draft-ietf-roll-home-routing-reqs-08.txt   draft-ietf-roll-home-routing-reqs-09.txt 
Networking Working Group A. Brandt Networking Working Group A. Brandt
Internet Draft Zensys, Inc. Internet Draft Sigma Designs, Inc.
Intended status: Informational G. Porcu Intended status: Informational J. Buron
Expires: March 2010 Telecom Italia Expires: May 2010 Sigma Designs, Inc.
September 16, 2009 G. Porcu
Telecom Italia
November 30, 2009
Home Automation Routing Requirements in Low Power and Lossy Home Automation Routing Requirements in Low Power and Lossy
Networks Networks
draft-ietf-roll-home-routing-reqs-08 draft-ietf-roll-home-routing-reqs-09
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with This Internet-Draft is submitted to IETF in full conformance with
the provisions of BCP 78 and BCP 79. the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 34 skipping to change at page 1, line 36
documents at any time. It is inappropriate to use Internet-Drafts documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in as reference material or to cite them other than as "work in
progress." progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 16, 2010. This Internet-Draft will expire on April 30, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license- publication of this document (http://trustee.ietf.org/license-
info). info).
Please review these documents carefully, as they describe your Please review these documents carefully, as they describe your
rights and restrictions with respect to this document. rights and restrictions with respect to this document.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s)
controlling the copyright in such materials, this document may not
be modified outside the IETF Standards Process, and derivative
works of it may not be created outside the IETF Standards Process,
except to format it for publication as an RFC or to translate it
into languages other than English.
Abstract Abstract
This document presents home control and automation application This document presents home control and automation application
specific requirements for Routing Over Low power and Lossy specific requirements for Routing Over Low power and Lossy
networks (ROLL). In the near future many homes will contain high networks (ROLL). In the near future many homes will contain high
numbers of wireless devices for a wide set of purposes. Examples numbers of wireless devices for a wide set of purposes. Examples
include actuators (relay, light dimmer, heating valve), sensors include actuators (relay, light dimmer, heating valve), sensors
(wall switch, water leak, blood pressure) and advanced controllers (wall switch, water leak, blood pressure) and advanced controllers
(RF-based AV remote control, Central server for light and heat (RF-based AV remote control, Central server for light and heat
control). Because such devices only cover a limited radio range, control). Because such devices only cover a limited radio range,
skipping to change at page 3, line 7 skipping to change at page 3, line 7
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in RFC-2119 in this document are to be interpreted as described in RFC-2119
[RFC2119]. [RFC2119].
Table of Contents Table of Contents
1. Introduction..................................................4 1. Introduction................................................4
1.1. Terminology..............................................5 1.1. Terminology............................................5
2. Home Automation Applications..................................6 2. Home Automation Applications................................6
2.1. Lighting Application In Action...........................6 2.1. Lighting Application In Action.........................6
2.2. Energy Conservation and Optimizing Energy Consumption....7 2.2. Energy Conservation and Optimizing Energy Consumption..6
2.3. Moving a Remote Control Around...........................7 2.3. Moving a Remote Control Around.........................7
2.4. Adding A New Module To The System........................8 2.4. Adding A New Module To The System......................7
2.5. Controlling Battery Operated Window Shades...............8 2.5. Controlling Battery Operated Window Shades.............8
2.6. Remote Video Surveillance................................8 2.6. Remote Video Surveillance..............................8
2.7. Healthcare...............................................8 2.7. Healthcare.............................................8
2.7.1. At-home Health Reporting............................9 2.7.1. At-home Health Reporting..........................9
2.7.2. At-home Health Monitoring..........................10 2.7.2. At-home Health Monitoring........................10
2.8. Alarm Systems...........................................10 2.8. Alarm Systems.........................................10
3. Unique Routing Requirements of Home Automation Applications..11 3. Unique Routing Requirements of Home Automation Applications11
3.1. Constraint-based Routing................................11 3.1. Constraint-based Routing..............................11
3.2. Support of Mobility.....................................12 3.2. Support of Mobility...................................12
3.3. Sleeping Nodes..........................................13 3.3. Sleeping Nodes........................................13
3.4. Healthcare Routing......................................13 3.4. Healthcare Routing....................................13
