1<?xml version='1.0' encoding='utf-8'?>
2<!-- This template is for creating an Internet Draft using xml2rfc,
3     which is available here: http://xml.resource.org. -->
4<!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent" [
5<!-- One method to get references from the online citation libraries.
6     There has to be one entity for each item to be referenced.
7     An alternate method (rfc include) is described in the references. --><!ENTITY RFC2119 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml">
8<!ENTITY RFC8174 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml">
9<!ENTITY RFC6550 SYSTEM "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6550.xml">
11<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
12<!-- used by XSLT processors -->
13<!-- For a complete list and description of processing instructions (PIs),
14     please see http://xml.resource.org/authoring/README.html. -->
15<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
16     (Here they are set differently than their defaults in xml2rfc v1.32) -->
17<?rfc strict="yes" ?>
18<!-- give errors regarding ID-nits and DTD validation -->
19<!-- control the table of contents (ToC) -->
20<?rfc toc="yes"?>
21<!-- generate a ToC -->
22<?rfc tocdepth="4"?>
23<!-- the number of levels of subsections in ToC. default: 3 -->
24<!-- control references -->
25<?rfc symrefs="yes"?>
26<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
27<?rfc sortrefs="yes" ?>
28<!-- sort the reference entries alphabetically -->
29<!-- control vertical white space
30     (using these PIs as follows is recommended by the RFC Editor) -->
31<?rfc compact="yes" ?>
32<!-- do not start each main section on a new page -->
33<?rfc subcompact="yes" ?>
34<!-- keep one blank line between list items -->
35<!-- end of list of popular I-D processing instructions -->
36<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="std" docName="draft-ietf-roll-efficient-npdao-15" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3">
37  <!-- xml2rfc v2v3 conversion 2.23.1 -->
38  <!-- category values: std, bcp, info, exp, and historic
39     ipr values: full3667, noModification3667, noDerivatives3667
40     you can add the attributes updates="NNNN" and obsoletes="NNNN"
41     they will automatically be output with "(if approved)" -->
42  <!-- ***** FRONT MATTER ***** -->
43  <front>
44    <!-- The abbreviated title is used in the page header - it is only necessary if the
45         full title is longer than 39 characters -->
46    <title abbrev="Efficient Route Invalidation">Efficient Route Invalidation</title>
47    <seriesInfo name="Internet-Draft" value="draft-ietf-roll-efficient-npdao-15"/>
48    <author fullname="Rahul Arvind Jadhav" initials="R.A." role="editor" surname="Jadhav">
49      <organization>Huawei</organization>
50      <address>
51        <postal>
52          <street>Kundalahalli Village, Whitefield,</street>
53          <city>Bangalore</city>
54          <region>Karnataka</region>
55          <code>560037</code>
56          <country>India</country>
57        </postal>
58        <phone>+91-080-49160700</phone>
59        <email>rahul.ietf@gmail.com</email>
60      </address>
61    </author>
62    <author initials="P" surname="Thubert" fullname="Pascal Thubert">
63      <organization abbrev="Cisco">Cisco Systems, Inc</organization>
64      <address>
65        <postal>
66          <street>Building D</street>
67          <street>45 Allee des Ormes - BP1200 </street>
68          <city>MOUGINS - Sophia Antipolis</city>
69          <code>06254</code>
70          <country>France</country>
71        </postal>
72        <phone>+33 497 23 26 34</phone>
73        <email>pthubert@cisco.com</email>
74      </address>
75    </author>
76    <author fullname="Rabi Narayan Sahoo" initials="R.N." surname="Sahoo">
77      <organization>Huawei</organization>
78      <address>
79        <postal>
80          <street>Kundalahalli Village, Whitefield, </street>
81          <city>Bangalore</city>
82          <region>Karnataka</region>
83          <code>560037</code>
84          <country>India</country>
85        </postal>
86        <phone>+91-080-49160700</phone>
87        <email>rabinarayans@huawei.com</email>
88      </address>
89    </author>
90    <author initials="Z" surname="Cao" fullname="Zhen Cao">
91      <organization>Huawei</organization>
92      <address>
93        <postal>
94          <street>W Chang'an Ave</street>
95          <city>Beijing</city>
96          <country>P.R. China</country>
97        </postal>
98        <email>zhencao.ietf@gmail.com</email>
99      </address>
100    </author>
101    <date year="2019"/>
102    <!-- If the month and year are both specified and are the current ones, xml2rfc will fill
103         in the current day for you. If only the current year is specified, xml2rfc will fill
104     in the current day and month for you. If the year is not the current one, it is
105     necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
106     purpose of calculating the expiry date). With drafts it is normally sufficient to
107     specify just the year. -->
108    <!-- Meta-data Declarations -->
109    <area>General</area>
110    <workgroup>ROLL</workgroup>
111    <!-- WG name at the upperleft corner of the doc,
112         IETF is fine for individual submissions.
113     If this element is not present, the default is "Network Working Group",
114         which is used by the RFC Editor as a nod to the history of the IETF. -->
115    <keyword>template</keyword>
116    <!-- Keywords will be incorporated into HTML output
117         files in a meta tag but they have no effect on text or nroff
118         output. If you submit your draft to the RFC Editor, the
119         keywords will be used for the search engine. -->
120    <abstract>
121      <t>
122        This document explains the problems associated with the current use of
123        NPDAO messaging and also discusses the requirements for an optimized
124        route invalidation messaging scheme. Further a new proactive route
125        invalidation message called as "Destination Cleanup Object" (DCO) is
126        specified which fulfills requirements of an optimized route
127        invalidation messaging.
128      </t>
129    </abstract>
130  </front>
131  <middle>
132    <section numbered="true" toc="default">
133      <name>Introduction</name>
134      <t>
135            RPL <xref target="RFC6550" format="default"/> (Routing Protocol for Low power and
136            lossy networks) specifies a proactive distance-vector based routing
137            scheme. RPL has optional messaging in the form of DAO
138            (Destination Advertisement Object) messages, which the 6LBR (6Lo
139            Border Router) and 6LR (6Lo Router) can use to learn a route
140            towards the downstream nodes. In storing mode, DAO messages would
141            result in routing entries being created on all intermediate 6LRs
142            from the node's parent all the way towards the 6LBR.
143      </t>
144      <t>
145            RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a
146            routing path corresponding to the given target, thus releasing
147            resources utilized on that path. A NPDAO is a DAO message with
148            route lifetime of zero, originates at the target node and always
149            flows upstream towards the 6LBR. This document explains the
150            problems associated with the current use of NPDAO messaging and
151            also discusses the requirements for an optimized route invalidation
152            messaging scheme. Further a new proactive route invalidation
153            message called as "Destination Cleanup Object" (DCO) is specified
154            which fulfills requirements of an optimized route invalidation
155            messaging.
156      </t>
157      <t>
158            The document only caters to the RPL's storing mode of operation
159            (MOP). The non-storing MOP does not require use of NPDAO for route
160            invalidation since routing entries are not maintained on 6LRs.
161      </t>
162      <section numbered="true" toc="default">
163        <name>Requirements Language and Terminology</name>
164        <t>
165                The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
167                "MAY", and "OPTIONAL" in this document are to be interpreted as
168                described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all
169                capitals, as shown here.
170        </t>
171        <t>
172                This specification requires readers to be familiar with all the
173                terms and concepts that are discussed in "RPL: IPv6 Routing
174                Protocol for Low-Power and Lossy Networks" <xref target="RFC6550" format="default"/>.
175        </t>
176        <dl newline="true" spacing="compact">
177          <dt>Low Power and Lossy Networks (LLN):</dt>
178          <dd>
179                        Network in which both the routers and their
180                        interconnect are constrained. LLN routers typically
181                        operate with constraints on processing power, memory,
182                        and energy (batter power). Their interconnects are
183                        characterized by high loss rates, low data rates, and
184                        instability.
185                    </dd>
186          <dt>6LoWPAN Router (6LR):</dt>
187          <dd>
188                        An intermediate router that is able to send and receive Router
189                        Advertisements (RAs) and Router Solicitations (RSs) as well as
190                        forward and route IPv6 packets.
191                    </dd>
192          <dt>Directed Acyclic Graph (DAG):</dt>
193          <dd>
194                        A directed graph having the property that all edges are
195                        oriented in such a way that no cycles exist.
196                    </dd>
197          <dt>Destination-Oriented DAG (DODAG):</dt>
198          <dd>
199                        A DAG rooted at a single destination, i.e., at a single
200                        DAG root with no outgoing edges.
201                    </dd>
202          <dt>6LoWPAN Border Router (6LBR):</dt>
203          <dd>
204                        A border router which is a DODAG root and is the edge
205                        node for traffic flowing in and out of the 6LoWPAN
206                        network.
207                    </dd>
208          <dt>Destination Advertisement Object (DAO):</dt>
209          <dd>
210                        DAO messaging allows downstream routes to the nodes to
211                        be established.
212                    </dd>
213          <dt>DODAG Information Object (DIO):</dt>
214          <dd>
215                        DIO messaging allows upstream routes to the 6LBR to be
216                        established. DIO messaging is initiated at the DAO
217                        root.
218                    </dd>
219          <dt>Common Ancestor node</dt>
220          <dd>
221                        6LR/6LBR node which is the first common node between
222                        two paths of a target node.
223                    </dd>
224          <dt>No-Path DAO (NPDAO):</dt>
225          <dd>
226                        A DAO message which has target with lifetime 0 used for
227                        the purpose of route invalidation.
228                    </dd>
229          <dt>Destination Cleanup Object (DCO):</dt>
230          <dd>
231                        A new RPL control message code defined by this
232                        document. DCO messaging improves proactive route
233                        invalidation in RPL.
234                    </dd>
235          <dt>Regular DAO:</dt>
236          <dd>
237                        A DAO message with non-zero lifetime. Routing
238                        adjacencies are created or updated based on this
239                        message.
240                    </dd>
241          <dt>Target node:</dt>
242          <dd>
243                        The node switching its parent whose routing adjacencies
244                        are updated (created/removed).
245                    </dd>
246        </dl>
247      </section>
248      <section anchor="current_npdao" numbered="true" toc="default">
249        <name>Current NPDAO messaging</name>
250        <t>
251                RPL uses NPDAO messaging in the storing mode so that the node
252                changing its routing adjacencies can invalidate the previous
253                route. This is needed so that nodes along the previous path can
254                release any resources (such as the routing entry) they maintain
255                on behalf of target node.
256        </t>
257        <t>
258                For the rest of this document consider the following topology:
259        </t>
260        <figure anchor="sample_top">
261          <name>Sample                     topology</name>
262          <artwork align="center" name="" type="" alt=""><![CDATA[
263    (6LBR)
264      |
265      |
266      |
267     (A)
268     / \
269    /   \
270   /     \
271 (G)     (H)
272  |       |
273  |       |
274  |       |
275 (B)     (C)
276   \      ;
277    \    ;
278     \  ;
279      (D)
280      / \
281     /   \
282    /     \
283  (E)     (F)
284                        ]]></artwork>
285        </figure>
286        <t>
287                Node (D) is connected via preferred parent (B). (D) has an
288                alternate path via (C) towards the 6LBR. Node (A) is the common
289                ancestor for (D) for paths through (B)-(G) and (C)-(H). When
290                (D) switches from (B) to (C), RPL allows sending NPDAO to (B)
291                and regular DAO to (C).
292        </t>
293      </section>
294      <!--
295        <section title="Cases when No-Path DAO may be used">
296            <t> There are following cases in which a node switches its parent
297                and may employ No-Path DAO messaging:</t>
299            <t>Case I: Current parent becomes unavailable because of transient
300                or permanent link or parent node failure.</t>
302            <t>Case II: The node finds a better parent node i.e. the metrics of
303                another parent is better than its current parent.</t>
305            <t>Case III: The node switches to a new parent whom it "thinks" has
306                a better metric but does not in reality.</t>
308            <t>The usual steps of operation when the node switches the parent
309                is that the node sends a No-Path DAO message via its current parent
310                to invalidate its current route and subsequently it tries to
311                establish a new routing path by sending a new DAO via its new
312                parent.</t>
313        </section>
314        -->
315      <section numbered="true" toc="default">
316        <name>Why Is NPDAO Important?</name>
317        <t>
318                Nodes in LLNs may be resource constrained. There is limited
319                memory available and routing entry records are one of the
320                primary elements occupying dynamic memory in the nodes. Route
321                invalidation helps 6LR nodes to decide which entries could be
322                discarded to better optimize resource utilization. Thus it
323                becomes necessary to have an efficient route invalidation
324                mechanism. Also note that a single parent switch may result in
325                a "sub-tree" switching from one parent to another. Thus the
326                route invalidation needs to be done on behalf of the sub-tree
327                and not the switching node alone. In the above example, when
328                Node (D) switches parent, the route updates needs to be done
329                for the routing tables entries of (C),(H),(A),(G), and (B) with
330                destination (D),(E) and (F). Without efficient route
331                invalidation, a 6LR may have to hold a lot of stale route
332                entries.
333        </t>
334      </section>
335    </section>
