IPv6 Routing Protocol for Low powerand Lossy Networks               draft-ietf-roll-rpl-19    draft-ietf-6man-rpl-routing-...
Agenda• Overview of RPL -   o   Topology/Topology Construction   o   Types of Routes   o   Traffic Flows supported   o   O...
Definitions• Low power and Lossy Networks (LLN)   o Network where routers and links are constrained• IPv6 Routing Protocol...
Survey of Routing ProtocolsSource: Siarhei Kuryla, Networks and Distributed Systems seminar,http://cnds.eecs.jacobs-univer...
Topology• Forms one or more Destination Oriented Directed Acyclic  Graphs (DODAGs) between nodes    Source: Siarhei Kuryla...
Topology/Topology Construction• An LLN is divided into one or more RPL Instance• Each instance may have one or more DODAG•...
Topology Construction (Visually)Source: Siarhei Kuryla, Networks and Distributed Systems seminar,http://cnds.eecs.jacobs-u...
Routes in RPL• Upward Routes  o Routes from nodes towards root  o Learned during ranking/parent selection through control ...
Traffic Flows Supported• Multipoint-to-Point (MP2P)  o Ex: One node providing a sink for many  o Uses up routes• Point-to-...
Overview of Control Messages• Uses ICMPv6 with Type = 155• Code specifies type of control message• Base is where the messa...
Control Message Bases•   DODAG Information Solicitation (DIS)•   DODAG Information Object (DIO)•   DODAG Advertisement Obj...
Overview of Control Messages - DIS• DODAG Information Solicitation (DIS)• Used to probe neighbors for nearby DODAGs• Can b...
Overview of Control Messages - DIO• DODAG Information Object (DIO)• Allows nodes to discover an RPL Instance, learn the  c...
Overview of Control Messages - DAO•   Destination Advertisement Object (DAO)•   Sends node information to the DODAG root• ...
Overview of Control Messages -  DAO-ACK• Destination Advertisement Object ACK (DAO-ACK)• DAOSequence - Corresponds to DAO ...
Overview of Control Messages - CC• Consistency Check• Used for challenges/responses and for checking secure  message count...
Secure Control Messages• Each control message also has a secure version• Security section above included in message (befor...
Control Message Options• PAD1  o Add single octet of padding for option alignment• PADN  o Add two or more octets for padd...
Control Message Options (2)• RPL Target (DAO)   o Indicates a specified target IPv6 address, prefix, or     multicast grou...
Upward Route Creation / NodeJoining• Node determines which DODAG is most preferred• Builds a set of potential neighbors us...
Downward Route Creation• Nodes send DAO messages upward• In storing mode, nodes along the upward path can store  routes to...
Security Mechanisms• 3 Security modes for an RPL Instance:   o Unsecured - Regular control messages, no security     provi...
Loop Avoidance• Detects DAG inconsistencies at each node if:   o downward packet received from higher ranked node   o upwa...
Agenda• Overview of RPL -   o   Topology/Topology Construction   o   Types of Routes   o   Traffic Flows supported   o   O...
IPv6 Routing Header for SourceRoutes • RPL relies on source routing to utilize paths that include   memory constrained rou...
Source Routing for RPL• Source routes specified can be:  o The entire path from source to destination  o Subset of actual ...
SRH Case 1• SRH specifies complete path between source to destination• Router places source header directly in datagram
SRH Case 2• Occurs when source and/or destination are outside RPL  instance• R is the RPL Border Router
Format of RPL Routing Header
Generating Source Route Headers• if source and destination in same instance   o router includes SRH header in original pac...
Processing Source Route Headers• Processed when packet reaches node identified by•  destination address field.• Processing...
Security Considerations• Does not specify any confidentiality, integrity or authenticity  mechanism.• RPL routers must dro...
IANA Consideration• New source routing type "RPL Source Route Header"  defined   o assigned number TBD by IANA• New ICMPv6...
Whats already been done• Wireshark filters for the control messages (ICMPv6) from  the main RFC• Support for version 3 of ...
What we plan to implement• Update Source Route Header (SRH) dissecting capabilities• Ensure decoding works with IPv6-in-IP...
Questions?
Sourceshttp://tools.ietf.org/html/draft-ietf-6man-rpl-routing-header-07http://tools.ietf.org/html/draft-ietf-roll-rpl-19ht...
Upcoming SlideShare
Loading in …5
×

I pv6 routing_protocol_for_low_power_and_lossy_

736 views
637 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
736
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

