in order to avoid count-to-infinity problems. The DODAG Root can trigger "global recalculation" of the DODAG by increasing a sequence number, DODAG version, in DIO messages. The DODAG so constructed is used for installing routes: the "preferred parent" of a router can serve as a default route towards the DODAG Root, and the DODAG Root can embed in its DIO messages the destination prefixes, included by DIOs generated by routers through the LLN, to which connectivity is provided by the DODAG Root. Thus, RPL by way of DIO generation provides "upward routes" or "multipoint- to-point routes" from the sensors inside the LLN and towards the DODAG Root (and, possibly, to destinations reachable through the DODAG Root). "Downward routes" are enabled by having sensors issue Destination Advertisement Object (DAO) messages, propagating as unicast via preferred parents towards the DODAG Root. These describe which prefixes belong to, and can be reached via, which router. In a network, all routers must operate in either of storing mode or non- storing mode, specified by way of a "Mode of Operation" (MOP) flag in the DODAG Configuration Object from the DODAG Root. Those two modes are non-interoperable, i.e., a mixture of routers running in different modes is impossible in the same routing domain. Depending on the MOP, DAO messages are forwarded differently towards the DODAG Root: o In "non-storing mode", a router originates a DAO messages, advertising one or more of its parents, and unicasts these to the DODAG Root. Once the DODAG Root has received DAOs from a router, and from all routers on the route between it and the DODAG Root, it can use source routing for reaching advertised destinations inside the LLN. Clausen, et al. Expires April 30, 2015 [Page 6] Internet-Draft Observations of RPL October 2014 o In "storing mode", each router on the route between the originator of a DAO and the DODAG Root records a route to the prefixes advertised in the DAO, as well as the next-hop towards these (the router, from which the DAO was received), then forwards the DAO to its preferred parent. "Point-to-point routes", for communication between devices inside the LLN and where neither of the communicating devices are the DODAG Root, are as default supported by having the source sensor transmit a data packet, via its default route to the DODAG Root (i.e., using the upward routes), which will then, depending on the "Mode of Operation" for the DODAG, either add a source-route to the received data packet for reaching the destination sensor (downward routes in non-storing mode), or simply use hop-by-hop routing (downward routes in storing mode) for forwarding the data packet. In the case of storing mode, if the source and the destination for a point-to-point data packet share a common ancestor other than the DODAG Root, a downward route may be available in a router (and, thus, used) before the data packet reaches the DODAG Root. 3.1. RPL Message Emission Timing - Trickle Timers RPL message generation is timer-based, with the DODAG Root being able to configure back-off of message emission intervals using Trickle [RFC6206]. Trickle, as used in RPL, stipulates that a router transmits a DIO "every so often" - except if receiving a number of DIOs from neighbor routers, enabling the router to determine if its DIO transmission is redundant. When a router transmits a DIO, there are two possible outcomes: either every neighbor router that hears the message finds that the information contained is consistent with its own state (i.e., the received DODAG version number corresponds with that which the router has recorded, and no better rank is advertised than that which is recorded in the parent set) - or, a recipient router detects that either the sender of the DIO or itself has out-of-date information. If the sender has out-of-date information, then the recipient router schedules transmission of a DIO to update this information. If the recipient router has out-of-date information, then it updates based on the information received in the DIO. With Trickle, a router will schedule emission of a DIO at some time, t, in the future. When receiving a DIO containing information consistent with its own information, the router will record that "redundant information has been received" by incrementing a redundancy counter, c. At the time t, if c is below some "redundancy threshold", then it transmits its DIO. Otherwise, transmission of a DIO at this time is suppressed, c is reset and a new t is selected to Clausen, et al. Expires April 30, 2015 [Page 7] Internet-Draft Observations of RPL October 2014 twice as long time in the future - bounded by a pre-configured maximum value for t. If, on the other hand, the router has received an out-of-date DIO from one of its neighbors, t is reset to a pre- configured minimum value and c is set to zero. In both cases, at the expiration of t, the router will verify if c is below the "redundancy threshold" and if so transmit - otherwise, increase t and stay quiet. 4. Requirement Of DODAG Root As indicated in Section 3, the DODAG Root has both a special responsibility and is subject to special requirements. The DODAG Root is responsible for determining and maintaining the configuration parameters for the DODAG, and for initiating DIO emissions. The DODAG Root is also responsible (in both storing and non-storing mode) for being able to, when downward routes are supported, maintain sufficient topological information to be able to construct routes to all destinations in the network. When operating in non-storing mode, this entails that the DODAG Root is required to have sufficient memory and sufficient computational resources to be able to record a network graph containing all routes from itself and to all destinations and to calculate routes. When operating in storing mode, this entails that the DODAG Root needs enough memory to keep a list of all routers in the RPL instance, and a next hop for each of those routers. If aggregation is used, the memory requirements can be reduced in storing mode (see Section 8 for observations about aggregation in RPL). The DODAG Root is also required to have sufficient energy available so as to be able to ensure the relay functions required. This, especially for non-storing mode, where all data packets transit through the DODAG Root. 4.1. Observations In a given deployment, select routers can be provisioned with the required energy, memory and computational resources so as to serve as DODAG Roots, and be administratively configured as such - with the remainder of the routers in the network being of typically lesser capacity. In storing mode, the DODAG root needs to keep a routing entry for each router in the RPL instance. In non-storing mode, the resource requirements on the DODAG Root are likely much higher than in storing mode, as the DODAG Root needs to store a network graph containing complete routes to all destinations in the RPL instance, in order to calculate the routing table (whereas in storing mode, Clausen, et al. Expires April 30, 2015 [Page 8] Internet-Draft Observations of RPL October 2014 only the next hop for each destination in the RPL instance needs to be stored, and aggregation may be used to further reduce the resource requirements). A router provisioned with resources to act as a DODAG Root, and administratively configured to act as such, represents a single point of failure for the DODAG it serves. It is possible for a given RPL deployment to contain several DODAGs, each