336    <section anchor="current_npdao_problems" numbered="true" toc="default">
337      <name>Problems with current NPDAO messaging</name>
338      <section numbered="true" toc="default">
339        <name>Lost NPDAO due to link break to the previous parent</name>
340        <t>
341                When a node switches its parent, the NPDAO is to be sent to
342                its previous parent and a regular DAO to its new parent. In
343                cases where the node switches its parent because of transient
344                or permanent parent link/node failure then the NPDAO message is
345                bound to fail.
346        </t>
347        <!--
348            <t>
349                RPL allows use of route lifetime to remove unwanted routes in
350                case the routes could not be refreshed. But route lifetimes in
351                case of LLNs could be substantially high and thus the route
352                entries would be stuck for longer times.
353            </t>
354            -->
355      </section>
356      <section numbered="true" toc="default">
357        <name>Invalidate Routes of Dependent Nodes</name>
358        <t>
359                RPL does not specify how route invalidation will work for
360                dependent nodes rooted at the switching node, resulting in
361                stale routing entries of the dependent nodes. The only way for
362                6LR to invalidate the route entries for dependent nodes would
363                be to use route lifetime expiry which could be substantially
364                high for LLNs.
365        </t>
366        <t>
367                In the example topology, when Node (D) switches its parent,
368                Node (D) generates an NPDAO on its behalf. There is no NPDAO
369                generated by the dependent child nodes (E) and (F), through the
370                previous path via (D) to (B) and (G), resulting in stale
371                entries on nodes (B) and (G) for nodes (E) and (F).
372        </t>
373      </section>
374      <section numbered="true" toc="default">
375        <name>Possible route downtime caused by asynchronous operation of NPDAO and DAO</name>
376        <t>
377                A switching node may generate both an NPDAO and DAO via two
378                different paths at almost the same time. There is a possibility
379                that an NPDAO generated may invalidate the previous route and
380                the regular DAO sent via the new path gets lost on the way.
381                This may result in route downtime impacting downward
382                traffic for the switching node.
383        </t>
384        <t>
385                In the example topology, consider Node (D) switches from parent
386                (B) to (C). An NPDAO sent via the previous route may invalidate
387                the previous route whereas there is no way to determine whether
388                the new DAO has successfully updated the route entries on the
389                new path.
390        </t>
391      </section>
392    </section>
393    <section anchor="requirements" numbered="true" toc="default">
394      <name>Requirements for the NPDAO Optimization</name>
395      <section numbered="true" toc="default">
396        <name>Req#1: Remove messaging dependency on link to the previous parent</name>
397        <t>
398                When the switching node sends the NPDAO message to the previous
399                parent, it is normal that the link to the previous parent is
400                prone to failure (that's why the node decided to switch).
401                Therefore, it is required that the route invalidation does not
402                depend on the previous link which is prone to failure. The
403                previous link referred here represents the link between the
404                node and its previous parent (from whom the node is now
405                disassociating).
406        </t>
407      </section>
408      <section numbered="true" toc="default">
409        <name>Req#2: Dependent nodes route invalidation on parent             switching</name>
410        <t>
411                It should be possible to do route invalidation for dependent
412                nodes rooted at the switching node.
413        </t>
414      </section>
415      <section numbered="true" toc="default">
416        <name>Req#3: Route invalidation should not impact data traffic</name>
417        <t>
418                While sending the NPDAO and DAO messages, it is possible that
419                the NPDAO successfully invalidates the previous path, while the
420                newly sent DAO gets lost (new path not set up successfully).
421                This will result in downstream unreachability to the node
422                switching paths. Therefore, it is desirable that the route
423                invalidation is synchronized with the DAO to avoid the risk of
424                route downtime.
425        </t>
426      </section>
427    </section>
428    <!-- Too Confusing section and may not be needed now... If required this can be added in Appendix.
429    <section title="Existing Solution">
430        <section title="NPDAO can be generated by the parent node who detects
431        link failure to the child">
432            <t>RPL states mechanisms which could be utilized to clear DAO
433            states in a sub-DODAG. [RFC6550] Section states "With DAO
434            inconsistency loop recovery, a packet can be used to recursively
435            explore and clean up the obsolete DAO states along a
436            sub-DODAG".</t>
438            <t>Thus in the sample topology in Figure 1, when Node (B) detects
439            link failure to (D), (B) has an option of generating an NPDAO on
440            behalf of Node (D) and its sub-childs, (E) and (F).</t>
442            <t>This section explains why generation of an NPDAO in such cases
443            may not function as desired. Primarily the DAO state information in
444            the form of Path Sequence plays a major role here. Every target is
445            associated with a Path Sequence number which relates to the latest
446            state of the target. <xref target="RFC6550"/> Section 7.1 explains
447            the semantics of Path Sequence number. The target node increments
448            the Path Sequence number every time it generates a new DAO. The
449            router nodes en-route utilize this Path Sequence number to decide
450            the freshness of target information. If a non-target node has to
451            generate an NPDAO then it could use following two possibilities
452            with Path Sequence number: </t>
454            <t>Let the Path Sequence number of old regular DAO that flowed
455            through (B) be x. The subsequent regular DAO generated by Node (D)
456            will have sequence number x+1.</t>
458            <t>i. Node (B) uses the previous Path Sequence number from the
459            regular DAO i.e. NPDAO(pathseq=x)</t>
461            <t>ii. Node (B) increments the Path Sequence number i.e.
462            NPDAO(pathseq=x+1)</t>
464            <t>In case i, the NPDAO(pathseq=x) will be dropped by all the
465            intermediate nodes since the semantics of Path Sequence number
466            dictates that any DAO with an older Path Sequence number be
467            dropped.</t>
469            <t>In case ii, there is a risk that the NPDAO(pathseq=x+1)
470            traverses up the DODAG and invalidates all the routes till the root
471            and then the regular DAO(pathseq=x+1) from the target traverses
472            upwards. In this case the regular DAO(pathseq=x+1) will be dropped
473            from common ancestor node to the root. This will result in route
474            downtime.</t>
476            <t>Another problem with this scheme is its dependence on the
477            upstream neighbor to detect that the downstream neighbor is
478            unavailable. There are two possibilities by which such a detection
479            might be put to work:</t>
481            <t>i. There is P2P traffic from the previous sub-DODAG to any of
482            nodes in the sub-tree which has switched the path. In the above
483            example, lets consider that Node (G) has P2P traffic for either of
484            nodes (D), (E), or (F). In this case, Node (B) will detect
485            forwarding error while forwarding the packets from Node (B) to (D).
486            But dependence on P2P traffic may not be an optimal way to solve
487            this problem considering the reactive approach of the scheme. The
488            P2P traffic pattern might be sparse and thus such a detection might
489            kick-in too late.</t>
491            <t>ii. The other case is where Node (B) explicitly employs some
492            mechanism to probe directly attached downstream child nodes. Such
493            kind of schemes are seldom used.</t>
494        </section>
496        <section title="NPDAO can be generated once the link is restored to
497        the previous parent">
498            <t>This scheme solves a specific scenario of transient links. The
499            child node can detect that the connection to previous parent is
500            restored and then transmit an NPDAO to the previous parent to
501            invalidate the route. This scheme is stateful, thus requires more
502            memory and solves a specific scenario.</t>
503        </section>
504    </section>
505    -->
506    <section numbered="true" toc="default">
507      <name>Changes to RPL signaling</name>
508      <section numbered="true" toc="default">
509        <name>Change in RPL route invalidation semantics</name>
510        <t>
511                As described in <xref target="current_npdao" format="default"/>, the NPDAO
512                originates at the node changing to a new parent and traverses
513                upstream towards the root. In order to solve the problems as
514                mentioned in <xref target="current_npdao_problems" format="default"/>, the
515                document adds a new proactive route invalidation message
516                called "Destination Cleanup Object" (DCO) that originates at a
517                common ancestor node and flows downstream between the new and
518                old path. The common ancestor node generates a DCO in response
519                to the change in the next-hop on receiving a regular DAO with
520                updated Path Sequence for the target.
521        </t>
522        <t>
523                The 6LRs in the path for DCO take action such as route
524                invalidation based on the DCO information and subsequently send
525                another DCO with the same information downstream to the next
526                hop. This operation is similar to how the DAOs are handled on
527                intermediate 6LRs in storing MOP in <xref target="RFC6550" format="default"/>.
528                Just like DAO in storing MOP, the DCO is sent using link-local
529                unicast source and destination IPv6 address. Unlike DAO, which
530                always travels upstream, the DCO always travels downstream.
531        </t>
532        <t>
533                In <xref target="sample_top" format="default"/>, when node D decides to
534                switch the path from B to C, it sends a regular DAO to node C
535                with reachability information containing the address of D as
536                the target and an incremented Path Sequence. Node C will update
537                the routing table based on the reachability information in the
538                DAO and in turn generate another DAO with the same reachability
539                information and forward it to H. Node H also follows the same
540                procedure as Node C and forwards it to node A. When node A
541                receives the regular DAO, it finds that it already has a
542                routing table entry on behalf of the target address of node D.
543                It finds however that the next hop information for reaching
544                node D has changed i.e., node D has decided to change the
545                paths. In this case, Node A which is the common ancestor node
546                for node D along the two paths (previous and new), should
547                generate a DCO which traverses downwards in the network. Node A
548                handles normal DAO forwarding to 6LBR as required by <xref target="RFC6550" format="default"/>.
549        </t>
550      </section>
551      <section anchor="transit_opt_changes" numbered="true" toc="default">
552        <name>Transit Information Option changes</name>
553        <t>
554                Every RPL message is divided into base message fields and
555                additional Options as described in Section 6 of <xref target="RFC6550" format="default"/>. The base fields apply to the message as a
556                whole and options are appended to add message/use-case specific
557                attributes. As an example, a DAO message may be attributed by
558                one or more "RPL Target" options which specify the reachability
559                information for the given targets. Similarly, a Transit
560                Information option may be associated with a set of RPL Target
561                options.
562        </t>
563        <t>
564                This document specifies a change in the Transit Information Option to
565                contain the "Invalidate previous route" (I) flag. This I-flag signals
566                the common ancestor node to generate a DCO on behalf of the
567                target node. The I-flag is carried in the Transit Information
568                Option which augments the reachability information for a given
569                set of RPL Target(s). Transit Information Option with I-flag
570                set should be carried in the DAO message when route
571                invalidation is sought for the corresponding target(s).
572        </t>
573        <figure anchor="transit_info_with_i">
574          <name>Updated Transit Information Option (New I flag                     added)</name>
575          <artwork align="center" name="" type="" alt=""><![CDATA[
5760                   1                   2                   3
5770 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
579|   Type = 0x06 | Option Length |E|I|  Flags    | Path Control  |
581| Path Sequence | Path Lifetime |
583                        ]]></artwork>
584        </figure>
585        <t>
586                I (Invalidate previous route) flag: The 'I' flag is set by the
587                target node to indicate to the common ancestor node that it
588                wishes to invalidate any previous route between the two paths.
589        </t>
590        <t>
591                <xref target="RFC6550" format="default"/> allows the parent address to be sent in
592                the Transit Information Option depending on the mode of
593                operation. In case of storing mode of operation the field is
594                usually not needed. In case of DCO, the parent address field
595                MUST NOT be included.
596        </t>
597        <t>
598                The common ancestor node SHOULD generate a DCO message in
599                response to this I-flag when it sees that the routing
600                adjacencies have changed for the target. The I-flag is
601                intended to give the target node control over its own route
602                invalidation, serving as a signal to request DCO generation.
603        </t>
604      </section>
605      <section numbered="true" toc="default">
606        <name>Destination Cleanup Object (DCO)</name>
607        <t>
608                A new ICMPv6 RPL control message code is defined by this
609                specification and is referred to as "Destination Cleanup Object"
610                (DCO), which is used for proactive cleanup of state and routing
611                information held on behalf of the target node by 6LRs. The DCO