I pv6 routing_protocol_for_low_power_and_lossy_

  1. 1. IPv6 Routing Protocol for Low powerand Lossy Networks draft-ietf-roll-rpl-19 draft-ietf-6man-rpl-routing-header-07 Andrew Williams Sheetal Kshirsagar
  2. 2. Agenda• Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance• Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations• Initial Project Plan o Whats already been done o List messages we will have to decode,
  3. 3. Definitions• Low power and Lossy Networks (LLN) o Network where routers and links are constrained• IPv6 Routing Protocol for LLN (RPL) o Mechanism for routing traffic flows in LLNs
  4. 4. Survey of Routing ProtocolsSource: Siarhei Kuryla, Networks and Distributed Systems seminar,http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  5. 5. Topology• Forms one or more Destination Oriented Directed Acyclic Graphs (DODAGs) between nodes Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  6. 6. Topology/Topology Construction• An LLN is divided into one or more RPL Instance• Each instance may have one or more DODAG• Each node joins one DODAG per RPL Instance• Each RPL Instance has an Objective Function used to rank nodes based on different metrics• Rank is the distance a node is from a DODAG root• Links established from higher rank nodes to lower rank ones• Each DODAG has a version, when changes occur the ranks are recalculated and version incremented (initiated by DODAG root)
  7. 7. Topology Construction (Visually)Source: Siarhei Kuryla, Networks and Distributed Systems seminar,http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  8. 8. Routes in RPL• Upward Routes o Routes from nodes towards root o Learned during ranking/parent selection through control messages (DIO)• Downward Routes o Routes away from root towards node, learned via control messages (DAO) o Handle according to RPL Instance mode of operation: o Storing Mode  Nodes may store the down routes, route packets down o Non-Storing Mode  Only root stores routes, all packets go to root and source routed down
  9. 9. Traffic Flows Supported• Multipoint-to-Point (MP2P) o Ex: One node providing a sink for many o Uses up routes• Point-to-Multipoint (P2MP) o Ex: Firmware update sent to all nodes o Uses down routes toward destinations (prefixes, addresses, or multicast groups), and away from roots• Point-to-Point (P2P) o A packet flows towards a root through up routes until it reaches an ancestor that has a known down route to the destination or the root.
  10. 10. Overview of Control Messages• Uses ICMPv6 with Type = 155• Code specifies type of control message• Base is where the message goes
  11. 11. Control Message Bases• DODAG Information Solicitation (DIS)• DODAG Information Object (DIO)• DODAG Advertisement Object (DAO)• DODAG Advertisement Object ACK (DAO-ACK)• Consistency Check (CC)
  12. 12. Overview of Control Messages - DIS• DODAG Information Solicitation (DIS)• Used to probe neighbors for nearby DODAGs• Can be used to solicit DIO messages
  13. 13. Overview of Control Messages - DIO• DODAG Information Object (DIO)• Allows nodes to discover an RPL Instance, learn the configuration parameters, select a DODAG parent, and maintain the DODAG
  14. 14. Overview of Control Messages - DAO• Destination Advertisement Object (DAO)• Sends node information to the DODAG root• K - A DAO-ACK is expected• D - DODAGID field is present
  15. 15. Overview of Control Messages - DAO-ACK• Destination Advertisement Object ACK (DAO-ACK)• DAOSequence - Corresponds to DAO message
  16. 16. Overview of Control Messages - CC• Consistency Check• Used for challenges/responses and for checking secure message counters• Must be sent using the Secure RPL Message format
  17. 17. Secure Control Messages• Each control message also has a secure version• Security section above included in message (before base)• Provides integrity and replay protection, with optional confidentiality and delay protection
  18. 18. Control Message Options• PAD1 o Add single octet of padding for option alignment• PADN o Add two or more octets for padding• Metric Container (DIO, DAO) o Pass node, link, and aggregate path metrics• Route Information (DIO) o Indicates that the DODAG root has connectivity to a destination prefix• DODAG Configuration (DIO) o Distributes information about the DODAG o Usually static, so doesnt need to be sent with each DIO
  19. 19. Control Message Options (2)• RPL Target (DAO) o Indicates a specified target IPv6 address, prefix, or multicast group is reachable along the DODAG• Transit Information (DAO) o Indicates attributes for paths to one or more destination• Solicited Information (DIS) o Used for a node to request DIO messages from a subset of neighbor nodes• Prefix Information (DIO) o Propagates prefix information for State-Less Address Auto-Conf• RPL Target Descriptor (DAO) o Used to qualify/tag a target
  20. 20. Upward Route Creation / NodeJoining• Node determines which DODAG is most preferred• Builds a set of potential neighbors using DIO messages o Must be reachable via link-local multicast• Determines a subset of neighbors that are potential parents• Determines one or more preferred parents• Sets its rank as being greater than the parents rank• Upward route is through the parent