rooted in a border router. RPL also supports that several border routers participate in the same DODAG - with the caveat that in this case, a "virtual" DODAG root, external to the LLN, exists and which coordinates DODAGVersionNumbers and other DODAG parameters. The precise coordination mechanism is not specified in [RFC6550], which instead states that: The method of coordination is out of scope for this specification (to be defined in future companion specifications). As the memory requirements for the DODAG Root and for other routers are substantially different, unless all routers are provisioned with resources (memory, energy, ...) to act as DODAG Roots, effectively if the designated DODAG Root fails, the network fails and RPL is unable to operate. Even if electing another router as temporary DODAG Root (e.g., for forming a "Floating" DODAG) for providing internal connectivity between routers, this router may not have the necessary resources to satisfy this role as (temporary) DODAG Root. Thus, although in principle RPL provides, by way of "Floating DODAGs", protocol mechanisms for establishing a DODAG for providing internal connectivity even in case of failure of the administratively provisioned DODAG Root, all (or at least a large number) of the routers need to have resources to act as roots to support floating DODAG, especially in non-storing mode. Another possible LLN scenario is that only internal point-to-point connectivity is sought, and no router has a more "central" role than any other - a self-organizing LLN. In those cases, it would be hard to specify such "super-device" as DODAG root, and can result in non- optimal routes. 5. RPL Data Traffic Flows [RFC7102] defines three data traffic types: multipoint-to-point traffic, point-to-multipoint traffic, and point-to-point traffic. Multipoint-to-point traffic reflects telemetry flowing "from sensors to a sink", with point-to-multipoint traffic reflecting control (commands) "from a central authority to actuators". Clausen, et al. Expires April 30, 2015 [Page 9] Internet-Draft Observations of RPL October 2014 RPL is designed to support these three data traffic types, but in its doing so implicitly makes two assumptions regarding the targeted deployment scenarios: o Telemetry "from sensors to a sink" is common, control (commands) "from a central authority to actuators" is rare - and while traffic between two sensors is supported, it is extremely rare. o The "sink" and the "central authority" are co-located with, or reachable via, the DODAG root. While not specifically called out thus in [RFC6550], the resulting protocol design, however, reflects these assumptions in that the mechanism constructing multipoint-to-point routes is efficient in terms of control traffic generated and state required, point-to- multipoint route construction much less so - and point-to-point routes subject to potentially significant route stretch (routes going through the DODAG Root in non-storing mode) and over-the-wire overhead from using source routing (from the DODAG Root to the destination) (see Section 7) - or, in case of storing mode, considerable memory requirements in all LLN routers inside the network (see Section 7). A router selects from among its parents a "preferred parent", to serve as a default route towards the DODAG Root (and to prefixes advertised by the DODAG Root). Thus, RPL provides "upward routes" or "multipoint-to-point routes" from the routers below the DODAG Root and towards the DODAG Root. A router which wishes to act as a destination for data traffic ("downward routes" or "point-to-multipoint") issues DAOs upwards in the DODAG towards the DODAG Root, describing which prefixes belong to, and can be reached via, that router. Point-to-Point routes between routers below the DODAG Root are supported by having the source router transmit, via its default route, data traffic towards the DODAG Root. In non-storing mode, the data traffic will reach the DODAG Root, which will reflect the data traffic downward towards the destination router, adding a strict source routing header indicating the precise route for the data traffic to reach the intended destination router. In storing mode, the source and the destination may possibly (although, may also not) have a common ancestor other than the DODAG Root, which may provide a downward route to the destination before data traffic reaching the DODAG Root. Clausen, et al. Expires April 30, 2015 [Page 10] Internet-Draft Observations of RPL October 2014 5.1. Observations RPL is well suited for networks in which the sink for data traffic is co-located with, (or is outside the LLN and reachable via), the DODAG root. However, these data traffic characteristics does not represent a universal distribution of traffic types in LLNs. There are scenarios where the sink is not co-located with (or is outside the LLN and reachable via) the DODAG. These include: o Command/control networks in which sensor-to-sensor traffic is a more common occurrence, documented, e.g., in [RFC5867] ("Building Automation Routing Requirements in Low Power and Lossy Networks"). o Networks in which all traffic is bi-directional, e.g., in case sensor devices in the LLN are, in majority, "actively read": a request is issued by the DODAG Root to a specific sensor, and the sensor value is expected returned. In fact, unless all traffic in the LLN is unidirectional, without acknowledgements (e.g., as in UDP), and no control messages (e.g., for service discovery) or other data packets are sent from the DODAG Root to the routers, traffic will be bi-directional. The IETF protocol for use in constrained environments, CoAP [RFC7252], makes use of acknowledgements to control packet loss and ensure that packets are received by the packet destination. In the four message types defined for CoAP: confirmable, acknowledgement, reset and non- confirmable, the first three are dedicated for sending/ acknowledgement cycle. Another example is that the ZigBee Alliance SEP 2.0 specification [SEP2.0] (adopted by the IEEE) describes the use of HTTP over TCP over ZigBeeIP, between routers and the DODAG Root - and with the use of TCP inherently causing bidirectional traffic by way of data-packets and their corresponding acknowledgements. In fact, current Internet protocols generally require some form of acknowledgment, and foregoing an acknowledgment probably means a trade-off in the area of reliable transmission or repeated retransmissions or both. o Telemetry scenarios where there the DODAG root and the sink are not co-located. This can happen if different kinds of information are sent to different central authorities for processing: for example, temperature goes to Server A and humidity goes to Server B. A possible solution for RPL is to run several DADAGs with different roots, which incurs extra overhead. For scenarios where sensor-to-sensor traffic is a more common occurrence, all sensor-to-sensor routes include the DODAG Root, possibly causing congestions on the communication medium near the DODAG Root, and draining energy from the intermediate routers on an unnecessarily long route. If sensor-to-sensor traffic is common, Clausen, et al. Expires April 30, 2015 [Page 11] Internet-Draft Observations of RPL October 2014 routers near the DODAG Root will be particularly solicited as relays, especially in non-storing mode. For scenarios with bi-directional traffic, as there is no provision for on-demand generation of routing information from the DODAG Root to a proper subset of all routers, each router (besides the Root) is required to generate DAOs. In particular in non-storing mode, each router will unicast a DAO to the DODAG Root (whereas in storing mode, the DAOs propagate upwards towards the Root). The effects of the requirement to establish downward routes to all routers are: o Increased memory and processing requirements at the DODAG Root (in particular in non-storing mode) and in routers near the DODAG Root (in storing mode). o A considerable control traffic overhead [bidir], in particular at and near the DODAG Root, therefore: o Potentially congested channels, and: o Energy drain from the routers. 