3.5. Scalability.............................................13 3.5. Scalability...........................................13
3.6. Convergence Time........................................14 3.6. Convergence Time......................................13
3.7. Manageability...........................................14 3.7. Manageability.........................................14
3.8. Stability...............................................14 3.8. Stability.............................................14
4. Traffic Pattern..............................................14 4. Traffic Pattern............................................14
5. Security Considerations......................................15 5. Security Considerations....................................15
6. IANA Considerations..........................................17 6. IANA Considerations........................................16
7. Acknowledgments..............................................17 7. Acknowledgments............................................17
8. Disclaimer for pre-RFC5378 work..............................17 8. Disclaimer for pre-RFC5378 work............................17
9. References...................................................17 9. References.................................................17
9.1. Normative References....................................17 9.1. Normative References..................................17
9.2. Informative References..................................18 9.2. Informative References................................17
1. Introduction 1. Introduction
This document presents home control and automation application This document presents home control and automation application
specific requirements for Routing Over Low power and Lossy specific requirements for Routing Over Low power and Lossy
networks (ROLL). In the near future many homes will contain high networks (ROLL). In the near future many homes will contain high
numbers of wireless devices for a wide set of purposes. Examples numbers of wireless devices for a wide set of purposes. Examples
include actuators (relay, light dimmer, heating valve), sensors include actuators (relay, light dimmer, heating valve), sensors
(wall switch, water leak, blood pressure) and advanced (wall switch, water leak, blood pressure) and advanced
controllers. Basic home control modules such as wall switches and controllers. Basic home control modules such as wall switches and
skipping to change at page 4, line 36 skipping to change at page 4, line 36
Because ROLL nodes only cover a limited radio range, routing is Because ROLL nodes only cover a limited radio range, routing is
often required. These devices are usually highly constrained in often required. These devices are usually highly constrained in
term of resources such as battery and memory and operate in term of resources such as battery and memory and operate in
unstable environments. Persons moving around in a house, opening unstable environments. Persons moving around in a house, opening
or closing a door or starting a microwave oven affect the or closing a door or starting a microwave oven affect the
reception of weak radio signals. Reflection and absorption may reception of weak radio signals. Reflection and absorption may
cause a reliable radio link to turn unreliable for a period of cause a reliable radio link to turn unreliable for a period of
time and then being reusable again, thus the term "lossy". All time and then being reusable again, thus the term "lossy". All
traffic in a ROLL network is carried as IPv6 packets. traffic in a ROLL network is carried as IPv6 packets.
Unlike other categories of Personal Area Networks (PANs), the The connected home area is very much consumer-oriented. The
connected home area is very much consumer-oriented. The
implication on network nodes is that devices are very cost implication on network nodes is that devices are very cost
sensitive, which leads to resource-constrained environments having sensitive, which leads to resource-constrained environments having
slow CPUs and small memory footprints. At the same time, nodes slow CPUs and small memory footprints. At the same time, nodes
have to be physically small which puts a limit to the physical have to be physically small which puts a limit to the physical
size of the battery; and thus, the battery capacity. As a result, size of the battery; and thus, the battery capacity. As a result,
it is common for low-power sensor-style nodes to shut down radio it is common for battery operated sensor-style nodes to shut down
and CPU resources for most of the time. The radio tends to use the radio and CPU resources for most of the time. The radio tends to
same power for listening as for transmitting use the same power for listening as for transmitting
Section 2 describes a few typical use cases for home automation Section 2 describes a few typical use cases for home automation
applications. Section 3 discusses the routing requirements for applications. Section 3 discusses the routing requirements for
networks comprising such constrained devices in a home network networks comprising such constrained devices in a home network
environment. These requirements may be overlapping requirements environment. These requirements may be overlapping requirements
derived from other application-specific routing requirements derived from other application-specific routing requirements
presented in [I-D.Martocci-Building-reqs], [I-D.Pister-Industial- presented in [I-D.Martocci-Building-reqs], [I-D.Pister-Industial-
reqs] and [RFC5548]. reqs] and [RFC5548].