612                message always traverses downstream and cleans up route
613                information and other state information associated with the
614                given target.
615        </t>
616        <figure anchor="dco_obj">
617          <name>DCO base object</name>
618          <artwork align="center" name="" type="" alt=""><![CDATA[
6190                   1                   2                   3
6200 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
622| RPLInstanceID |K|D|   Flags   |   Reserved    | DCOSequence   |
624|                                                               |
625+                                                               +
626|                                                               |
627+                            DODAGID(optional)                  +
628|                                                               |
629+                                                               +
630|                                                               |
632|   Option(s)...
634                        ]]></artwork>
635        </figure>
636        <t>
637                RPLInstanceID: 8-bit field indicating the topology instance
638                associated with the DODAG, as learned from the DIO.
639        </t>
640        <t>
641                K: The 'K' flag indicates that the recipient of DCO message is
642                expected to send a DCO-ACK back. If the DCO-ACK is not received
643                even after setting the 'K' flag, an implementation may retry
644                the DCO at a later time. The number of retries are
645                implementation and deployment dependent and are expected to be
646                kept similar with those used in DAO retries in <xref target="RFC6550" format="default"/>. <xref target="dco_retry" format="default"/> specifies
647                the considerations for DCO retry. A node receiving a DCO
648                message without the 'K' flag set MAY respond with a DCO-ACK,
649                especially to report an error condition. An example error
650                condition could be that the node sending the DCO-ACK does not
651                find the routing entry for the indicated target. When the
652                sender does not set the 'K' flag it is an indication that the
653                sender does not expect a response, and the sender SHOULD NOT
654                retry the DCO.
655        </t>
656        <t>
657                D: The 'D' flag indicates that the DODAGID field is present.
658                This flag MUST be set when a local RPLInstanceID is used.
659        </t>
660        <t>
661                Flags: The 6 bits remaining unused in the Flags field are
662                reserved for future use. These bits MUST be initialized to zero by
663                the sender and MUST be ignored by the receiver.
664        </t>
665        <t>
666                Reserved: 8-bit unused field. The field MUST be initialized to
667                zero by the sender and MUST be ignored by the receiver.
668        </t>
669        <t>
670                DCOSequence: 8-bit field incremented at each unique DCO message
671                from a node and echoed in the DCO-ACK message. The initial
672                DCOSequence can be chosen randomly by the node. <xref target="base_rules" format="default"/> explains the handling of the
673                DCOSequence.
674        </t>
675        <t>
676                DODAGID (optional): 128-bit unsigned integer set by a DODAG
677                root that uniquely identifies a DODAG. This field MUST be
678                present when the 'D' flag is set and MUST NOT be present if 'D'
679                flag is not set. DODAGID is used when a local RPLInstanceID is
680                in use, in order to identify the DODAGID that is associated
681                with the RPLInstanceID.
682        </t>
683        <section numbered="true" toc="default">
684          <name>Secure DCO</name>
685          <t>
686                    A Secure DCO message follows the format in <xref target="RFC6550" format="default"/> Figure 7, where the base message
687                    format is the DCO message shown in <xref target="dco_obj" format="default"/>.
688          </t>
689        </section>
690        <section numbered="true" toc="default">
691          <name>DCO Options</name>
692          <t>
693                    The DCO message MUST carry at least one RPL Target and the
694                    Transit Information Option and MAY carry other valid
695                    options. This specification allows for the DCO message to
696                    carry the following options:
697          </t>
698          <ul empty="true" spacing="compact">
699            <li>0x00 Pad1</li>
700            <li>0x01 PadN</li>
701            <li>0x05 RPL Target</li>
702            <li>0x06 Transit Information</li>
703            <li>0x09 RPL Target Descriptor</li>
704          </ul>
705          <t>
706                    Section 6.7 of <xref target="RFC6550" format="default"/> defines all the
707                    above mentioned options. The DCO carries an RPL Target
708                    Option and an associated Transit Information Option with a
709                    lifetime of 0x00000000 to indicate a loss of reachability
710                    to that Target.
711          </t>
712        </section>
713        <section numbered="true" toc="default">
714          <name>Path Sequence number in the DCO</name>
715          <t>
716                    A DCO message may contain a Path Sequence in the Transit
717                    Information Option to identify the freshness of the DCO
718                    message. The Path Sequence in the DCO MUST use the same
719                    Path Sequence number present in the regular DAO message
720                    when the DCO is generated in response to a DAO message.
721                    Thus if a DCO is received by a 6LR and subsequently a DAO
722                    is received with an old sequence number, then the DAO
723                    MUST be ignored. When the DCO is generated in response to a
724                    DCO from upstream parent, the Path Sequence MUST be copied
725                    from the received DCO.
726          </t>
727        </section>
728        <section numbered="true" toc="default">
729          <name>Destination Cleanup Option Acknowledgment (DCO-ACK)</name>
730          <t>
731                    The DCO-ACK message SHOULD be sent as a unicast packet by a
732                    DCO recipient in response to a unicast DCO message with 'K'
733                    flag set. If 'K' flag is not set then the receiver of the
734                    DCO message MAY send a DCO-ACK, especially to report an error
735                    condition.
736          </t>
737          <figure anchor="dco_ack">
738            <name>DCO-ACK base                         object</name>
739            <artwork align="center" name="" type="" alt=""><![CDATA[
7400                   1                   2                   3
7410 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
743| RPLInstanceID |D|   Flags     |  DCOSequence  |    Status     |
745|                                                               |
746+                                                               +
747|                                                               |
748+                            DODAGID(optional)                  +
749|                                                               |
750+                                                               +
751|                                                               |
753                            ]]></artwork>
754          </figure>
755          <t>
756                    RPLInstanceID: 8-bit field indicating the topology instance
757                    associated with the DODAG, as learned from the DIO.
758          </t>
759          <t>
760                    D: The 'D' flag indicates that the DODAGID field is present.
761                    This flag MUST be set when a local RPLInstanceID is used.
762          </t>
763          <t>
764                    Flags: 7-bit unused field. The field MUST be initialized to
765                    zero by the sender and MUST be ignored by the receiver.
766          </t>
767          <t>
768                    DCOSequence: 8-bit field. The DCOSequence in DCO-ACK is
769                    copied from the DCOSequence received in the DCO message.
770          </t>
771          <t>
772                    Status: Indicates the completion. Status 0 is defined as
773                    unqualified acceptance in this specification. Status 1 is
774                    defined as "No routing-entry for the Target found". The
775                    remaining status values are reserved as rejection codes.
776          </t>
777          <t>
778                    DODAGID (optional): 128-bit unsigned integer set by a DODAG
779                    root that uniquely identifies a DODAG. This field MUST be
780                    present when the 'D' flag is set and MUST NOT be present
781                    when 'D' flag is not set. DODAGID is used when a local
782                    RPLInstanceID is in use, in order to identify the DODAGID
783                    that is associated with the RPLInstanceID.
784          </t>
785        </section>
786        <section numbered="true" toc="default">
787          <name>Secure DCO-ACK</name>
788          <t>
789                    A Secure DCO-ACK message follows the format in <xref target="RFC6550" format="default"/> Figure 7, where the base message
790                    format is the DCO-ACK message shown in <xref target="dco_ack" format="default"/>.
791          </t>
792        </section>
793      </section>
794      <section anchor="base_rules" numbered="true" toc="default">
795        <name>DCO Base Rules</name>
796        <ol spacing="compact" type="1">
797          <li>
798                        If a node sends a DCO message with newer or different
799                        information than the prior DCO message transmission, it
800                        MUST increment the DCOSequence field by at least one.
801                        A DCO message transmission that is identical to the
802                        prior DCO message transmission MAY increment the
803                        DCOSequence field. The DCOSequence counter follows the
804                        sequence counter operation as defined in Section 7.2 of
805                        <xref target="RFC6550" format="default"/>.
806                    </li>
807          <li>
808                        The RPLInstanceID and DODAGID fields of a DCO message
809                        MUST be the same value as that of the DAO message in
810                        response to which the DCO is generated on the common
811                        ancestor node.
812                    </li>
813          <li>
814                        A node MAY set the 'K' flag in a unicast DCO message to
815                        solicit a unicast DCO-ACK in response in order to
816                        confirm the attempt.
817                    </li>
818          <li>
819                        A node receiving a unicast DCO message with the 'K'
820                        flag set SHOULD respond with a DCO-ACK. A node
821                        receiving a DCO message without the 'K' flag set MAY
822                        respond with a DCO-ACK, especially to report an error
823                        condition.
824                    </li>
825          <li>
826                        A node receiving a unicast DCO message MUST verify the
827                        stored Path Sequence in context to the given target. If
828                        the stored Path Sequence is more fresh, newer than
829                        the Path Sequence received in the DCO, then the DCO
830                        MUST be dropped.
831                    </li>
832          <li>
833                        A node that sets the 'K' flag in a unicast DCO message
834                        but does not receive DCO-ACK in response MAY reschedule
835                        the DCO message transmission for another attempt, up
836                        until an implementation specific number of retries.
837                    </li>
838          <li>
839                        A node receiving a unicast DCO message with its own
840                        address in the RPL Target Option MUST strip-off that
841                        Target Option. If this Target Option is the only one in
842                        the DCO message then the DCO message MUST be dropped.
843                    </li>
844        </ol>
845        <t>
846                The scope of DCOSequence values is unique to the node which
847                generates it.
848        </t>
849      </section>
850      <section numbered="true" toc="default">
851        <name>Unsolicited DCO</name>
852        <t>
853                A 6LR may generate an unsolicited DCO to unilaterally cleanup
854                the path on behalf of the target entry. The 6LR has all the
855                state information, namely, the Target address and the Path
856                Sequence, required for generating DCO in its routing table.
857                The conditions why 6LR may generate an unsolicited DCO are
858                beyond the scope of this document but some possible reasons
859                could be:
860        </t>
861        <ol spacing="compact" type="1">
862          <li>
863                        On route expiry of an entry, a 6LR may decide to
864                        graciously cleanup the entry by initiating DCO.
865                    </li>
866          <li>
867                        6LR needs to entertain higher priority entries in case
868                        the routing table is full, thus resulting in eviction
869                        of an existing routing entry. In this case the eviction
870                        can be handled graciously using DCO.
871                    </li>
872        </ol>
873        <t>
874                Note that if the 6LR initiates a unilateral path cleanup using
875                DCO and if it has the latest state for the target then the DCO
876                would finally reach the target node. Thus the target node would
877                be informed of its invalidation.
878        </t>
879      </section>
880      <section numbered="true" toc="default">
881        <name>Other considerations</name>
882        <section numbered="true" toc="default">
883          <name>Dependent Nodes invalidation</name>
884          <t>
885                    Current RPL <xref target="RFC6550" format="default"/> does not provide a
886                    mechanism for route invalidation for dependent nodes. This
887                    document allows the dependent nodes invalidation. Dependent
888                    nodes will generate their respective DAOs to update their
889                    paths, and the previous route invalidation for those nodes
890                    should work in the similar manner described for switching
891                    node. The dependent node may set the I-flag in the Transit
892                    Information Option as part of regular DAO so as to
893                    request invalidation of previous route from the common
894                    ancestor node.
895          </t>
896          <t>
897                    Dependent nodes do not have any indication regarding if any
898                    of their parents in turn have decided to switch their
899                    parent. Thus for route invalidation the dependent nodes may
900                    choose to always set the 'I' flag in all its DAO message's
901                    Transit Information Option. Note that setting the I-flag is
902                    not counterproductive even if there is no previous
903                    route to be invalidated.
904          </t>
905        </section>
906        <section numbered="true" toc="default">
907          <name>NPDAO and DCO in the same network</name>
908          <t>