6. Fragmentation Of RPL Control Messages And Data Packet Some link layers used in LLNs, such as IEEE 802.15.4 [ieee802154], are unable to provide an MTU of at least 1280 octets - as otherwise required for IPv6 [RFC2460]. In such LLNs, link fragmentation and reassembly of IP packets at a layer below IPv6 is used to transport larger IP packets, providing the required minimum 1280 octet MTU [RFC4919]. When such link fragmentation is used, the IP packet has to be reassembled at every hop. Every fragment must be received successfully by the receiving device, or the entire IP packet is lost. Moreover, the additional link-layer frame overhead (and IPv6 Fragment header overhead in case of IP fragmentation) for each of the fragments increases the capacity required from the medium, and may consume more energy for transmitting a higher number of frames on the network interface. RPL is an IPv6 routing protocol, designed to operate on constrained link layers, such as [ieee802154], with a maximum frame size of 127 bytes - a much smaller value than the specified minimum MTU of 1280 bytes for IPv6 [RFC2460]. Reducing the need of fragmentation of IP datagrams on such a link layer, 6LoWPAN provides an adaptation layer [RFC4944], [RFC6282], providing link fragmentation in order to accommodate IPv6 packet transmissions over the maximum IEEE 802.15.4 Clausen, et al. Expires April 30, 2015 [Page 12] Internet-Draft Observations of RPL October 2014 frame size of 127 octets, as well as compressing the IPv6 header, reducing the overhead of the IPv6 header from at least 40 octets to a minimum of 2 octets. Given the IEEE 802.15.4 frame size of 127 octets, a maximum frame overhead of 25 octets and 21 octets for link layer security [RFC4944], 81 octets remain for L2 payload. Further subtracting 2 octets for the compressed IPv6 header leaves 79 octets for L3 data payload if link fragmentation is to be avoided. The second L in LLN indicating Lossy [roll-charter], higher loss rates than typically seen in IP networks are expected, rendering link fragmentation important to avoid. This, in particular because, as mentioned above, the whole IP packet is dropped if only a single fragment is lost [RFC4944]. 6.1. Observations [RFC4919] makes the following observation regarding using IP in LoWPAN networks based on IEEE 802.15.4 frames: Applications within LoWPANs are expected to originate small packets. Adding all layers for IP connectivity should still allow transmission in one frame, without incurring excessive fragmentation and reassembly. Furthermore, protocols must be designed or chosen so that the individual "control/protocol packets" fit within a single 802.15.4 frame. Along these lines, IPv6's requirement of sub-IP reassembly [...] may pose challenges for low-end LoWPAN devices that do not have enough RAM or storage for a 1280-octet packet. In order to avoid the link fragmentation and thus to adhere to the recommendation in [RFC4919], each control packet of RPL must fit into the remaining 79 octets of the 802.15.4 frame. While 79 octets may seem to be sufficient to carry RPL control messages, consider the following: RPL control messages are carried in ICMPv6, and the mandatory ICMPv6 header consumes 4 octets. The DIO base another 24 octets. If link metrics are used, that consumes at least another 8 octets - and this is when using a simple hop count metric; other metrics may require more. The DODAG Configuration Object consumes up to a further 16 octets, for a total of 52 octets. Adding a Prefix Information Object for address configuration consumes another 32 octets, for a total of 84 octets - thus exceeding the 79 octets available for L3 data payload and causing link fragmentation of such a DIO. As a point of reference, the ContikiRPL [rpl-contiki] implementation includes both the DODAG Configuration option and the Prefix Information option in all DIO messages. Any other options, e.g., Route Information options indicating prefixes reachable through the DODAG Root, increase the overhead and thus the probability of fragmentation. Clausen, et al. Expires April 30, 2015 [Page 13] Internet-Draft Observations of RPL October 2014 RPL may further increase the probability of link fragmentation of data traffic: for non-storing mode, RPL employs source-routing for all downward traffic. [RFC6554] specifies the RPL Source Routing header, which imposes a fixed overhead of 8 octets per IP packet leaving 71 octets remaining from the link-layer MTU in order to contain the whole IP packet into a single frame - from which must be deducted a variable number of octets, depending on the length of the route. With fewer octets available for data payload, RPL thus increases the probability for link fragmentation of also data packets. This, in particular, for longer routes, e.g., for point-to- point data traffic between sensors inside the LLN, where data traffic transit through the DODAG Root and is then source-routed to the destination. The overhead of source routing is further detailed in Section 7. Given the minimal packet size of LLNs, the routing protocol must impose low (or no) overhead on data packets, hopefully independently of the number of hops [RFC4919]. However, source-routing not only causes increased overhead in the IP header, it also leads to a variable available payload for data (depending on how long the source route is). In point-to-point communication and when non-storing mode is used for downward traffic, the source of a data packet will be unaware of how many octets will be available for payload (without incurring link fragmentation) when the DODAG Root relays the data packet and adds the source routing header. Thus, the source may choose an inefficient size for the data payload: if the data payload is large, it may exceed the link-layer MTU at the DODAG Root after adding the source-routing header; on the other hand, if the data payload is low, the network resources are not used efficiently, which introduces more overhead and more frame transmissions. Unless the DODAG Root is the source of an IPv6 packet to be forwarded through an RPL LLN, the IPv6 packet must be encapsulated in IPv6-in- IPv6 tunneling, with the RPL extension added to the outer IPv6 header. Similarly, in non-storing mode, the original IPv6 packet must be carried in IPv6-in-IPv6 tunneling, with the RPL routing header added to the outer IPv6 header. Both of these mechanisms add additional overhead, increasing the likelihood that link fragmentation will be required to deliver the IPv6 packet. In addition, even IPv6 packets that are the minimum MTU size of 1280 octets will require IPv6 fragmentation to accommodate the RPL tunnel and headers on a deployment using the [RFC4944] specification to carry IPv6 over IEEE 802.15.4, because RFC4944 defines the MTU for such deployments to be 1280 octets. The ZigBee Alliance has relaxed [RFC4944] to use a longer MTU for accommodating 1280 octet IPv6 packets with the required tunnel overhead without fragmentation. The "ZigBee IP Specification" (ZIP) [ZigBeeIP] specifies in section 5.4.3: Clausen, et al. Expires April 30, 2015 [Page 14] Internet-Draft Observations of RPL October 2014 A ZIP node MUST ensure that the insertion of a RPL extension header, either directly or via IPv6-in-IPv6 tunneling, does not cause IPv6 fragmentation. This is done by using a different MTU value for packets where the IPv6 header includes a RPL extension header. The RPL tunnel entry point SHOULD be considered as a separate interface whose MTU is set to the 6LoWPAN interface MTU plus RPL_MTU_EXTENSION bytes. Section 7.1 of [ZigBeeIP] defines RPL_MTU_EXTENSION to be 100 bytes. 