  21. 21. Downward Route Creation• Nodes send DAO messages upward• In storing mode, nodes along the upward path can store routes to these destinations and send DAO upward• Downward Routes constructed by recursively looking up parent nodes until the node is found
  22. 22. Security Mechanisms• 3 Security modes for an RPL Instance: o Unsecured - Regular control messages, no security provided by RPL o Pre-Installed - Secure control messages using a pre- shared key o Authenticated - Secure control messages using a pre- shared key, must obtain a second key from a key authority to be a router• MAC or Signature used to provide message integrity/authentication• Optional encryption using CCM with AES-128 encryption• Counters and Timestamps to prevent replay/timing attacks
  23. 23. Loop Avoidance• Detects DAG inconsistencies at each node if: o downward packet received from higher ranked node o upward packet received from lower ranked node• Detects DAO inconsistencies (incorrect down routes stored at nodes) if: o node receives a packet for which it is no longer the parent
  24. 24. Agenda• Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance• Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations• Initial Project Plan o Whats already been done o List messages we will have to decode,
  25. 25. IPv6 Routing Header for SourceRoutes • RPL relies on source routing to utilize paths that include memory constrained routers • Needed to support downward routes in RPL instances using Non-Storing Mode o source routes populated by DODAG root • SRH header is similar to the IPv6 header described in RFC2460 • SRH allows compaction of source route entries when all entries share same prefix
  26. 26. Source Routing for RPL• Source routes specified can be: o The entire path from source to destination o Subset of actual path between Source to Destination• SRH can only be used between RPL Instances• RPL Border routers responsible for connecting to other RPL Routers o IPv6-in-IPv6• RPL Router drops datagram if o multiple addresses assigned to any interface on that router
  27. 27. SRH Case 1• SRH specifies complete path between source to destination• Router places source header directly in datagram
  28. 28. SRH Case 2• Occurs when source and/or destination are outside RPL instance• R is the RPL Border Router
  29. 29. Format of RPL Routing Header
  30. 30. Generating Source Route Headers• if source and destination in same instance o router includes SRH header in original packet• if source and/or destination in different instance o router uses IPv6-in-IPv6• RPL router must set segments left to no greater than original datagrams Hop Limit o what is source route is longer than IPv6 hop limit?• If RPL router is not a source of the datagram, it first decrements Hop Count and then generates SRH• Desirable to consider path MTU size to prevent performance degradation due to fragmentation o data size + 40(outer IP header) + SRH_MAX_SIZE
  31. 31. Processing Source Route Headers• Processed when packet reaches node identified by• destination address field.• Processing header: o destination address = next hops address o if segments left non-zero and destination address not on link packet must be dropped send ICMP destination unreachable error message else packet is forwarded o detect loop d  If SRH contains multiple address assigned to any interface on that router, drop packet  send ICMP parameter problem error message
  32. 32. Security Considerations• Does not specify any confidentiality, integrity or authenticity mechanism.• RPL routers must drop datagram containing SRH in the IPv6 extention header.• Vulnerable to attacks from inside RPL instance.• Bandwidth exhaustion attack handled by loop detection mechanism• Possible attacks o Bypassing filtering devices o reaching otherwise unreachable internet system o defeating anycast o routing topology discovery
  33. 33. IANA Consideration• New source routing type "RPL Source Route Header" defined o assigned number TBD by IANA• New ICMPv6 Destination unreachable code defined o Strict Source Routing Failed o assigned number TBD by IANA
  34. 34. Whats already been done• Wireshark filters for the control messages (ICMPv6) from the main RFC• Support for version 3 of the SRH RFC (currently version 7)
  35. 35. What we plan to implement• Update Source Route Header (SRH) dissecting capabilities• Ensure decoding works with IPv6-in-IPv6 encapsulated packets where SRH is in the outer IPv6 packet• Show errors visually o IPv6 addresses must not appear more than once in the SRH o IPv6 source and destination must not appear in the SRH o Multicast IPv6 addresses must not appear in the SRH or as the destination of a IPv6 packet with a SRH o If CmprI == 0 and CmprE == 0, Pad must == 0• Highlight circumstances where messages must be dropped and ICMPv6 error messages should be generated o non-zero segments left value and destination not on link o SRH includes multiple addresses assigned to interfaces on a given router and messages are seperated by at least one interface
  36. 36. Questions?
  37. 37. Sourceshttp://tools.ietf.org/html/draft-ietf-6man-rpl-routing-header-07http://tools.ietf.org/html/draft-ietf-roll-rpl-19http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf

×