A full list of requirements documents may be found in section 9. A full list of requirements documents may be found in section 9.
skipping to change at page 6, line 47 skipping to change at page 6, line 47
button sensor and an actuator at the same time. This will often be button sensor and an actuator at the same time. This will often be
the case when upgrading existing homes as existing wiring is not the case when upgrading existing homes as existing wiring is not
prepared for automation. prepared for automation.
One event may cause many actuators to be activated at the same One event may cause many actuators to be activated at the same
time. time.
Using the direct analogy to an electronic car key, a house owner Using the direct analogy to an electronic car key, a house owner
may activate the "leaving home" function from an electronic house may activate the "leaving home" function from an electronic house
key, mobile phone, etc. For the sake of visual impression, all key, mobile phone, etc. For the sake of visual impression, all
lights should turn off at the same time. At least, it should lights should turn off at the same time. At least, it should
appear to happen at the same time. A well-known problem in appear to happen at the same time.
wireless home automation is the "popcorn effect": Lamps are turned
on one at a time, at a rate so slow that it is clearly visible.
Some existing home automation solutions address this by sending an
unacknowledged multicast message in direct range before sending
acknowledged singlecast messages to each device.
2.2. Energy Conservation and Optimizing Energy Consumption 2.2. Energy Conservation and Optimizing Energy Consumption
In order to save energy, air conditioning, central heating, window In order to save energy, air conditioning, central heating, window
shades etc. may be controlled by timers, motion sensors or shades etc. may be controlled by timers, motion sensors or
remotely via internet or cell. Central heating may also be set to remotely via internet or cell. Central heating may also be set to
a reduced temperature during night time. a reduced temperature during night time.
The power grid may experience periods where more wind-generated The power grid may experience periods where more wind-generated
power is produced than is needed. Typically this may happen during power is produced than is needed. Typically this may happen during
skipping to change at page 8, line 15 skipping to change at page 8, line 7
the media center. the media center.
2.4. Adding A New Module To The System 2.4. Adding A New Module To The System
Small-size, low-cost modules may have no user interface except for Small-size, low-cost modules may have no user interface except for
a single button. Thus, an automated inclusion process is needed a single button. Thus, an automated inclusion process is needed
for controllers to find new modules. Inclusion covers the for controllers to find new modules. Inclusion covers the
detection of neighbors and assignment of a unique node ID. detection of neighbors and assignment of a unique node ID.
Inclusion should be completed within a few seconds. Inclusion should be completed within a few seconds.
For ease of use in a consumer application space such as home
control, nodes may be included without having to type in special
codes before inclusion. One way to achieve an acceptable balance
between security and convenience is to block inclusion during
normal operation and explicitly enable inclusion support just
before adding a new module and disable it again just after adding
a new module.
For security considerations, refer to section 5.
If assignment of unique addresses is performed by a central If assignment of unique addresses is performed by a central
controller, it must be possible to route the inclusion request controller, it must be possible to route the inclusion request
from the joining node to the central controller before the joining from the joining node to the central controller before the joining
node has been included in the network. node has been included in the network.
2.5. Controlling Battery Operated Window Shades 2.5. Controlling Battery Operated Window Shades
In consumer premises, window shades are often battery-powered as In consumer premises, window shades are often battery-powered as
there is no access to mains power over the windows. For battery there is no access to mains power over the windows. For battery
conservation purposes, such an actuator node is sleeping most of conservation purposes, such an actuator node is sleeping most of
skipping to change at page 9, line 42 skipping to change at page 9, line 44
measurement, say 5 minutes after the scheduled time, some measurement, say 5 minutes after the scheduled time, some
responsible person must be notified. responsible person must be notified.