909                    The current NPDAO mechanism in <xref target="RFC6550" format="default"/> can
910                    still be used in the same network where DCO is used. The
911                    NPDAO messaging can be used, for example, on route lifetime
912                    expiry of the target or when the node simply decides to
913                    gracefully terminate the RPL session on graceful node
914                    shutdown. Moreover, a deployment can have a mix of nodes
915                    supporting the DCO and the existing NPDAO mechanism. It is
916                    also possible that the same node supports both the NPDAO
917                    and DCO signaling for route invalidation.
918          </t>
919          <t>
920                    Section 9.8 of <xref target="RFC6550" format="default"/> states, "When a
921                    node removes a node from its DAO parent set, it SHOULD
922                    send a No-Path DAO message to that removed DAO parent to
923                    invalidate the existing router". This document introduces
924                    an alternative and more optimized way of route invalidation
925                    but it also allows existing NPDAO messaging to work. Thus
926                    an implementation has two choices to make when a route
927                    invalidation is to be initiated:
928          </t>
929          <ol spacing="compact" type="1">
930            <li>
931                            Use NPDAO to invalidate the previous route and
932                            send regular DAO on the new path.
933                        </li>
934            <li>
935                            Send regular DAO on the new path with the 'I'
936                            flag set in the Transit Information Option such
937                            that the common ancestor node initiates the DCO
938                            message downstream to invalidate the previous
939                            route.
940                        </li>
941          </ol>
942          <t>
943                    This document recommends using option 2 for reasons
944                    specified in <xref target="requirements" format="default"/> in this
945                    document.
946          </t>
947          <t>
948                    This document assumes that all the 6LRs in the network
949                    support this specification. If there are 6LRs en-route DCO
950                    message path which do not support this document, then the
951                    route invalidation for corresponding targets may not work
952                    or may work partially i.e., only part of the path
953                    supporting DCO may be invalidated. Alternatively, a node
954                    could generate an NPDAO if it does not receive a DCO with
955                    itself as target within specified time limit. The specified
956                    time limit is deployment specific and depends upon the
957                    maximum depth of the network and per hop average latency.
958                    Note that sending NPDAO and DCO for the same operation
959                    would not result in unwanted side-effects because the
960                    acceptability of NPDAO or DCO depends upon the Path
961                    Sequence freshness.
962          </t>
963        </section>
964        <section anchor="dco_retry" numbered="true" toc="default">
965          <name>Considerations for DCO retry</name>
966          <t>
967                    A DCO message could be retried by a sender if it sets the
968                    'K' flag and does not receive a DCO-ACK. The DCO retry time
969                    could be dependent on the maximum depth of the network and
970                    average per hop latency. This could range from 2 seconds to
971                    120 seconds depending on the deployment. In case the
972                    latency limits are not known, an implementation MUST NOT
973                    retry more than once in 3 seconds and MUST NOT retry more
974                    than 3 times.
975          </t>
976          <t>
977                    The number of retries could also be set depending on how
978                    critical the route invalidation could be for the deployment
979                    and the link layer retry configuration. For networks
980                    supporting only MP2P and P2MP flows, such as in AMI and
981                    telemetry applications, the 6LRs may not be very keen to
982                    invalidate routes, unless they are highly
983                    memory-constrained. For home and building automation
984                    networks which may have substantial P2P traffic, the 6LRs
985                    might be keen to invalidate efficiently because it may
986                    additionally impact the forwarding efficiency.
987          </t>
988        </section>
989        <section numbered="true" toc="default">
990          <name>DCO with multiple preferred parents</name>
991          <t>
992                    <xref target="RFC6550" format="default"/> allows a node to select multiple
993                    preferred parents for route establishment. Section 9.2.1
994                    of <xref target="RFC6550" format="default"/> specifies, "All DAOs generated
995                    at the same time for the same Target MUST be sent with the
996                    same Path Sequence in the Transit Information".
997                    Subsequently when route invalidation has to be initiated,
998                    RPL mentions use of NPDAO which can be initiated with an
999                    updated Path Sequence to all the parent nodes through which
1000                    the route is to be invalidated.
1001          </t>
1002          <t>
1003                    With DCO, the Target node itself does not initiate the
1004                    route invalidation and it is left to the common ancestor
1005                    node. A common ancestor node when it discovers an updated
1006                    DAO from a new next-hop, it initiates a DCO. With multiple
1007                    preferred parents, this handling does not change. But in
1008                    this case it is recommended that an implementation
1009                    initiates a DCO after a time period (DelayDCO) such that
1010                    the common ancestor node may receive updated DAOs from all
1011                    possible next-hops. This will help to reduce DCO control
1012                    overhead i.e., the common ancestor can wait for updated
1013                    DAOs from all possible directions before initiating a DCO
1014                    for route invalidation. After timeout, the DCO needs to be
1015                    generated for all the next-hops for whom the route
1016                    invalidation needs to be done.
1017          </t>
1018          <t>
1019                    This document recommends using a DelayDCO timer value of
1020                    1sec. This value is inspired by the default DelayDAO value
1021                    of 1sec in <xref target="RFC6550" format="default"/>. Here the hypothesis is
1022                    that the DAOs from all possible parent sets would be
1023                    received on the common ancestor within this time period.
1024          </t>
1025          <t>
1026                    It is still possible that a DCO is generated before all the
1027                    updated DAOs from all the paths are received. In this case,
1028                    the ancestor node would start the invalidation procedure
1029                    for paths from which the updated DAO is not received. The
1030                    DCO generated in this case would start invalidating the
1031                    segments along these paths on which the updated DAOs are
1032                    not received. But once the DAO reaches these segments, the
1033                    routing state would be updated along these segments and
1034                    should not lead to any inconsistent routing state.
1035          </t>
1036          <t>
1037                    Note that there is no requirement for synchronization
1038                    between DCO and DAOs. The DelayDCO timer simply ensures
1039                    that the DCO control overhead can be reduced and is only
1040                    needed when the network contains nodes using multiple
1041                    preferred parent.
1042          </t>
1043        </section>
1044      </section>
1045    </section>
1046    <section anchor="Acknowledgments" numbered="true" toc="default">
1047      <name>Acknowledgments</name>
1048      <t>
1049            Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, Georgios
1050            Papadopoulous, Peter Van Der Stok for their review and comments.
1051            Alvaro Retana helped shape this document's final version with
1052            critical review comments.
1053      </t>
1054    </section>
1055    <!-- Possibly a 'Contributors' section ... -->
1056    <section anchor="IANA" numbered="true" toc="default">
1057      <name>IANA Considerations</name>
1058      <t>
1059            IANA is requested to allocate new codes for the DCO and DCO-ACK
1060            messages from the RPL Control Codes registry.
1061      </t>
1062      <table align="center">
1063        <thead>
1064          <tr>
1065            <th align="center">Code</th>
1066            <th align="center">Description</th>
1067            <th align="center">Reference</th>
1068          </tr>
1069        </thead>
1070        <tbody>
1071          <tr>
1072            <td align="center">TBD1</td>
1073            <td align="center">Destination Cleanup Object</td>
1074            <td align="center">This document</td>
1075          </tr>
1076          <tr>
1077            <td align="center">TBD2</td>
1078            <td align="center">Destination Cleanup Object Acknowledgment</td>
1079            <td align="center">This document</td>
1080          </tr>
1081          <tr>
1082            <td align="center">TBD3</td>
1083            <td align="center">Secure Destination Cleanup Object</td>
1084            <td align="center">This document</td>
1085          </tr>
1086          <tr>
1087            <td align="center">TBD4</td>
1088            <td align="center">Secure Destination Cleanup Object Acknowledgment</td>
1089            <td align="center">This document</td>
1090          </tr>
1091        </tbody>
1092      </table>
1093      <t>
1094            IANA is requested to allocate bit 1 from the Transit Information
1095            Option Flags registry for the I-flag (<xref target="transit_opt_changes" format="default"/>)
1096      </t>
1097      <section numbered="true" toc="default">
1098        <name>New Registry for the Destination Cleanup Object (DCO) Flags</name>
1099        <t>
1100                IANA is requested to create a registry for the 8-bit Destination Cleanup
1101                Object (DCO) Flags field. This registry should be located in
1102                existing category of "Routing Protocol for Low Power and Lossy
1103                Networks (RPL)".
1104        </t>
1105        <t>
1106                New bit numbers may be allocated only by an IETF Review. Each
1107                bit is tracked with the following qualities:
1108        </t>
1109        <ul spacing="compact">
1110          <li>Bit number (counting from bit 0 as the most significant bit)</li>
1111          <li>Capability description</li>
1112          <li>Defining RFC</li>
1113        </ul>
1114        <t>
1115                The following bits are currently defined:
1116        </t>
1117        <table align="center">
1118          <name>DCO Base Flags</name>
1119          <thead>
1120            <tr>
1121              <th align="center">Bit number</th>
1122              <th align="center">Description</th>
1123              <th align="center">Reference</th>
1124            </tr>
1125          </thead>
1126          <tbody>
1127            <tr>
1128              <td align="center">0</td>
1129              <td align="center">DCO-ACK request (K)</td>
1130              <td align="center">This document</td>
1131            </tr>
1132            <tr>
1133              <td align="center">1</td>
1134              <td align="center">DODAGID field is present (D)</td>
1135              <td align="center">This document</td>
1136            </tr>
1137          </tbody>
1138        </table>
1139      </section>
1140      <section numbered="true" toc="default">
1141        <name>New Registry for the Destination Cleanup Object Acknowledgment (DCO-ACK) Status field</name>
1142        <t>
1143                IANA is requested to create a registry for the 8-bit Destination Cleanup
1144                Object Acknowledgment (DCO-ACK) Status field. This registry
1145                should be located in existing category of "Routing Protocol for
1146                Low Power and Lossy Networks (RPL)".
1147        </t>
1148        <t>
1149                New Status values may be allocated only by an IETF Review. Each
1150                value is tracked with the following qualities:
1151        </t>
1152        <ul spacing="compact">
1153          <li>Status Code</li>
1154          <li>Description</li>
1155          <li>Defining RFC</li>
1156        </ul>
1157        <t>
1158                The following values are currently defined:
1159        </t>
1160        <table align="center">
1161          <name>DCO-ACK Status Codes</name>
1162          <thead>
1163            <tr>
1164              <th align="center">Status Code</th>
1165              <th align="center">Description</th>
1166              <th align="center">Reference</th>
1167            </tr>
1168          </thead>
1169          <tbody>
1170            <tr>
1171              <td align="center">0</td>
1172              <td align="center">Unqualified acceptance</td>
1173              <td align="center">This document</td>
1174            </tr>
1175            <tr>
1176              <td align="center">1</td>
1177              <td align="center">No routing-entry for the indicated Target found</td>
1178              <td align="center">This document</td>
1179            </tr>
1180          </tbody>
1181        </table>
1182      </section>
1183      <section numbered="true" toc="default">
1184        <name>New Registry for the Destination Cleanup Object (DCO)         Acknowledgment Flags</name>
1185        <t>
1186                IANA is requested to create a registry for the 8-bit
1187                Destination Cleanup Object (DCO) Acknowledgment Flags field.
1188                This registry should be located in existing category of
1189                "Routing Protocol for Low Power and Lossy Networks (RPL)".
1190        </t>
1191        <t>
1192                New bit numbers may be allocated only by an IETF Review. Each
1193                bit is tracked with the following qualities:
1194        </t>
1195        <ul spacing="compact">
1196          <li>Bit number (counting from bit 0 as the most significant bit)</li>
1197          <li>Capability description</li>
1198          <li>Defining RFC</li>
1199        </ul>
1200        <t>
1201                The following bits are currently defined:
1202        </t>
1203        <table align="center">
1204          <name>DCO-ACK Base Flags</name>
1205          <thead>
1206            <tr>
1207              <th align="center">Bit number</th>
1208              <th align="center">Description</th>
1209              <th align="center">Reference</th>
1210            </tr>
1211          </thead>
1212          <tbody>
1213            <tr>
1214              <td align="center">0</td>
1215              <td align="center">DODAGID field is present (D)</td>
1216              <td align="center">This document</td>
1217            </tr>
1218          </tbody>
1219        </table>
1220      </section>
1221    </section>
1222    <section anchor="Security" numbered="true" toc="default">
1223      <name>Security Considerations</name>
1224      <t>
1225            This document introduces the ability for a common ancestor node to