7. The DAO Mechanism: Downward and Point-to-Point Routes RPL specifies two distinct and incompatible "modes of operation" for downward traffic: storing mode, where each router is assumed to maintain routes to all destinations in its sub-DODAG, i.e., routers that are "deeper down" in the DODAG, and non-storing mode, where only the DODAG Root stores routes to destinations inside the LLN, and where the DODAG Root employs strict source routing in order to route data traffic to the destination router. 7.1. Observations In addition to possible fragmentation, as occurs when using potentially long source routing headers over a medium with a small MTU - similar to what is discussed in Section 6 - the maximum length of the source routing header [RFC6554] is limited to 136 octets, including an 8 octet long header. As each IPv6 address has a length of 16 octets, not more than 8 hops from the source to the destination are possible for "raw IPv6". Using address compression (e.g., as specified in [RFC4944]), the maximum route length may not exceed 64 hops. This excludes deployment of RPL for scenarios with long "chain-like" topologies, such as traffic lights along a street. In storing mode, each router has to store routes for destinations in its sub-DODAG. This implies that, for routers near the DODAG Root, the required storage is only bounded by the number of destinations in the network. As RPL targets constrained devices with little memory, but also has as ambition to be operating networks consisting of thousands of routers [roll-charter], the storing capacity on these routers may need to be the same as DODAG root - or, at least, the storage requirements in routers "near the DODAG Root" and "far from the DODAG Root" is not homogenous, thus some sort of administrative deployment, and continued administrative maintenance of devices, as the network evolves, is needed. In an experimental testbed, [rpl-eval-UCB] argues that practical experiences suggest that RPL in storing mode, with routers having Clausen, et al. Expires April 30, 2015 [Page 15] Internet-Draft Observations of RPL October 2014 10kB of RAM (TELOSB mote with TinyOS, 16-bit RISC, 48 kB program flash memory, 16 kB configuration EEPROM), should be limited to networks of less than ~30 routers. Note that observation of less than 30 routers only presents the results obtained from specified testbed and implementation in [rpl-eval-UCB]. Aggregation / summarization of addresses may be advanced as a possible argument that this issue is of little significance - Section 8 discusses why such an argument does not apply. Moreover, if the LoWPAN adaption layer [RFC4944] is used in the LLN, route aggregation is not possible since the same /64 is applied across the entire network. In short, the mechanisms in RPL force the choice between requiring all routers to have sufficient memory to store route entries for all destinations (storing mode) - or, suffer increased risk of fragmentation, and thus loss of data packets, while consuming network capacity by way of source routing through the DODAG Root (non-storing mode). In RPL, the "mode of operation" stipulates that either downward routes are not supported (MOP=0), or that they are supported by way of either storing or non-storing mode. In case downward routes are supported, RPL does not provide any mechanism for discriminating between which routes should or should not be maintained. In particular, in order to calculate routes to a given destination, all intermediaries between the DODAG Root and that destination must themselves be reachable - effectively rendering downward routes in RPL an "all-or-none" situation. In case a destination is unreachable, all the DODAG Root may do is increase DTSN (Destination Advertisement Trigger Sequence Number) to trigger DAO message transmission, or eventually increase the DODAG version number in case the destination is still unreachable, which possibly provokes a broadcast-storm-like situation. This, in particular, as [RFC6550] does not specify DAO message transmission constraints, nor any mechanism for adapting DAO emission to the network capacity. In storing mode, a DTSN increment by the DODAG Root works only if all routers, on the path from the DODAG Root to the "lost" target router, have kept their routing table up-to-date by triggering DAO updates, and thus have a route to the target router. In non-storing mode, the DODAG Root incrementing its DTSN will trigger global DAO updates, and thus extra overhead in the network and delay in the recalculation of the missing route. Furthermore, DTSN increments are carried by way of DIO messages. In case the "lost" target router has lost all of its parents, it will not be able to receive DIO messages from them, and thus will have to wait until it has poisoned its sub-DODAG and joined the DODAG through another parent. The only way the DODAG Root can speed up this Clausen, et al. Expires April 30, 2015 [Page 16] Internet-Draft Observations of RPL October 2014 process is by incrementing the DODAG version number, thus triggering global recalculation of the DODAG. Even in case the DTSN increment is carried to the "lost" target router through another parent, the triggered DAO will need to go up the DODAG to the DODAG Root via another route, which might itself be broken. This would necessitate the use of local repair mechanisms, potentially causing loops in the network (see Section 14) and eventually global DODAG recalculation. 8. Address Aggregation and Summarization As indicated in Section 7, in storing mode, a router is expected to be able to store routing entries for all destinations in its "sub- DODAG", i.e., routing entries for all destinations in the network where the route to the DODAG Root includes that router. In the Internet, no single router stores explicit routing entries for all destinations. Rather, IP addresses are assigned hierarchically, such that an IP address does not only uniquely identify a network interface, but also its topological location in the network, as illustrated in Figure 2. All addresses with the same prefix are reachable by way of the same router - which can, therefore, advertise only that prefix. Other routers need only record a single routing entry for that prefix, knowing that as the IP packet reaches the router advertising that prefix, more precise routing information is available. .---. | | '---' | | (a) | |1.x.x.x/8 | (b) / \ 1.1.x.x/16/ \ 1.2.x.x/16 / \ .---. .---. | c | | d | '---' '---' Figure 2: Address Hierarchies Clausen, et al. Expires April 30, 2015 [Page 17] Internet-Draft Observations of RPL October 2014 Any aggregated routes require the use of a prefix shorter than /64, and subsequent hierarchical assignment of prefixes down to a /64 (as any router itself provides a /64 subnet to any hosts connected to the router). Moreover, if the 6lowpan adaption layer [RFC4944] is used in the LLN, route aggregation is not possible since the same /64 is applied across the entire network. 