The structure and performance of such a management layer is The structure and performance of such a management layer is
outside the scope of the routing requirements listed in this outside the scope of the routing requirements listed in this
document. document.
2.7.1. At-home Health Reporting 2.7.1. At-home Health Reporting
Applications might include: Applications might include:
o Temperature o Temperature
o Weight o Weight
o Blood pressure o Blood pressure
o Insulin level o Insulin level
Measurements may be stored for long term statistics. At the same Measurements may be stored for long term statistics. At the same
time, a critically high blood pressure may cause the generation of time, a critically high blood pressure may cause the generation of
an alarm report. Refer to 2.7.2. an alarm report. Refer to 2.7.2.
To avoid a high number of request messages, nodes may be To avoid a high number of request messages, nodes may be
configured to autonomously do a measurement and send a report in configured to autonomously do a measurement and send a report in
intervals. intervals.
2.7.2. At-home Health Monitoring 2.7.2. At-home Health Monitoring
An alarm event may become active e.g. if the measured blood An alarm event may become active e.g. if the measured blood
pressure exceeds a threshold or if a person falls to the ground. pressure exceeds a threshold or if a person falls to the ground.
Alarm conditions must be reported with the highest priority and Alarm conditions must be reported with the highest priority and
timeliness. timeliness.
Applications might include: Applications might include:
o Temperature o Temperature
o Weight o Weight
o Blood pressure o Blood pressure
o Insulin level o Insulin level
o Electrocardiogram (ECG) o Electrocardiogram (ECG)
o Position tracker o Position tracker
2.8. Alarm Systems 2.8. Alarm Systems
A home security alarm system is comprised of various sensors A home security alarm system is comprised of various sensors
(vibration, fire or carbon monoxide, door/window, glass-break, (vibration, fire or carbon monoxide, door/window, glass-break,
presence, panic button, etc.). presence, panic button, etc.).
Some smoke alarms are battery powered and at the same time mounted Some smoke alarms are battery powered and at the same time mounted
in a high place. Battery-powered safety devices should only be in a high place. Battery-powered safety devices should only be
used for routing if no other alternatives exist to avoid draining used for routing if no other alternatives exist to avoid draining
skipping to change at page 11, line 14 skipping to change at page 11, line 14
3. Unique Routing Requirements of Home Automation Applications 3. Unique Routing Requirements of Home Automation Applications
Home automation applications have a number of specific routing Home automation applications have a number of specific routing
requirements related to the set of home networking applications requirements related to the set of home networking applications
and the perceived operation of the system. and the perceived operation of the system.
The relations of use cases to requirements are outlined in the The relations of use cases to requirements are outlined in the
table below: table below:
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
| Use case | Requirement | | Use case | Requirement |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.1. Lighting Application In |3.2. Support of Mobility | |2.1. Lighting Application In |3.2. Support of Mobility |
|Action |3.5. Scalability | |Action |3.5. Scalability |
| | | | | |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.2. Energy Conservation and |3.1. Constraint-based Routing| |2.2. Energy Conservation and |3.1. Constraint-based Routing|
|Optimizing Energy Consumption | | |Optimizing Energy Consumption | |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.3. Moving a Remote Control |3.2. Support of Mobility | |2.3. Moving a Remote Control |3.2. Support of Mobility |
|Around |3.6. Convergence Time | |Around |3.6. Convergence Time |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.4. Adding A New Module To The |3.6. Convergence Time | |2.4. Adding A New Module To The|3.6. Convergence Time |
|System |3.7. Manageability | |System |3.7. Manageability |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.5. Controlling Battery |3.3. Sleeping Nodes | |2.5. Controlling Battery |3.3. Sleeping Nodes |
|Operated Window Shades | | |Operated Window Shades | |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.6. Remote Video Surveillance |3.3. Sleeping Nodes | |2.6. Remote Video Surveillance |3.3. Sleeping Nodes |
| |3.6. Convergence Time | | |3.6. Convergence Time |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.7. Healthcare |3.1. Constraint-based Routing| |2.7. Healthcare |3.1. Constraint-based Routing|
| |3.2. Support of Mobility | | |3.2. Support of Mobility |
| |3.4. Healthcare Routing | | |3.4. Healthcare Routing |
| |3.6. Convergence Time | | |3.6. Convergence Time |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
|2.8. Alarm Systems |3.5. Scalability | |2.8. Alarm Systems |3.5. Scalability |
| |3.6. Convergence Time | | |3.6. Convergence Time |
+------------------------------- +-----------------------------+ +-------------------------------+-----------------------------+
3.1. Constraint-based Routing 3.1. Constraint-based Routing
For convenience and low operational costs, power consumption of For convenience and low operational costs, power consumption of
consumer products must be kept at a very low level to achieve a consumer products must be kept at a very low level to achieve a
long battery lifetime. One implication of this fact is that Random long battery lifetime. One implication of this fact is that Random
Access Memory (RAM) is limited and it may even be powered down; Access Memory (RAM) is limited and it may even be powered down;
leaving only a few 100 bytes of RAM alive during the sleep phase. leaving only a few 100 bytes of RAM alive during the sleep phase.