1226            invalidate a route on behalf of the target node. The common
1227            ancestor node could be directed to do so by the target node using
1228            the I-flag in DCO's Transit Information Option. However, the common
1229            ancestor node is in a position to unilaterally initiate the route
1230            invalidation since it possesses all the required state information,
1231            namely, the Target address and the corresponding Path Sequence.
1232            Thus a rogue common ancestor node could initiate such an
1233            invalidation and impact the traffic to the target node.
1234      </t>
1235      <t>
1236            This document also introduces an I-flag which is set by the target
1237            node and used by the ancestor node to initiate a DCO if the
1238            ancestor sees an update in the route adjacency. However,
1239            this flag could be spoofed by a malicious 6LR in the path and can
1240            cause invalidation of an existing active path. Note that invalidation
1241            will happen only if the other conditions such as Path Sequence
1242            condition is also met. Having said that, such a malicious 6LR may
1243            spoof a DAO on behalf of the (sub) child with the I-flag set and
1244            can cause route invalidation on behalf of the (sub) child node.
1245            Note that, using existing mechanisms offered by <xref target="RFC6550" format="default"/>, a malicious 6LR might also spoof a DAO with
1246            lifetime of zero or otherwise cause denial of service by dropping
1247            traffic entirely, so the new mechanism described in this document
1248            does not present a substantially increased risk of disruption.
1249      </t>
1250      <t>
1251            This document assumes that the security mechanisms as defined in
1252            <xref target="RFC6550" format="default"/> are followed, which means that the common
1253            ancestor node and all the 6LRs are part of the RPL network because
1254            they have the required credentials. A non-secure RPL network needs
1255            to take into consideration the risks highlighted in this section as
1256            well as those highlighted in <xref target="RFC6550" format="default"/>.
1257      </t>
1258      <t>
1259            All RPL messages support a secure version of messages which allows
1260            integrity protection using either a MAC or a signature. Optionally,
1261            secured RPL messages also have encryption protection for
1262            confidentiality.
1263      </t>
1264      <t>
1265            The document adds new messages (DCO, DCO-ACK) which are
1266            syntactically similar to existing RPL messages such as DAO,
1267            DAO-ACK. Secure versions of DCO and DCO-ACK are added similar to
1268            other RPL messages (such as DAO, DAO-ACK).
1269      </t>
1270      <t>
1271            RPL supports three security modes as mentioned in Section 10.1 of
1272            <xref target="RFC6550" format="default"/>:
1273      </t>
1274      <ol spacing="compact" type="1">
1275        <li>
1276                    Unsecured: In this mode, it is expected that the RPL control messages
1277                    are secured by other security mechanisms, such as
1278                    link-layer security. In this mode, the RPL control messages,
1279                    including DCO, DCO-ACK, do not have Security sections.
1280                    Also note that unsecured mode does not imply that all
1281                    messages are sent without any protection.
1282                </li>
1283        <li>
1284                    Preinstalled: In this mode, RPL uses secure messages. Thus
1285                    secure versions of DCO, DCO-ACK MUST be used in this mode.
1286                </li>
1287        <li>
1288                    Authenticated: In this mode, RPL uses secure messages. Thus
1289                    secure versions of DCO, DCO-ACK MUST be used in this mode.
1290                </li>
1291      </ol>
1292    </section>
1293  </middle>
1294  <back>
1295    <!-- References split into informative and normative -->
1296    <!-- There are 2 ways to insert reference entries from the citation libraries:
1297     1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
1298     2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
1299        (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")
1301     Both are cited textually in the same manner: by using xref elements.
1302     If you use the PI option, xml2rfc will, by default, try to find included files in the same
1303     directory as the including file. You can also define the XML_LIBRARY environment variable
1304     with a value containing a set of directories to search. These can be either in the local
1305     filing system or remote ones accessed by http (http://domain/dir/... ).-->
1306    <references>
1307      <name>Normative References</name>
1308      <!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?-->
1309      <reference anchor="RFC6550" target="https://www.rfc-editor.org/info/rfc6550">
1310        <front>
1311          <title>RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks</title>
1312          <seriesInfo name="DOI" value="10.17487/RFC6550"/>
1313          <seriesInfo name="RFC" value="6550"/>
1314          <author initials="T." surname="Winter" fullname="T. Winter" role="editor">
1315            <organization/>
1316          </author>
1317          <author initials="P." surname="Thubert" fullname="P. Thubert" role="editor">
1318            <organization/>
1319          </author>
1320          <author initials="A." surname="Brandt" fullname="A. Brandt">
1321            <organization/>
1322          </author>
1323          <author initials="J." surname="Hui" fullname="J. Hui">
1324            <organization/>
1325          </author>
1326          <author initials="R." surname="Kelsey" fullname="R. Kelsey">
1327            <organization/>
1328          </author>
1329          <author initials="P." surname="Levis" fullname="P. Levis">
1330            <organization/>
1331          </author>
1332          <author initials="K." surname="Pister" fullname="K. Pister">
1333            <organization/>
1334          </author>
1335          <author initials="R." surname="Struik" fullname="R. Struik">
1336            <organization/>
1337          </author>
1338          <author initials="JP." surname="Vasseur" fullname="JP. Vasseur">
1339            <organization/>
1340          </author>
1341          <author initials="R." surname="Alexander" fullname="R. Alexander">
1342            <organization/>
1343          </author>
1344          <date year="2012" month="March"/>
1345          <abstract>
1346            <t>Low-Power and Lossy Networks (LLNs) are a class of network in which both the routers and their interconnect are constrained.  LLN routers typically operate with constraints on processing power, memory, and energy (battery power).  Their interconnects are characterized by high loss rates, low data rates, and instability.  LLNs are comprised of anything from a few dozen to thousands of routers.  Supported traffic flows include point-to-point (between devices inside the LLN), point-to-multipoint (from a central control point to a subset of devices inside the LLN), and multipoint-to-point (from devices inside the LLN towards a central control point).  This document specifies the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which provides a mechanism whereby multipoint-to-point traffic from devices inside the LLN towards a central control point as well as point-to-multipoint traffic from the central control point to the devices inside the LLN are supported.  Support for point-to-point traffic is also available.  [STANDARDS-TRACK]</t>
1347          </abstract>
1348        </front>
1349      </reference>
1350      <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
1351        <front>
1352          <title>Key words for use in RFCs to Indicate Requirement Levels</title>
1353          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
1354          <seriesInfo name="RFC" value="2119"/>
1355          <seriesInfo name="BCP" value="14"/>
1356          <author initials="S." surname="Bradner" fullname="S. Bradner">
1357            <organization/>
1358          </author>
1359          <date year="1997" month="March"/>
1360          <abstract>
1361            <t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
1362          </abstract>
1363        </front>
1364      </reference>
1365      <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
1366        <front>
1367          <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
1368          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
1369          <seriesInfo name="RFC" value="8174"/>
1370          <seriesInfo name="BCP" value="14"/>
1371          <author initials="B." surname="Leiba" fullname="B. Leiba">
1372            <organization/>
1373          </author>
1374          <date year="2017" month="May"/>
1375          <abstract>
1376            <t>RFC 2119 specifies common key words that may be used in protocol  specifications.  This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the  defined special meanings.</t>
1377          </abstract>
1378        </front>
1379      </reference>
1380    </references>
1381    <section anchor="app-additional" numbered="true" toc="default">
1382      <name>Example Messaging</name>
1383      <section numbered="true" toc="default">
1384        <name>Example DCO Messaging</name>
1385        <t>
1386            In <xref target="sample_top" format="default"/>, node (D) switches its parent from
1387            (B) to (C). This example assumes that Node D has already
1388            established its own route via Node B-G-A-6LBR using pathseq=x. The
1389            example uses DAO and DCO messaging convention and specifies only
1390            the required parameters to explain the example namely, the
1391            parameter 'tgt', which stands for Target Option and value of this
1392            parameter specifies the address of the target node. The parameter
1393            'pathseq', which specifies the Path Sequence value carried in the
1394            Transit Information Option. The parameter 'I_flag' specifies the
1395            'I' flag in the Transit Information Option.
1396            sequence of actions is as follows:
1397        </t>
1398        <ol spacing="compact" type="1">
1399          <li>Node D switches its parent from node B to node C</li>
1400          <li>D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the
1401                    updated path to C</li>
1402          <li>C checks for a routing entry on behalf of D, since it cannot
1403                    find an entry on behalf of D it creates a new routing entry
1404                    and forwards the reachability information of the target D
1405                    to H in a DAO(tgt=D,pathseq=x+1,I_flag=1).</li>
1406          <li>Similar to C, node H checks for a routing entry on behalf of
1407                    D, cannot find an entry and hence creates a new routing
1408                    entry and forwards the reachability information of the
1409                    target D to A in a DAO(tgt=D,pathseq=x+1,I_flag=1).</li>
1410          <li>
1411                    Node A receives the DAO(tgt=D,pathseq=x+1,I_flag=1), and
1412                    checks for a routing entry on behalf of D. It finds a
1413                    routing entry but checks that the next hop for target D is
1414                    different (i.e., Node G). Node A checks the I_flag and
1415                    generates DCO(tgt=D,pathseq=x+1) to previous next hop for
1416                    target D which is G. Subsequently, Node A updates the
1417                    routing entry and forwards the reachability information of
1418                    target D upstream DAO(tgt=D,pathseq=x+1,I_flag=1).
1419                </li>
1420          <li>
1421                    Node G receives the DCO(tgt=D,pathseq=x+1). It checks if
1422                    the received path sequence is later than the stored path
1423                    sequence. If it is later, Node G invalidates the routing entry
1424                    of target D and forwards the (un)reachability information
1425                    downstream to B in DCO(tgt=D,pathseq=x+1).
1426                </li>
1427          <li>
1428                    Similarly, B processes the DCO(tgt=D,pathseq=x+1) by
1429                    invalidating the routing entry of target D and forwards the
1430                    (un)reachability information downstream to D.
1431                </li>
1432          <li>
1433                    D ignores the DCO(tgt=D,pathseq=x+1) since the target is
1434                    itself.
1435                </li>
1436          <li>
1437                    The propagation of the DCO will stop at any node where the
1438                    node does not have an routing information associated with
1439                    the target. If cached routing information is present and
1440                    the cached Path Sequence is higher than the value in the
1441                    DCO, then the DCO is dropped.
1442                </li>
1443        </ol>
1444      </section>
1445      <section numbered="true" toc="default">
1446        <name>Example DCO Messaging with multiple preferred parents</name>
1447        <figure anchor="sample_top_mpp">
1448          <name>Sample                     topology 2</name>
1449          <artwork align="center" name="" type="" alt=""><![CDATA[
1450        (6LBR)
1451          |
1452          |
1453          |
1454        (N11)
1455         / \
1456        /   \
1457       /     \
1458    (N21)   (N22)
1459      /      / \
1460     /      /   \
1461    /      /     \
1462 (N31)  (N32)  (N33)
1463     :    |    /
1464      :   |   /
1465       :  |  /
1466        (N41)
1467                        ]]></artwork>
1468        </figure>
1469        <t>
1470                In <xref target="sample_top_mpp" format="default"/>, node (N41) selects multiple
1471                preferred parents (N32) and (N33).
1472                The sequence of actions is as follows:
1473        </t>
1474        <ol spacing="compact" type="1">
1475          <li>
1476                        (N41) sends DAO(tgt=N41,PS=x,I_flag=1) to (N32) and (N33).
1477                        Here I_flag refers to the Invalidation flag and PS refers to
1478                        Path Sequence in Transit Information option.
1479                    </li>
1480          <li>
1481                        (N32) sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N33) also
1482                        sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N22) learns
1483                        multiple routes for the same destination (N41) through
1484                        multiple next-hops. (N22) may receive the DAOs from
1485                        (N32) and (N33) in any order with the I_flag set. The
1486                        implementation should use the DelayDCO timer to wait to
1487                        initiate the DCO. If (N22) receives an updated DAO from
1488                        all the paths then the DCO need not be initiated in
1489                        this case. Thus the route table at N22 should contain
1490                        (Dst,NextHop,PS): { (N41,N32,x), (N41,N33,x) }.
1491                    </li>
1492          <li>
1493                        (N22) sends DAO(tgt=N41,PS=x,I_flag=1) to (N11).
1494                    </li>
1495          <li>
1496                        (N11) sends DAO(tgt=N41,PS=x,I_flag=1) to (6LBR). Thus the
1497                        complete path is established.
1498                    </li>
1499          <li>
1500                        (N41) decides to change preferred parent set from {
1501                        N32, N33 } to { N31, N32 }.
1502                    </li>
1503          <li>
1504                        (N41) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N32). (N41)
1505                        sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N31).