8.1. Observations In RPL, each router acquires a number of parents, as described in Section 3, from among which it selects one as its preferred parent and, thus, next-hop on the route to the DODAG Root. routers maintain a parent set containing possibly more than a single parent so as to be able to rapidly select an alternative preferred parent, should the previously selected such become unavailable. Thus expected behavior is for a router to be able to change its point of attachment towards the DODAG Root. If IP addresses are assigned in a strictly hierarchical fashion, and if scalability of the routing state maintained in storing mode is based on this hierarchy, then this entails that each time a router changes its preferred parent, it must also change its own IP address - as well as cause routers in its "sub-DODAG" to do the same. RPL does not specify signaling for reconfiguring addresses in a sub-DODAG, while [RFC6550] specifically allows for aggregation (e.g., in Section 18.2.6.: "[...] it is recommended to delay the sending of DAO message to DAO parents in order to maximize the chances to perform route aggregation"). A slightly less strict hierarchy can be envisioned, where a router can change its preferred parent without necessarily changing addresses of itself and of its sub-DODAG, provided that its former and new preferred parents both have the same preferred parent, and have addresses hierarchically assigned from that - from the "preferred grandparent". With reference to Figure 1, this could be e changing its preferred parent from d to c, provided that both d and c have b as preferred parent. Doing so would impose a restriction on the parent-set selection, admitting only parents which have themselves the same parent, losing redundancy in the network connectivity. RPL does not specify rules for admitting only parents with identical grand-parents into the parent set - although such is not prohibited either, if the loss of redundancy is acceptable. The DODAG Root incrementing the DODAG version number is the mechanism by which RPL enables global reconfiguration of the network, reconstructing the DODAG with (intended) more optimal routes. In case of addressing hierarchies being enforced, so as to enable aggregation, this will either restrict the ability for an optimal Clausen, et al. Expires April 30, 2015 [Page 18] Internet-Draft Observations of RPL October 2014 DODAG construction, or will also have to trigger global address autoconfiguration so as to ensure addressing hierarchies. Finally, with IP addresses serving a dual role of an identifier of both an end-point for communication and a topological location in the network, changing the IP address of a device, so as to reflect a change in network topology, also entails interrupting ongoing communication to or through that device. Additional mechanisms (e.g., a DNS-like system) mapping "communications identifiers" and "IP addresses" are required. 9. Link Bidirectionality Verification Parents (and the preferred parent) are selected based on receipt of DIOs. This, alone, does not guarantee the ability of a router to successfully communicate with the parent. However, the basic use of links is for "upward" routes, i.e., for the router to use a parent (the preferred parent) as relay towards the DODAG Root - in the opposite direction of the one in which the DIO was received. 9.1. Observations Unidirectional links are no rare occurrence, such as is known from wireless multi-hop networks. Preliminary results from a test-bed of AMI (Automated Metering Infrastructure) devices using 950MHz radio interfaces, and with a total of 22 links, show that 36% of these links are unidirectional. If a router receives a DIO on such a unidirectional link, and selects the originator of the DIO as parent, which would be a bad choice: unicast traffic in the upward direction would be lost. If the router had verified the bidirectionality of links, it might have selected a better parent, to which it has a bidirectional link. [RFC6550] discusses some mechanisms which can (if deemed needed) be used to verify that a link is bidirectional before choosing a router as a parent. While requiring one mechanism for bidirectional verification to be used, the document does not specify which method to be used, and how to be used. The mechanisms discussed include NUD [RFC4861], BFD [RFC5881] and [RFC5184]. BFD is explicitly called out as "often not desirable" as it uses a proactive approach (exchange of periodic HELLO messages), and thus would "lead to excessive control traffic". Furthermore, not all L2 protocols provide L2 acknowledgements; even less so for multicast packets - and so, not on RPL DIOs, the multicast transmission of which is a requirement for the Trickle timer flooding reduction to be effective (see Section 3.1). This has as consequence that such L2 acknowledgements can only be used to determine if a given link is bidirectional or Clausen, et al. Expires April 30, 2015 [Page 19] Internet-Draft Observations of RPL October 2014 unidirectional once the router already has selected parents AND actually has data traffic to forward by way of these parents - in contradiction with RPL's stated design principle that require that the reachability of a router be verified before choosing it as a parent ([RFC6550], Section 1.1). Absent any mechanism specified by RPL to verify the bidirectionality of links, routers thus have to rely on NUD to choose their parent correctly (see Section 10). 10. Neighbor Unreachability Detection For Unidirectional Links [RFC6550] suggests using Neighbor Unreachability Detection (NUD) [RFC4861] to detect and recover from the situation of unidirectional links between a router and its (preferred) parent(s). When, e.g., a router tries (and fails) to actually use another router for forwarding traffic, NUD is supposed engaged to detect and prompt corrective action, e.g., by way of selecting an alternative preferred parent. NUD is based upon observing if a data packet is making forward progress towards the destination, either by way of indicators from upper-layer protocols (such as TCP and, though not called out in [RFC4861], also from lower-layer protocols such as Link Layer ACKs ) or - failing that - by unicast probing by way of transmitting a unicast Neighbor Solicitation message and expecting that a solicited Neighbor Advertisement message be returned. 