The use of battery powered devices reduces installation costs and The use of battery powered devices reduces installation costs and
skipping to change at page 12, line 33 skipping to change at page 12, line 33
nodes if possible. nodes if possible.
The routing protocol MUST support constraint-based routing taking The routing protocol MUST support constraint-based routing taking
into account node properties (CPU, memory, level of energy, sleep into account node properties (CPU, memory, level of energy, sleep
intervals, safety/convenience of changing battery). intervals, safety/convenience of changing battery).
3.2. Support of Mobility 3.2. Support of Mobility
In a home environment, although the majority of devices are fixed In a home environment, although the majority of devices are fixed
devices, there is still a variety of mobile devices: for example a devices, there is still a variety of mobile devices: for example a
multi-purpose remote control is likely to move. Another example of remote control is likely to move. Another example of mobile
mobile devices is wearable healthcare devices. devices is wearable healthcare devices.
While healthcare devices delivering measurement results can While healthcare devices delivering measurement results can
tolerate route discovery times measured in seconds, a remote tolerate route discovery times measured in seconds, a remote
control appears unresponsive if using more than 0.5 seconds to control appears unresponsive if using more than 0.5 seconds to
e.g. pause the music. e.g. pause the music.
While, in theory, all battery-powered devices and mains-powered
plug-in modules may be moved, the predominant case is that the
sending node has moved while the rest of the network has not
changed.
The routing protocol MUST provide mobility with convergence time
below 0.5 second if only the sender has moved.
In more rare occasions, receiving nodes may also have moved. In more rare occasions, receiving nodes may also have moved.
Examples include safety-off switch in a clothes iron or the Examples include safety-off switch in a clothes iron, a vacuum
wireless chime of doorbell set. cleaner robot or the wireless chime of doorbell set.
The routing protocol MUST provide mobility with convergence time Refer to section 3.6. for routing protocol convergence times.
below 4 seconds if the receiver has moved.
A non-responsive node can either be caused by 1) a failure in the A non-responsive node can either be caused by 1) a failure in the
node, 2) a failed link on the path to the node or 3) a moved node. node, 2) a failed link on the path to the node or 3) a moved node.
In the first two cases, the node can be expected to reappear at In the first two cases, the node can be expected to reappear at
roughly the same location in the network, whereas it can return roughly the same location in the network, whereas it can return
anywhere in the network in the latter case. anywhere in the network in the latter case.
3.3. Sleeping Nodes 3.3. Sleeping Nodes
Sleeping nodes may appear to be non-responsive. The routing Sleeping nodes may appear to be non-responsive. The routing
skipping to change at page 13, line 39 skipping to change at page 13, line 33
Delivery of measurement data has a more relaxed requirement for Delivery of measurement data has a more relaxed requirement for
route discovery time compared to a remote control. On the other route discovery time compared to a remote control. On the other
hand, it is critical that a "person fell" alarm is actually hand, it is critical that a "person fell" alarm is actually
delivered. delivered.