1506                    </li>
1507          <li>
1508                        (N32) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N22).
1509                        (N22) has multiple routes to destination (N41). It sees
1510                        that a new Path Sequence for Target=N41 is received and
1511                        thus it waits for pre-determined time period (DelayDCO
1512                        time period) to invalidate another route
1513                        {(N41),(N33),x}. After time period, (N22) sends
1514                        DCO(tgt=N41,PS=x+1) to (N33). Also (N22) sends the
1515                        regular DAO(tgt=N41,PS=x+1,I_flag=1) to (N11).
1516                    </li>
1517          <li>
1518                        (N33) receives DCO(tgt=N41,PS=x+1). The received Path
1519                        Sequence is latest and thus it invalidates the entry
1520                        associated with target (N41). (N33) then sends the
1521                        DCO(tgt=N41,PS=x+1) to (N41). (N41) sees itself as the
1522                        target and drops the DCO.
1523                    </li>
1524          <li>
1525                        From Step 6 above, (N31) receives the
1526                        DAO(tgt=N41,PS=x+1,I_flag=1). It creates a routing
1527                        entry and sends the DAO(tgt=N41,PS=x+1,I_flag=1) to
1528                        (N21). Similarly (N21) receives the DAO and
1529                        subsequently sends the DAO(tgt=N41,PS=x+1,I_flag=1) to
1530                        (N11).
1531                    </li>
1532          <li>
1533                        (N11) receives DAO(tgt=N41,PS=x+1,I_flag=1) from (N21).
1534                        It waits for DelayDCO timer since it has multiple
1535                        routes to (N41). (N41) will receive
1536                        DAO(tgt=N41,PS=x+1,I_flag=1) from (N22) from Step 7
1537                        above. Thus (N11) has received regular
1538                        DAO(tgt=N41,PS=x+1,I_flag=1) from all paths and thus
1539                        does not initiate DCO.
1540                    </li>
1541          <li>
1542                        (N11) forwards the DAO(tgt=N41,PS=x+1,I_flag=1) to 6LBR
1543                        and the full path is established.
1544                    </li>
1545        </ol>
1546      </section>
1547    </section>
1548  </back>
1<reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
3<title>Key words for use in RFCs to Indicate Requirement Levels</title>
4<author initials="S." surname="Bradner" fullname="S. Bradner"><organization/></author>
5<date year="1997" month="March"/>
6<abstract><t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t></abstract>
8<seriesInfo name="BCP" value="14"/>
9<seriesInfo name="RFC" value="2119"/>
10<seriesInfo name="DOI" value="10.17487/RFC2119"/>
1<reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
3<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
4<author initials="B." surname="Leiba" fullname="B. Leiba"><organization/></author>
5<date year="2017" month="May"/>
6<abstract><t>RFC 2119 specifies common key words that may be used in protocol  specifications.  This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the  defined special meanings.</t></abstract>
8<seriesInfo name="BCP" value="14"/>
9<seriesInfo name="RFC" value="8174"/>
10<seriesInfo name="DOI" value="10.17487/RFC8174"/>
  • <?xml version="1.0" encoding="utf-8"?>
  • <!DOCTYPE rfc SYSTEM "rfc2629-xhtml.ent">
  • <?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
  • <?rfc strict="yes" ?>
  • <?rfc toc="yes"?>
  • <?rfc tocdepth="4"?>
  • <?rfc symrefs="yes"?>
  • <?rfc sortrefs="yes" ?>
  • <?rfc compact="yes" ?>
  • <?rfc subcompact="yes" ?>
  • <rfc category="std" docName="draft-ietf-roll-efficient-npdao-15" ipr="trust200902" obsoletes="" updates="" submissionType="IETF" xml:lang="en" version="3" number="0000" consensus="true" sortRefs="true" symRefs="true" tocInclude="true">
    • <-- xml2rfc v2v3 conversion 2.23.1 -->
    • <-- category values: std, bcp, info, exp, and historic
        ipr values: full3667, noModification3667, noDerivatives3667
            you can add the attributes updates="NNNN" and obsoletes="NNNN"
            they will automatically be output with "(if approved)" -->
    • <-- ***** FRONT MATTER ***** -->
    • <front>
      • <-- The abbreviated title is used in the page header - it is only necessary if the
                 full title is longer than 39 characters -->
      • <title abbrev="Efficient Route Invalidation">
        • Efficient Route Invalidation
        • </title>
      • <-- The abbreviated title is used in the page header - it is only necessary if the
            full title is longer than 39 characters -->
      • <seriesInfo name="Internet-Draft" "RFC" value="draft-ietf-roll-efficient-npdao-15" "0000" />
      • <author fullname="Rahul Arvind Jadhav" initials="R.A." role="editor" surname="Jadhav">
        • <organization>
          • Huawei
          • </organization>
        • <address>
          • <postal>
            • <street>
              • Kundalahalli Village, Whitefield,
              • </street>
            • <city>
              • Bangalore
              • </city>
            • <region>
              • Karnataka
              • </region>
            • <code>
              • 560037
              • </code>
            • <country>
              • India
              • </country>
            • </postal>
          • <phone>
            • +91-080-49160700
            • </phone>
          • <email>
            • rahul.ietf@gmail.com
            • </email>
          • </address>
        • </author>
      • <author initials="P" surname="Thubert" fullname="Pascal Thubert">
        • <organization abbrev="Cisco">
          • Cisco Systems, Inc
          • </organization>
        • <address>
          • <postal>
            • <street>
              • Building D
              • </street>
            • <street>
              • 45 Allee des Ormes - BP1200
              • </street>
            • <city>
              • MOUGINS - Sophia Antipolis
              • </city>
            • <code>
              • 06254
              • </code>
            • <country>
              • France
              • </country>
            • </postal>
          • <phone>
            • +33 497 23 26 34
            • </phone>
          • <email>
            • pthubert@cisco.com
            • </email>
          • </address>
        • </author>
      • <author fullname="Rabi Narayan Sahoo" initials="R.N." surname="Sahoo">
        • <organization>
          • Huawei
          • </organization>
        • <address>
          • <postal>
            • <street>
              • Kundalahalli Village, Whitefield,
              • </street>
            • <city>
              • Bangalore
              • </city>
            • <region>
              • Karnataka
              • </region>
            • <code>
              • 560037
              • </code>
            • <country>
              • India
              • </country>
            • </postal>
          • <phone>
            • +91-080-49160700
            • </phone>
          • <email>
            • rabinarayans@huawei.com
            • </email>
          • </address>
        • </author>
      • <author initials="Z" surname="Cao" fullname="Zhen Cao">
        • <organization>
          • Huawei
          • </organization>
        • <address>
          • <postal>
            • <street>
              • W Chang'an Ave
              • </street>
            • <city>
              • Beijing
              • </city>
            • <country>
              • P.R. China
              • </country>
            • </postal>
          • <email>
            • zhencao.ietf@gmail.com
            • </email>
          • </address>
        • </author>
      • <date year="2019" month="August"/>
      • <-- If the month and year are both specified and are the current ones, xml2rfc will fill
                 in the current day for you. If only the current year is specified, xml2rfc will fill
             in the current day and month for you. If the year is not the current one, it is
             necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
             purpose of calculating the expiry date). With drafts it is normally sufficient to
             specify just the year. -->
      • <-- Meta-data Declarations -->
      • <area>
        • General
        • </area>
      • <workgroup>
        • ROLL
        • </workgroup>
      • <-- WG name at the upperleft corner of the doc,
                 IETF is fine for individual submissions.
             If this element is not present, the default is "Network Working Group",
                 which is used by the RFC Editor as a nod to the history of the IETF. -->
      • <keyword>
        • template
        • </keyword>
      • <-- Keywords will be incorporated into HTML output
                 files in a meta tag but they have no effect on text or nroff
                 output. If you submit your draft to the RFC Editor, the
                 keywords will be used for the search engine. -->
      • <abstract>
        • <t>
          • This document explains the problems associated with the current use of NPDAO messaging and also discusses the requirements for an optimized route invalidation messaging scheme. Further a new proactive route invalidation message called as "Destination Cleanup Object" (DCO) is specified which fulfills requirements of an optimized route invalidation messaging.
          • </t>
        • </abstract>
      • </front>
    • <middle>
      • <section numbered="true" toc="default">
        • <name>
          • Introduction
          • </name>
        • <t>
          • RPL <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> (Routing Protocol for Low power and lossy networks) specifies a proactive distance-vector based routing scheme. RPL has optional messaging in the form of DAO (Destination Advertisement Object) messages, which the 6LBR (6Lo Border Router) and 6LR (6Lo Router) can use to learn a route towards the downstream nodes. In storing mode, DAO messages would result in routing entries being created on all intermediate 6LRs from the node's parent all the way towards the 6LBR.
          • </t>
        • <t>
          • RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a routing path corresponding to the given target, thus releasing resources utilized on that path. A NPDAO is a DAO message with route lifetime of zero, originates at the target node and always flows upstream towards the 6LBR. This document explains the problems associated with the current use of NPDAO messaging and also discusses the requirements for an optimized route invalidation messaging scheme. Further a new proactive route invalidation message called as "Destination Cleanup Object" (DCO) is specified which fulfills requirements of an optimized route invalidation messaging.
          • </t>
        • <t>
          • The document only caters to the RPL's storing mode of operation (MOP). The non-storing MOP does not require use of NPDAO for route invalidation since routing entries are not maintained on 6LRs.
          • </t>
        • <section numbered="true" toc="default">
          • <name>
            • Requirements Language and Terminology
            • </name>
          • <t>
            • The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">REQUIRED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHALL</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHALL NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD NOT</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">RECOMMENDED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">NOT RECOMMENDED</bcp14>", "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14>", and "OPTIONAL" "<bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC2119" format="default"/> <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here.
            • </t>
          • <t>
            • This specification requires readers to be familiar with all the terms and concepts that are discussed in "RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks" <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>.
            • </t>
          • <dl newline="true" spacing="compact" "normal" >
            • <dt>
              • Low Power and Lossy Networks (LLN):
              • </dt>
            • <dd>
              • Network in which both the routers and their interconnect are constrained. LLN routers typically operate with constraints on processing power, memory, and energy (batter power). Their interconnects are characterized by high loss rates, low data rates, and instability.
              • </dd>
            • <dt>
              • 6LoWPAN Router (6LR):
              • </dt>
            • <dd>
              • An intermediate router that is able to send and receive Router Advertisements (RAs) and Router Solicitations (RSs) as well as forward and route IPv6 packets.
              • </dd>
            • <dt>
              • Directed Acyclic Graph (DAG):
              • </dt>
            • <dd>
              • A directed graph having the property that all edges are oriented in such a way that no cycles exist.
              • </dd>
            • <dt>
              • Destination-Oriented DAG (DODAG):
              • </dt>
            • <dd>
              • A DAG rooted at a single destination, i.e., at a single DAG root with no outgoing edges.
              • </dd>
            • <dt>
              • 6LoWPAN Border Router (6LBR):
              • </dt>
            • <dd>
              • A border router which is a DODAG root and is the edge node for traffic flowing in and out of the 6LoWPAN network.
              • </dd>
            • <dt>
              • Destination Advertisement Object (DAO):
              • </dt>
            • <dd>
              • DAO messaging allows downstream routes to the nodes to be established.
              • </dd>
            • <dt>
              • DODAG Information Object (DIO):
              • </dt>
            • <dd>
              • DIO messaging allows upstream routes to the 6LBR to be established. DIO messaging is initiated at the DAO root.
              • </dd>
            • <dt>
              • Common Ancestor node
              • </dt>
            • <dd>
              • 6LR/6LBR node which is the first common node between two paths of a target node.
              • </dd>
            • <dt>
              • No-Path DAO (NPDAO):
              • </dt>
            • <dd>
              • A DAO message which has target with lifetime 0 used for the purpose of route invalidation.
              • </dd>
            • <dt>
              • Destination Cleanup Object (DCO):
              • </dt>
            • <dd>
              • A new RPL control message code defined by this document. DCO messaging improves proactive route invalidation in RPL.
              • </dd>
            • <dt>
              • Regular DAO:
              • </dt>
            • <dd>
              • A DAO message with non-zero lifetime. Routing adjacencies are created or updated based on this message.
              • </dd>
            • <dt>
              • Target node:
              • </dt>
            • <dd>
              • The node switching its parent whose routing adjacencies are updated (created/removed).
              • </dd>
            • </dl>
          • </section>
        • <section anchor="current_npdao" numbered="true" toc="default">
          • <name>
            • Current NPDAO messaging
            • </name>
          • <t>
            • RPL uses NPDAO messaging in the storing mode so that the node changing its routing adjacencies can invalidate the previous route. This is needed so that nodes along the previous path can release any resources (such as the routing entry) they maintain on behalf of target node.
            • </t>
          • <t>
            • For the rest of this document consider the following topology:
            • </t>
          • <figure anchor="sample_top">
            • <name>
              • Sample topology
              • </name>
            • <artwork align="center" name="" type="" alt="">