10.1. Observations A router may receive, transiently, a DIO from a router, closer (in terms of rank) to the DODAG Root than any other router from which a DIO has been received. Some, especially wireless, link layers may exhibit different transmission characteristics between multicast and unicast transmissions (such is the case for some implementations of IEEE 802.11b, where multicast/broadcast transmissions are sent at much lower bit-rates than are unicast; IEEE 802.11b is, of course, not suggested as a viable L2 for LLNs, but serves to illustrate that such asymmetric designs exist), leading to a (multicast) DIO being received from farther away than a unicast transmission can reach. DIOs are sent (downward) using link-local multicast, whereas the traffic flowing in the opposite direction (upward) is unicast. Thus, a received (multicast) DIO may not be indicative of useful unicast connectivity - yet, RPL might cause this router to select this seemingly attractive router as its preferred parent. This may happen both at initialization, or at any time during the LLN lifetime as RPL allows attachment to a "better parent" over the network lifetime. A DODAG so constructed may appear stable and converged until such Clausen, et al. Expires April 30, 2015 [Page 20] Internet-Draft Observations of RPL October 2014 time that unicast traffic is to be sent and, thus, NUD invoked. Detecting only at that point that unicast connectivity is not maintained, and causing local (and possibly global) repairs exactly at that time, may lead to traffic not being deliverable. As indicated in Section 8, if scalability is dependent on addresses being assigned hierarchically, changing point-of-attachment may entail more than switching preferred parent. A router may detect that its preferred parent is lost by way of NUD, when trying to communicate to the DODAG Root. If that router has no other parents in its parent set, all it can do is wait: RPL does not provide other mechanisms for a router to react to such an event. In the case where there is no downward traffic (i.e., no data or acknowledgements are sent from the DODAG Root), neither the DODAG Root nor the preferred parent, to which upward connectivity was lost, will be able to detect and react to the event of connectivity loss. In other words, for upward traffic, the routers that by way of NUD detect connectivity loss, will be unable to act in order to restore connectivity (e.g., by way of a signaling mechanism to the DODAG Root, to request DODAG reconstruction by way of version number increase). The routers, which could react (the "preferred parents") will for upward traffic not generate any traffic "downward" allowing NUD to engage and detect connectivity loss. It is worth noting that RPL is optimized for upward traffic (multipoint-to-point traffic), and that this is exactly the type of traffic where NUD is not applicable as a mechanism for detecting and reacting to connectivity loss. Also, absent all routers consistently advertising their reachability through DAO messages, a protocol requiring bidirectional flows between the communicating devices, such as TCP or CoAP confirmable- acknowledgement exchange, will be unable to operate. Finally, upon having been notified by NUD that the "next hop" is unreachable, a router must discard the preferred parent and select another - hoping that this time, the preferred parent is actually reachable. Also, if NUD indicates "no forward progress" based on an upper-layer protocol, there is no guarantee that the problem stems exclusively from the preferred parent being unreachable. Indeed, it may be a problem further ahead, possibly outside the LLN, thus changing preferred parent will not alleviate the situation. Moreover, using information from an upper-layer protocol, e.g., to return TCP ACKs back to the source, requires established downward routes in the DODAG (i.e., each router needs to send DAO messages to the DODAG Root, as described in Section 7). Clausen, et al. Expires April 30, 2015 [Page 21] Internet-Draft Observations of RPL October 2014 Incidentally, this stems from a fundamental difference between "fixed links in the Internet" and "wireless links": whereas the former, as a rule, are reliable, predictable and with losses being rare exceptions, the latter are characterized by frequent losses and general unpredictability. 11. RPL Implementability and Complexity RPL is designed to operate on "routers [...] with constraints on processing power, memory, and energy (battery power)" [RFC6550]. However, the 163 pages long specification of RPL, plus additional specifications for routing headers [RFC6554], Trickle timer [RFC6206], routing metrics [RFC6551] and objective function [RFC6552], describes complex mechanisms (e.g., the upwards and downward data traffic, a security solution, manageability of routers, auxiliary functions for autoconfiguration of routers, etc.), and provides no less than 9 message types, and 10 different message options. To give one example, the ContikiRPL implementation (http://www.sics.se/contiki), which provides only storing mode and no security features, consumes about 50 KByte of memory. Sensor hardware, such as MSP430 sensor platforms, does not contain much more memory than that, i.e., there may not be much space left to deploy any application on the router. 11.1. Observations Since RPL is intended as the routing protocol for LLNs, which covers all the diverse applications requirements listed in [RFC5867], [RFC5673], [RFC5826], [RFC5548], it is likely that (i) due to limited memory capacity of the routers, and (ii) due to expensive development cost of the routing protocol implementation, RPL implementations will only support a partial set of features from the specification, leading to non-interoperable implementations. In order to accommodate the verbose exchange format, route stretching and source routing for point-to-point traffic, several additional Internet-Drafts are being discussed for adoption in the ROLL Working Group - adding complexity to an already complex specification which, it is worth recalling, was intended to be of a protocol for low- capacity devices. 12. Underspecification While [RFC6550] provides various options and extensions in many Clausen, et al. Expires April 30, 2015 [Page 22] Internet-Draft Observations of RPL October 2014 parts, which makes a complex protocol, as described in Section 11, some mechanisms are underspecified. While for DIOs, the Trickle timer specifies a relatively efficient and easy-to-understand timing for message transmission, the timing of DAO transmission is not explicit. As each DAO may have a limited lifetime, one "best guess" for implementers would be to send DAO periodically, just before the life-time of the previous DAO expires. Since DAOs may be lost, another "best guess" would be to send several DAOs shortly one after the other in order to increase probability that at least one DAO is successfully received. The same underspecification applies for DAO-ACK messages: optionally, on reception of a DAO, a router may acknowledge successful reception by returning a DAO-ACK. Timing of DAO-ACK messages is unspecified by RPL. 12.1. Observations By not specifying details about message transmission intervals and required actions when receiving DAO and DAO-ACKs, implementations may exhibit a bad performance if not carefully implemented. Some examples are: 1. If DAO messages are not sent in due time before the previous DAO expires (or if the DAO is lost during transmission), the routing entry will expire before it is renewed, leading to a possible data traffic loss. 2. RPL does not specify to use jitter [RFC5148] (i.e., small random delay for message transmissions). If DAOs are sent periodically, adjacent routers may transmit DAO messages at the same time, leading to link layer collisions. 