If possible at all, the routing protocol MUST deliver a health- If possible at all, the routing protocol MUST deliver a health-
care related message. It is NOT a requirement that such message is care related message. It is NOT a requirement that such message is
delivered in less than a second. delivered in less than a second.
The routing protocol SHOULD support acknowledged transmission. If
the routing protocol does not support acknowledged transmission,
some higher-layer transport protocol or application MUST ensure
delivery of such messages.
3.5. Scalability 3.5. Scalability
Looking at the number of wall switches, power outlets, sensors of Looking at the number of wall switches, power outlets, sensors of
various nature, video equipment and so on in a modern house, it various nature, video equipment and so on in a modern house, it
seems quite realistic that hundreds of low power devices may form seems quite realistic that hundreds of low power devices may form
a home automation network in a fully populated "smart" home. a home automation network in a fully populated "smart" home.
Moving towards professional building automation, the number of Moving towards professional building automation, the number of
such devices may be in the order of several thousands. such devices may be in the order of several thousands.
The routing protocol MUST support 250 devices in the network. The routing protocol MUST support 250 devices in the network.
3.6. Convergence Time 3.6. Convergence Time
A wireless home automation network is subject to various A wireless home automation network is subject to various
instabilities due to signal strength variation, moving persons and instabilities due to signal strength variation, moving persons and
the like. Furthermore, as the number of devices increases, the the like.
probability of a node failure also increases.
Measured from the transmission of a packet, the following Measured from the transmission of a packet, the following
convergence time requirements apply. convergence time requirements apply.
The routing protocol MUST converge within 0.5 second if no nodes The routing protocol MUST converge within 0.5 second if no nodes
have moved. have moved.
The routing protocol MUST converge within 2 seconds if the The routing protocol MUST converge within 4 seconds if nodes have
destination node of the packet has moved. moved.
In both cases, "converge" means "the originator node has received In both cases, "converge" means "the originator node has received
a response from the destination node". a response from the destination node". The above-mentioned
convergence time requirements apply to a home control network
environment of up to 250 nodes with up to 4 repeating nodes
between source and destination.
3.7. Manageability 3.7. Manageability
The ability of the home network to support auto-configuration is The ability of the home network to support auto-configuration is
of the utmost importance. Indeed, most end users will not have the of the utmost importance. Indeed, most end users will not have the
expertise and the skills to perform advanced configuration and expertise and the skills to perform advanced configuration and
troubleshooting. Thus the routing protocol designed for home troubleshooting. Thus the routing protocol designed for home
automation networks MUST provide a set of features including zero- automation networks MUST provide a set of features including zero-
configuration of the routing protocol for a new node to be added configuration of the routing protocol for a new node to be added
to the network. From a routing perspective, zero-configuration to the network. From a routing perspective, zero-configuration
means that a node can obtain an address and join the network on means that a node can obtain an address and join the network on
its own, without human intervention. its own, almost without human intervention.
3.8. Stability 3.8. Stability
The routing protocol MUST support the ability to isolate a If a node is found to fail often compared to the rest of the
misbehaving node thus preserving the correct operation of the network, this node SHOULD NOT be the first choice for routing of
overall network. traffic.
In other words, if a node is found to fail often compared to the
rest of the network, this node should not be the first choice for
routing of traffic.
4. Traffic Pattern 4. Traffic Pattern
Depending on the design philosophy of the home network, wall Depending on the design philosophy of the home network, wall
switches may be configured to directly control individual lamps or switches may be configured to directly control individual lamps or
alternatively, all wall switches send control commands to a alternatively, all wall switches send control commands to a
central lighting control computer which again sends out control central lighting control computer which again sends out control
commands to relevant devices. commands to relevant devices.