              •     (6LBR)
                     / \
                    /   \
                   /     \
                 (G)     (H)
                  |       |
                  |       |
                  |       |
                 (B)     (C)
                   \      ;
                    \    ;
                     \  ;
                      / \
                     /   \
                    /     \
                  (E)     (F)
              • </artwork>
            • </figure>
          • <t>
            • Node (D) is connected via preferred parent (B). (D) has an alternate path via (C) towards the 6LBR. Node (A) is the common ancestor for (D) for paths through (B)-(G) and (C)-(H). When (D) switches from (B) to (C), RPL allows sending NPDAO to (B) and regular DAO to (C).
            • </t>
          • </section>
        • <--
                  <section title="Cases when No-Path DAO may be used">
                      <t> There are following cases in which a node switches its parent
                          and may employ No-Path DAO messaging:</t>

                      <t>Case I: Current parent becomes unavailable because of transient
                          or permanent link or parent node failure.</t>

                      <t>Case II: The node finds a better parent node i.e. the metrics of
                          another parent is better than its current parent.</t>

                      <t>Case III: The node switches to a new parent whom it "thinks" has
                          a better metric but does not in reality.</t>

                      <t>The usual steps of operation when the node switches the parent
                          is that the node sends a No-Path DAO message via its current parent
                          to invalidate its current route and subsequently it tries to
                          establish a new routing path by sending a new DAO via its new
        • <section numbered="true" toc="default">
          • <name>
            • Why Is NPDAO Important?
            • </name>
          • <t>
            • Nodes in LLNs may be resource constrained. There is limited memory available and routing entry records are one of the primary elements occupying dynamic memory in the nodes. Route invalidation helps 6LR nodes to decide which entries could be discarded to better optimize resource utilization. Thus it becomes necessary to have an efficient route invalidation mechanism. Also note that a single parent switch may result in a "sub-tree" switching from one parent to another. Thus the route invalidation needs to be done on behalf of the sub-tree and not the switching node alone. In the above example, when Node (D) switches parent, the route updates needs to be done for the routing tables entries of (C),(H),(A),(G), and (B) with destination (D),(E) and (F). Without efficient route invalidation, a 6LR may have to hold a lot of stale route entries.
            • </t>
          • </section>
        • </section>
      • <section anchor="current_npdao_problems" numbered="true" toc="default">
        • <name>
          • Problems with current NPDAO messaging
          • </name>
        • <section numbered="true" toc="default">
          • <name>
            • Lost NPDAO due to link break to the previous parent
            • </name>
          • <t>
            • When a node switches its parent, the NPDAO is to be sent to its previous parent and a regular DAO to its new parent. In cases where the node switches its parent because of transient or permanent parent link/node failure then the NPDAO message is bound to fail.
            • </t>
          • <--
                            RPL allows use of route lifetime to remove unwanted routes in
                            case the routes could not be refreshed. But route lifetimes in
                            case of LLNs could be substantially high and thus the route
                            entries would be stuck for longer times.
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Invalidate Routes of Dependent Nodes
            • </name>
          • <t>
            • RPL does not specify how route invalidation will work for dependent nodes rooted at the switching node, resulting in stale routing entries of the dependent nodes. The only way for 6LR to invalidate the route entries for dependent nodes would be to use route lifetime expiry which could be substantially high for LLNs.
            • </t>
          • <t>
            • In the example topology, when Node (D) switches its parent, Node (D) generates an NPDAO on its behalf. There is no NPDAO generated by the dependent child nodes (E) and (F), through the previous path via (D) to (B) and (G), resulting in stale entries on nodes (B) and (G) for nodes (E) and (F).
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Possible route downtime caused by asynchronous operation of NPDAO and DAO
            • </name>
          • <t>
            • A switching node may generate both an NPDAO and DAO via two different paths at almost the same time. There is a possibility that an NPDAO generated may invalidate the previous route and the regular DAO sent via the new path gets lost on the way. This may result in route downtime impacting downward traffic for the switching node.
            • </t>
          • <t>
            • In the example topology, consider Node (D) switches from parent (B) to (C). An NPDAO sent via the previous route may invalidate the previous route whereas there is no way to determine whether the new DAO has successfully updated the route entries on the new path.
            • </t>
          • </section>
        • </section>
      • <section anchor="requirements" numbered="true" toc="default">
        • <name>
          • Requirements for the NPDAO Optimization
          • </name>
        • <section numbered="true" toc="default">
          • <name>
            • Req#1: Remove messaging dependency on link to the previous parent
            • </name>
          • <t>
            • When the switching node sends the NPDAO message to the previous parent, it is normal that the link to the previous parent is prone to failure (that's why the node decided to switch). Therefore, it is required that the route invalidation does not depend on the previous link which is prone to failure. The previous link referred here represents the link between the node and its previous parent (from whom the node is now disassociating).
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Req#2: Dependent nodes route invalidation on parent switching
            • </name>
          • <t>
            • It should be possible to do route invalidation for dependent nodes rooted at the switching node.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Req#3: Route invalidation should not impact data traffic
            • </name>
          • <t>
            • While sending the NPDAO and DAO messages, it is possible that the NPDAO successfully invalidates the previous path, while the newly sent DAO gets lost (new path not set up successfully). This will result in downstream unreachability to the node switching paths. Therefore, it is desirable that the route invalidation is synchronized with the DAO to avoid the risk of route downtime.
            • </t>
          • </section>
        • </section>
      • <-- Too Confusing section and may not be needed now... If required this can be added in Appendix.
            <section title="Existing Solution">
                <section title="NPDAO can be generated by the parent node who detects
                link failure to the child">
                    <t>RPL states mechanisms which could be utilized to clear DAO
                    states in a sub-DODAG. [RFC6550] Section states "With DAO
                    inconsistency loop recovery, a packet can be used to recursively
                    explore and clean up the obsolete DAO states along a