3. In non-storing mode, the "piece-wise calculation" of routes to a destination from which a DAO has been received, relies on previous reception of DAOs from intermediate routers along the route. If not all of these DAOs from intermediate routers have been received, route calculation is not possible, and DAO-ACKs or data traffic cannot be sent to that destination. Other examples of underspecification include detection of connectivity loss, as described in Section 10, as well as the local repair mechanism, which may lead to loops and thus data traffic loss, if not carefully implemented: a router discovering that all its parents are unreachable, may - according to the RPL specification - "detach" from the DODAG, i.e., increase its own rank to infinity. It may then "poison" its sub-DODAG by advertising its infinite rank in Clausen, et al. Expires April 30, 2015 [Page 23] Internet-Draft Observations of RPL October 2014 its DIOs. If, however, the router receives a DIO before it transmits the "poisoned" DIO, it may attach to its own sub-DODAG, creating a loop. If, instead, it had waited some time before processing DIOs again, chances are it would have succeeded in poisoning its sub-DODAG and thus avoided the loop. 13. Protocol Convergence Trickle [RFC6206] is used by RPL to schedule transmission of DIO messages, with the objective of minimizing the amount of transmitted DIOs while ensuring a low convergence time of the network. The theoretical behavior of Trickle is well understood, and the convergence properties are well studied. Simulations of the mechanism, such as documented [trickle-multicast], confirm these theoretical studies. In real-world environments, however, varying link qualities may cause the algorithm to converge less well: frequent message losses entail resets of the Trickle timer and more frequent and unpredicted message emissions. 13.1. Observations The varying link quality in real-world environments results in frequent changes of the best parent, which triggers a reset of the Trickle timer and thus the emission of DIOs. Therefore Trickle does not converge as well for links that are fluctuating in quality as in theory. This has been observed, e.g., in an experimental testbed: 69 routers (MSP430-based wireless sensor routers with IEEE 802.15.4, using [rpl-contiki] IPv6 stack and RPL without downward routes; the parameters of the Trickle timer were set to the implementation defaults (minimum DIO interval: 4 s, DIO interval doublings: 8, redundancy constant: 10) were positioned in a fixed grid topology. This resulted in DODAGs being constructed with an average of 2.45 children per router and an average rank of 3.58. In this small test network, the number of DIO messages emitted - expectedly - spiked within the first ~10 seconds. Alas, rather than taper off to become zero (as the simulation studies would suggest), the DIO emission rate remained constant at about 70 DIOs per second. Details on this experiment can be found in [rpl-eval]. In another experimental testbed with 17 routers (Tmote Sky, Contiki platform [powertrace]), the authors also showed that the DIO emission continues with constant rate. Even with a relatively high data rate Clausen, et al. Expires April 30, 2015 [Page 24] Internet-Draft Observations of RPL October 2014 for sensor networks (every router sends 1 packet to the root per minute), the energy used for routing control packets is higher than the data traffic transmission. The resulting higher control overhead due to frequent DIO emission, leads to higher bandwidth and energy consumption as well as possibly to an increased number of collisions of frames, as observed in [trickle-multicast]. 13.2. Caveat Note that these observations do not claim that it is impossible to parametrize Trickle timers so that a given deployment exhibits the theoretical characteristics (or, characetristics sufficiently close thereto) of the Trickle mechanism. These observations suggest that the default parameter values, provided for Trickle timers in [RFC6550], did not apply to the small network tested. These observations also suggest that special care is required when selecting the values for the parameters for Trickle timers, and that these values likely are to be determined experimentally, and individually for each deployment. 14. Loops [RFC6550] states that it "guarantees neither loop free route selection nor tight delay convergence times, but can detect and repair a loop as soon as it is used. RPL uses this loop detection to ensure that packets make forward progress [...] and trigger repairs when necessary". This implies that a loop may only then be detected and fixed when data traffic is sent through the network. In order to trigger a local repair, RPL relies on the "direction" information (with values "up" or "down"), contained in an IPv6 hop- by-hop option header from received a data packet. If an "upward" data packet is received by a router, but the previous hop of the packet is listed with a lower rank in the neighbor set, the router concludes that there must be a routing loop and it may therefore trigger a local repair. For downward traffic in non-storing mode, the DODAG Root can detect loops if the same router identifier (i.e., IP address) appears at least twice in the route towards a destination. 14.1. Observations The reason for RPL to repair loops only when detected by a data traffic transmission is to reduce control traffic overhead. However, there are two problems in repairing loops only when so triggered: (i) Clausen, et al. Expires April 30, 2015 [Page 25] Internet-Draft Observations of RPL October 2014 the triggered local repair mechanism delays forward progress of data packets, increasing end-to-end delays, and (ii) the data packet has to be buffered during repair. (i) may seem as the lesser of the two problems, since in a number of applications, such as data acquisition in smart metering applications, an increased delay may be acceptable. However, for applications such as alarm signals or in home automation (e.g., a light switch), increased delay may be undesirable. As for (ii), RPL is supposed to run on LLN routers with "constraints on [...] memory" [RFC6550]; buffering incoming packets during the route repair may not be possible for all incoming data packets, leading to dropped packets. Depending on the transport protocol, these data packets must be retransmitted by the source or are definitely lost. If carefully implemented with respect to avoiding loops before they occur, the impact of the loop detection in RPL may be minimized. However, it can be observed that with current implementations of RPL, such as the ContikiRPL implementation, loops do occur - and, frequently. During the same experiments described in Section 13, a snapshot of the DODAG was made every ten seconds. In 74.14% of the 4114 snapshots, at least one loop was observed. Further investigation revealed that in all these cases the DODAG was partitioned, and the loop occurred in the sub-DODAG that no longer had a connection to the DODAG Root. When the link to the only parent of a router breaks, the router may increase its rank and - when receiving a DIO from a router in its sub-DODAG - attach itself to its own sub-DODAG, thereby creating a loop - as detailed in Section 12.1. While it can be argued that the observed loops are harmless since they occur in a DODAG partition that has no connection to the DODAG Root, they show that the routes are not built correctly. Even worse, when the broken link re-appears, it is possible that in certain situations, the loop is only repaired when data traffic is sent, possibly leading to data loss (as described above). This can occur if the link to the previous parent is reestablished, but the rank of that previous parent has increased in the meantime. Another problem with the loop repair mechanism arises in non-storing mode when using only downward traffic: while the DODAG Root can easily detect loops (as described above), it has no direct means to trigger a local repair where the loop occurs. Indeed, it can only trigger a