In a distributed system, the traffic tends to be multipoint-to- In a distributed system, the traffic tends to be multipoint-to-
skipping to change at page 15, line 48 skipping to change at page 15, line 32
that need to be addressed. The wireless and distributed nature of that need to be addressed. The wireless and distributed nature of
these networks increases the spectrum of potential routing these networks increases the spectrum of potential routing
security threats. This is further amplified by the resource security threats. This is further amplified by the resource
constraints of the nodes, thereby preventing resource-intensive constraints of the nodes, thereby preventing resource-intensive
routing security approaches from being deployed. A viable routing routing security approaches from being deployed. A viable routing
security approach SHOULD be sufficiently lightweight that it may security approach SHOULD be sufficiently lightweight that it may
be implemented across all nodes in a HC-LLN. These issues require be implemented across all nodes in a HC-LLN. These issues require
special attention during the design process, so as to facilitate a special attention during the design process, so as to facilitate a
commercially attractive deployment. commercially attractive deployment.
The HC-LLN MUST deny any node that has not been authenticated to An attacker can snoop, replay, or originate arbitrary messages to
the HC-LLN and authorized to participate to the routing decision a node in an attempt to manipulate or disable the routing
process. function.
To mitigate this, the HC-LLN MUST be able to authenticate a new
An attacker SHOULD be prevented from manipulating or disabling the node prior to allowing it to participate in the routing decision
routing function, for example, by compromising routing control process. The routing protocol MUST support message integrity.
messages. To this end, the routing protocol(s) MUST support
message integrity.
Further examples of routing security issues that may arise are the Further examples of routing security issues that may arise are the
abnormal behavior of nodes that exhibit an egoistic conduct, such abnormal behavior of nodes that exhibit an egoistic conduct, such
as not obeying network rules or forwarding no or false packets. as not obeying network rules or forwarding no or false packets.
Other important issues may arise in the context of denial-of- Other important issues may arise in the context of denial-of-
service (DoS) attacks, malicious address space allocations, service (DoS) attacks, malicious address space allocations,
advertisement of variable addresses, a wrong neighborhood, etc. advertisement of variable addresses, a wrong neighborhood, etc.
The routing protocol(s) SHOULD support defense against DoS attacks The routing protocol(s) SHOULD support defense against DoS attacks
and other attempts to maliciously or inadvertently cause the and other attempts to maliciously or inadvertently cause the
mechanisms of the routing protocol(s) to over-consume the limited mechanisms of the routing protocol(s) to over-consume the limited
skipping to change at page 16, line 34 skipping to change at page 16, line 16
example, to cause DoS, drain the energy of power-constrained example, to cause DoS, drain the energy of power-constrained
devices, or to hijack the routing mechanism. A node MUST devices, or to hijack the routing mechanism. A node MUST
authenticate itself to a trusted node that is already associated authenticate itself to a trusted node that is already associated
with the HC-LLN before the former can take part in self- with the HC-LLN before the former can take part in self-
configuration or self-organization. A node that has already configuration or self-organization. A node that has already
authenticated and associated with the HC-LLN MUST deny, to the authenticated and associated with the HC-LLN MUST deny, to the
maximum extent possible, the allocation of resources to any maximum extent possible, the allocation of resources to any
unauthenticated peer. The routing protocol(s) MUST deny service unauthenticated peer. The routing protocol(s) MUST deny service
to any node that has not clearly established trust with the HC- to any node that has not clearly established trust with the HC-
LLN. LLN.
In a home control environment, it is considered unlikely that a
network is constantly being snooped and at the same time, ease of
use is important. As a consequence the network key MAY be exposed
for short periods during inclusion of new nodes.
Electronic door locks and other critical applications SHOULD apply
end-to-end application security on top of the network transport
security.
If connected to a backbone network, the HC-LLN SHOULD be capable If connected to a backbone network, the HC-LLN SHOULD be capable
of limiting the resources utilized by nodes in said backbone of limiting the resources utilized by nodes in said backbone
network so as not to be vulnerable to DoS. This should typically network so as not to be vulnerable to DoS. This should typically
be handled by border routers providing access from a backbone be handled by border routers providing access from a backbone
network to resources in the HC-LLN. network to resources in the HC-LLN.
With low computation power and scarce energy resources, HC-LLNs' With low computation power and scarce energy resources, HC-LLNs'
nodes may not be able to resist any attack from high-power nodes may not be able to resist any attack from high-power
malicious nodes (e.g., laptops and strong radios). However, the malicious nodes (e.g., laptops and strong radios). However, the
skipping to change at page 17, line 42 skipping to change at page 17, line 32
be modified outside the IETF Standards Process, and derivative be modified outside the IETF Standards Process, and derivative
works of it may not be created outside the IETF Standards Process, works of it may not be created outside the IETF Standards Process,
except to format it for publication as an RFC or to translate it except to format it for publication as an RFC or to translate it
into languages other than English. into languages other than English.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.Vasseur-Terminology] Vasseur, JP. "Terminology in Low power [I-D.Vasseur-Terminology] Vasseur, JP. "Terminology in Low power
And Lossy Networks", draft-vasseur-roll-terminology-02 And Lossy Networks", draft-vasseur-roll-terminology-02
(work in progress), October 2008. (work in progress), October 2008.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.Hui-HeaderCompression] Hui, J., "Compression Format for IPv6
Datagrams in 6LoWPAN Networks ", draft-ietf-6lowpan-hc
(work in progress), December 2008.
9.2. Informative References 9.2. Informative References
[RFC5548] Dohler, M., "Routing Requirements for Urban Low-Power [RFC5548] Dohler, M., "Routing Requirements for Urban Low-Power
and Lossy Networks", BCP 14, RFC 5548, May 2009. and Lossy Networks", BCP 14, RFC 5548, May 2009.
[I-D.Pister-Industial-reqs] Pister, K., "Industrial Routing [I-D.Pister-Industial-reqs] Pister, K., "Industrial Routing
Requirements in Low Power and Lossy Networks ", draft- Requirements in Low Power and Lossy Networks ", draft-
ietf-roll-indus-routing-reqs (work in progress) ietf-roll-indus-routing-reqs (work in progress)
[I-D.Martocci-Building-reqs] Martocci, J., "Building Automation [I-D.Martocci-Building-reqs] Martocci, J., "Building Automation
Routing Requirements in Low Power and Lossy Networks ", Routing Requirements in Low Power and Lossy Networks ",
draft-ietf-roll-building-routing-reqs (work in progress) draft-ietf-roll-building-routing-reqs (work in progress)
[I-D.Levis-Protocols-survey] Lewis, P. "Overview of Existing [I-D.Levis-Protocols-survey] Lewis, P. "Overview of Existing
Routing Protocols for Low Power and Lossy Networks", Routing Protocols for Low Power and Lossy Networks",
draft-ietf-roll-protocols-survey (work in progress) draft-ietf-roll-protocols-survey (work in progress)
[I-D.Hui-HeaderCompression] Hui, J., "Compression Format for IPv6
Datagrams in 6LoWPAN Networks ", draft-ietf-6lowpan-hc
(work in progress), December 2008.
Author's Addresses Author's Addresses
Anders Brandt Anders Brandt
Sigma Designs, Inc. Sigma Designs, Inc.
Emdrupvej 26 Emdrupvej 26
Copenhagen, DK-2100 Copenhagen, DK-2100
Denmark Denmark
Email: abr@zen-sys.com Email: abr@sdesigns.dk
Jakob Buron Jakob Buron
Sigma Designs, Inc. Sigma Designs, Inc.
Emdrupvej 26 Emdrupvej 26
Copenhagen, DK-2100 Copenhagen, DK-2100
Denmark Denmark
Email: jbu@zen-sys.com Email: jbu@sdesigns.dk
Giorgio Porcu Giorgio Porcu
Telecom Italia Telecom Italia
Piazza degli Affari, 2 Piazza degli Affari, 2
20123 Milan 20123 Milan
Italy Italy
Email: giorgio.porcu@guest.telecomitalia.it
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
 End of changes. 33 change blocks. 
149 lines changed or deleted 151 lines changed or added

This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/