global repair by increasing the DODAG version number, leading to a Trickle timer reset and increased control traffic overhead in the network caused by DIO messages, and therefore a possible energy drain of the routers and congestion of the channel. Clausen, et al. Expires April 30, 2015 [Page 26] Internet-Draft Observations of RPL October 2014 Finally, loop detection for every data packet increases the processing overhead. RPL is targeted for deployments on very constrained devices with little CPU power, therefore a loop detection for every packet reduces available resources of the LLN router for other tasks (such as sensing). Moreover, each IPv6 packet needs to contain the "RPL Option for Carrying RPL Information in Data-Plane Datagrams" [RFC6553] in order to use loop detection (as well as determining the RPL instance), which in turn implies an extra IPv6 header (and thus overhead) for IPv6-in-IPv6 tunneling. As this RPL option is a hop-by-hop option, it needs to be in an encapsulating IPv6-in-IPv6 tunnel and then regenerated at each hop. 15. Security Considerations This document does currently not specify any security considerations. This document also does not provide any evaluation of the security mechanisms of RPL. 16. IANA Considerations This document has no actions for IANA. 17. Acknowledgements The authors would like to thank Matthias Philipp (INRIA) for his contributions to conducting many of the experiments, revealing or confirming the issues described in this document. Moreover, the authors would like to express their gratitude to Ralph Droms (Cisco) for his careful review of various versions of this document, for many long discussions, and for his considerable contributions to both the content and the quality of this document. 18. Informative References [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, Decemer 1998. [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, September 2007. [RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Clausen, et al. Expires April 30, 2015 [Page 27] Internet-Draft Observations of RPL October 2014 Overview, Assumptions, Problem Statement, and Goals", RFC 4919, August 2007. [RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler, "Transmission of IPv6 Packets over IEEE 802.15.4 Networks", RFC 4944, September 2007. [RFC5148] Clausen, T., Dearlove, C., and B. Adamson, "Jitter Considerations in Mobile Ad Hoc Networks (MANETs)", RFC 5148, February 2008. [RFC5184] Aggarwal, R., Kompella, K., Nadeau, T., and G. Swallow, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5184, June 2010. [RFC5548] Dohler, M., Watteyne, T., Winter, T., and D. Barthel, "Routing Requirements for Urban Low-Power and Lossy Networks", RFC 5548, May 2009. [RFC5673] Pister, K., Thubert, P., Dwars, S., and T. Phinney, "Industrial Routing Requirements in Low-Power and Lossy Networks", RFC 5673, October 2009. [RFC5826] Brandt, A., Buron, J., and G. Porcu, "Home Automation Routing Requirements in Low-Power and Lossy Networks", RFC 5826, April 2010. [RFC5867] Martocci, J., Mi, P., Riou, N., and W. Vermeylen, "Building Automation Routing Requirements in Low Power and Lossy Networks", RFC 5867, June 2010. [RFC5881] Ward, D. and D. Katz, "Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)", RFC 5881, June 2010. [RFC6206] Levis, P., Clausen, T., Hui, J., Gnawali, O., and J. Ko, "The Trickle Algorithm", RFC 6206, March 2011. [RFC6282] Hui, J. and P. Thubert, "Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks", RFC 6282, September 2011. [RFC6550] Winther, T., Thubert, P., Hui, J., Vasseur, J., Brandt, A., Kelsey, R., Levis, P., Piester, K., Struik, R., and R. Alexander, "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks", RFC 6550, March 2012. [RFC6551] Vasseur, J., Pister, K., Dejan, N., and D. Barthel, Clausen, et al. Expires April 30, 2015 [Page 28] Internet-Draft Observations of RPL October 2014 "Routing Metrics Used for Path Calculation in Low-Power and Lossy Networks", RFC 6551, March 2012. [RFC6552] Thubert, P., "Objective Function Zero for the Routing Protocol for Low-Power and Lossy Networks (RPL)", RFC 6552, March 2012. [RFC6553] Hui, J. and J. Vasseur, "The Routing Protocol for Low- Power and Lossy Networks (RPL) Option for Carrying RPL Information in Data-Plane Datagrams", RFC 6553, March 2012. [RFC6554] Hui, J., Vasseur, J., Culler, D., and V. Manral, "An IPv6 Routing Header for Source Routes with the Routing Protocol for Low-Power and Lossy Networks (RPL)", RFC 6554, March 2012. [RFC7102] Vasseur, JP., "Terms Used in Routing for Low-Power and Lossy Networks", RFC 7102, January 2014. [RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, June 2014. [SEP2.0] Computer Society, IEEE., "P2030.5 IEEE Draft Standard for Smart Energy Profile 2.0 Application Protocol", 2014. [ZigBeeIP] Alliance, ZigBee., "ZigBee IP Specification", February 2013. [bidir] Clausen, T. and U. Herberg, "A Comparative Performance Study of the Routing Protocols LOAD and RPL with Bi- Directional Traffic in Low-power and Lossy Networks (LLN)", Proceedings of the Eighth ACM International Symposium on Performance Evaluation of Wireless Ad Hoc, Sensor, and Ubiquitous Networks (PE-WASUN), 2011. [ieee802154] Computer Society, IEEE., "IEEE Std. 802.15.4-2003", October 2003. [powertrace] Dunkels, A., Eriksson, J., Finne, N., and N. Tsiftes, "Powertrace: Network-level Power Profiling for Low-power Wireless Networks", Technical Report SICS T2011:05. [roll-charter] "ROLL Charter", Clausen, et al. Expires April 30, 2015 [Page 29] Internet-Draft Observations of RPL October 2014 web http://datatracker.ietf.org/wg/roll/charter/, February 2012. [rpl-contiki] Tsiftes, N., Eriksson, J., and A. Dunkels, "Low-Power Wireless IPv6 Routing with ContikiRPL", Proceedings Proceedings of the 9th ACM/IEEE International Conference on Information Processing in Sensor Networks (ISPN), 2011. [rpl-eval] Clausen, T., Herberg, U., and M. Philipp, "A Critical Evaluation of the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL)", Proceedings of the 5th IEEE International Conference on Wireless & Mobile Computing, Networking & Communication (WiMob), 2011. [rpl-eval-UCB] Ko, J., Dawson-Haggerty, S., Culler, D., and A. Terzis, "Evaluating the Performance of RPL and 6LoWPAN in TinyOS", Proceedings of the Workshop on Extending the Internet to Low power and Lossy Networks (IP+SN), 2011. [trickle-multicast] Clausen, T. and U. Herberg, "Study of Multipoint-to-Point and Broadcast Traffic Performance in the 'IPv6 Routing Protocol for Low Power and Lossy Networks' (RPL)", Journal of Ambient Intelligence and Humanized Computing, 2011. Authors' Addresses Thomas Clausen LIX, Ecole Polytechnique 91128 Palaiseau Cedex, France Phone: +33 6 6058 9349 Email: T.Clausen@computer.org URI: http://www.thomasclausen.org Clausen, et al. Expires April 30, 2015 [Page 30] Internet-Draft Observations of RPL October 2014 Axel Colin de Verdiere LIX, Ecole Polytechnique 91128 Palaiseau Cedex, France Phone: +33 6 1264 7119 Email: axel@axelcdv.com URI: http://www.axelcdv.com/ Jiazi Yi LIX, Ecole Polytechnique 91128 Palaiseau Cedex, France Phone: +33 1 6933 4031 Email: jiazi@jiaziyi.com URI: http://www.jiaziyi.com/ Ulrich Herberg Fujitsu Laboratories of America 1240 E Arques Ave Sunnyvale, CA 94085 USA Email: ulrich@herberg.name URI: http://www.herberg.name/ Yuichi Igarashi Hitachi, Ltd., Yokohama Research Laboratory Phone: +81 45 860 3083 Email: yuichi.igarashi.hb@hitachi.com URI: http://www.hitachi.com/ Clausen, et al. Expires April 30, 2015 [Page 31]