                    <t>Thus in the sample topology in Figure 1, when Node (B) detects
                    link failure to (D), (B) has an option of generating an NPDAO on
                    behalf of Node (D) and its sub-childs, (E) and (F).</t>

                    <t>This section explains why generation of an NPDAO in such cases
                    may not function as desired. Primarily the DAO state information in
                    the form of Path Sequence plays a major role here. Every target is
                    associated with a Path Sequence number which relates to the latest
                    state of the target. <xref target="RFC6550"/> Section 7.1 explains
                    the semantics of Path Sequence number. The target node increments
                    the Path Sequence number every time it generates a new DAO. The
                    router nodes en-route utilize this Path Sequence number to decide
                    the freshness of target information. If a non-target node has to
                    generate an NPDAO then it could use following two possibilities
                    with Path Sequence number: </t>

                    <t>Let the Path Sequence number of old regular DAO that flowed
                    through (B) be x. The subsequent regular DAO generated by Node (D)
                    will have sequence number x+1.</t>

                    <t>i. Node (B) uses the previous Path Sequence number from the
                    regular DAO i.e. NPDAO(pathseq=x)</t>

                    <t>ii. Node (B) increments the Path Sequence number i.e.

                    <t>In case i, the NPDAO(pathseq=x) will be dropped by all the
                    intermediate nodes since the semantics of Path Sequence number
                    dictates that any DAO with an older Path Sequence number be

                    <t>In case ii, there is a risk that the NPDAO(pathseq=x+1)
                    traverses up the DODAG and invalidates all the routes till the root
                    and then the regular DAO(pathseq=x+1) from the target traverses
                    upwards. In this case the regular DAO(pathseq=x+1) will be dropped
                    from common ancestor node to the root. This will result in route

                    <t>Another problem with this scheme is its dependence on the
                    upstream neighbor to detect that the downstream neighbor is
                    unavailable. There are two possibilities by which such a detection
                    might be put to work:</t>

                    <t>i. There is P2P traffic from the previous sub-DODAG to any of
                    nodes in the sub-tree which has switched the path. In the above
                    example, lets consider that Node (G) has P2P traffic for either of
                    nodes (D), (E), or (F). In this case, Node (B) will detect
                    forwarding error while forwarding the packets from Node (B) to (D).
                    But dependence on P2P traffic may not be an optimal way to solve
                    this problem considering the reactive approach of the scheme. The
                    P2P traffic pattern might be sparse and thus such a detection might
                    kick-in too late.</t>

                    <t>ii. The other case is where Node (B) explicitly employs some
                    mechanism to probe directly attached downstream child nodes. Such
                    kind of schemes are seldom used.</t>

                <section title="NPDAO can be generated once the link is restored to
                the previous parent">
                    <t>This scheme solves a specific scenario of transient links. The
                    child node can detect that the connection to previous parent is
                    restored and then transmit an NPDAO to the previous parent to
                    invalidate the route. This scheme is stateful, thus requires more
                    memory and solves a specific scenario.</t>
      • <section numbered="true" toc="default">
        • <name>
          • Changes to RPL signaling
          • </name>
        • <section numbered="true" toc="default">
          • <name>
            • Change in RPL route invalidation semantics
            • </name>
          • <t>
            • As described in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="current_npdao" format="default"/>, the NPDAO originates at the node changing to a new parent and traverses upstream towards the root. In order to solve the problems as mentioned in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="current_npdao_problems" format="default"/>, the document adds a new proactive route invalidation message called "Destination Cleanup Object" (DCO) that originates at a common ancestor node and flows downstream between the new and old path. The common ancestor node generates a DCO in response to the change in the next-hop on receiving a regular DAO with updated Path Sequence for the target.
            • </t>
          • <t>
            • The 6LRs in the path for DCO take action such as route invalidation based on the DCO information and subsequently send another DCO with the same information downstream to the next hop. This operation is similar to how the DAOs are handled on intermediate 6LRs in storing MOP in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>. Just like DAO in storing MOP, the DCO is sent using link-local unicast source and destination IPv6 address. Unlike DAO, which always travels upstream, the DCO always travels downstream.
            • </t>
          • <t>
            • In <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="sample_top" format="default"/>, when node D decides to switch the path from B to C, it sends a regular DAO to node C with reachability information containing the address of D as the target and an incremented Path Sequence. Node C will update the routing table based on the reachability information in the DAO and in turn generate another DAO with the same reachability information and forward it to H. Node H also follows the same procedure as Node C and forwards it to node A. When node A receives the regular DAO, it finds that it already has a routing table entry on behalf of the target address of node D. It finds however that the next hop information for reaching node D has changed i.e., node D has decided to change the paths. In this case, Node A which is the common ancestor node for node D along the two paths (previous and new), should generate a DCO which traverses downwards in the network. Node A handles normal DAO forwarding to 6LBR as required by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>.
            • </t>
          • </section>
        • <section anchor="transit_opt_changes" numbered="true" toc="default">
          • <name>
            • Transit Information Option changes
            • </name>
          • <t>
            • Every RPL message is divided into base message fields and additional Options as described in Section 6 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>. sectionFormat="of" section="6"/>. The base fields apply to the message as a whole and options are appended to add message/use-case specific attributes. As an example, a DAO message may be attributed by one or more "RPL Target" options which specify the reachability information for the given targets. Similarly, a Transit Information option may be associated with a set of RPL Target options.
            • </t>
          • <t>
            • This document specifies a change in the Transit Information Option to contain the "Invalidate previous route" (I) flag. This I-flag signals the common ancestor node to generate a DCO on behalf of the target node. The I-flag is carried in the Transit Information Option which augments the reachability information for a given set of RPL Target(s). Transit Information Option with I-flag set should be carried in the DAO message when route invalidation is sought for the corresponding target(s).
            • </t>
          • <figure anchor="transit_info_with_i">
            • <name>
              • Updated Transit Information Option (New I flag added)
              • </name>
            • <artwork align="center" name="" type="" alt="">

              • 0                   1                   2                   3
                0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                |   Type = 0x06 | Option Length |E|I|  Flags    | Path Control  |
                | Path Sequence | Path Lifetime |
              • </artwork>
            • </figure>
          • <dl newline="true">
            • <dt>
              • I (Invalidate previous route) flag:
              • </dt>
            • <tdd>
              • I (Invalidate previous route) flag: The 'I' flag is set by the target node to indicate to the common ancestor node that it wishes to invalidate any previous route between the two paths.
              • </t>
            • </dl>
          • <t>
            • <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> allows the parent address to be sent in the Transit Information Option depending on the mode of operation. In case of storing mode of operation the field is usually not needed. In case of DCO, the parent address field MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> be included.
            • </t>
          • <t>
            • The common ancestor node SHOULD <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14> generate a DCO message in response to this I-flag when it sees that the routing adjacencies have changed for the target. The I-flag is intended to give the target node control over its own route invalidation, serving as a signal to request DCO generation.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Destination Cleanup Object (DCO)
            • </name>
          • <t>
            • A new ICMPv6 RPL control message code is defined by this specification and is referred to as "Destination Cleanup Object" (DCO), which is used for proactive cleanup of state and routing information held on behalf of the target node by 6LRs. The DCO message always traverses downstream and cleans up route information and other state information associated with the given target.
            • </t>
          • <figure anchor="dco_obj">
            • <name>
              • DCO base object
              • </name>
            • <artwork align="center" name="" type="" alt="">

              • 0                   1                   2                   3
                0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                | RPLInstanceID |K|D|   Flags   |   Reserved    | DCOSequence   |
                |                                                               |
                +                                                               +
                |                                                               |
                +                            DODAGID(optional)                  +
                |                                                               |
                +                                                               +
                |                                                               |
                |   Option(s)...
              • </artwork>
            • </figure>
          • <dl newline="true">
            • <dt>
              • RPLInstanceID:
              • </dt>
            • <tdd>
              • RPLInstanceID: 8-bit field indicating the topology instance associated with the DODAG, as learned from the DIO.
              • </t>
            • <dt>
              • K:
              • </dt>
            • <tdd>
              • K: The 'K' flag indicates that the recipient of DCO message is expected to send a DCO-ACK back. If the DCO-ACK is not received even after setting the 'K' flag, an implementation may retry the DCO at a later time. The number of retries are implementation and deployment dependent and are expected to be kept similar with those used in DAO retries in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="dco_retry" format="default"/> specifies the considerations for DCO retry. A node receiving a DCO message without the 'K' flag set MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> respond with a DCO-ACK, especially to report an error condition. An example error condition could be that the node sending the DCO-ACK does not find the routing entry for the indicated target. When the sender does not set the 'K' flag it is an indication that the sender does not expect a response, and the sender SHOULD NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD NOT</bcp14> retry the DCO.
              • </t>
            • <dt>
              • D:
              • </dt>
            • <tdd>
              • D: The 'D' flag indicates that the DODAGID field is present. This flag MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be set when a local RPLInstanceID is used.
              • </t>
            • <dt>
              • Flags:
              • </dt>
            • <tdd>
              • Flags: The 6 bits remaining unused in the Flags field are reserved for future use. These bits MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be initialized to zero by the sender and MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be ignored by the receiver.
              • </t>
            • <dt>
              • Reserved:
              • </dt>
            • <tdd>
              • Reserved: 8-bit unused field. The field MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be initialized to zero by the sender and MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be ignored by the receiver.
              • </t>
            • <dt>
              • DCOSequence:
              • </dt>
            • <tdd>
              • DCOSequence: 8-bit field incremented at each unique DCO message from a node and echoed in the DCO-ACK message. The initial DCOSequence can be chosen randomly by the node. <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="base_rules" format="default"/> explains the handling of the DCOSequence.
              • </t>
            • <dt>
              • DODAGID (optional):
              • </dt>
            • <tdd>
              • DODAGID (optional): 128-bit unsigned integer set by a DODAG root that uniquely identifies a DODAG. This field MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be present when the 'D' flag is set and MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> be present if 'D' flag is not set. DODAGID is used when a local RPLInstanceID is in use, in order to identify the DODAGID that is associated with the RPLInstanceID.
              • </t>
            • </dl>
          • <section numbered="true" toc="default">
            • <name>
              • Secure DCO
              • </name>
            • <t>
              • A Secure DCO message follows the format in Figure 7 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> Figure 7, "default"/>, where the base message format is the DCO message shown in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="dco_obj" format="default"/>.
              • </t>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • DCO Options
              • </name>
            • <t>
              • The DCO message MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> carry at least one RPL Target and the Transit Information Option and MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> carry other valid options. This specification allows for the DCO message to carry the following options:
              • </t>
            • <ul empty="true" spacing="compact">
              • <table>
                • <tbody>
                  • <li>
                    • <tr>
                      • <td>
                        • 0x00
                        • </td>
                      • <td>
                        • 0x00 Pad1
                        • </td>
                      • </tr>
                    • </li>
                  • <li>
                    • <tr>
                      • <td>
                        • 0x01
                        • </td>
                      • <td>
                        • 0x01 PadN
                        • </td>
                      • </tr>
                    • </li>
                  • <li>
                    • <tr>
                      • <td>
                        • 0x05
                        • </td>
                      • <td>
                        • 0x05 RPL Target
                        • </td>
                      • </tr>
                    • </li>
                  • <li>
                    • <tr>
                      • <td>
                        • 0x06
                        • </td>
                      • <td>
                        • 0x06 Transit Information
                        • </td>
                      • </tr>
                    • </li>
                  • <li>
                    • <tr>
                      • <td>
                        • 0x09
                        • </td>
                      • <td>
                        • 0x09 RPL Target Descriptor
                        • </td>
                      • </tr>
                    • </li>
                  • </tbody>
                • </table>
              • </ul>
            • <t>
              • Section 6.7 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> sectionFormat="of" section="6.7"/> defines all the above mentioned options. The DCO carries an RPL Target Option and an associated Transit Information Option with a lifetime of 0x00000000 to indicate a loss of reachability to that Target.
              • </t>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • Path Sequence number in the DCO
              • </name>
            • <t>
              • A DCO message may contain a Path Sequence in the Transit Information Option to identify the freshness of the DCO message. The Path Sequence in the DCO MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> use the same Path Sequence number present in the regular DAO message when the DCO is generated in response to a DAO message. Thus if a DCO is received by a 6LR and subsequently a DAO is received with an old sequence number, then the DAO MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be ignored. When the DCO is generated in response to a DCO from upstream parent, the Path Sequence MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be copied from the received DCO.
              • </t>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • Destination Cleanup Option Acknowledgment (DCO-ACK)
              • </name>
            • <t>
              • The DCO-ACK message SHOULD <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14> be sent as a unicast packet by a DCO recipient in response to a unicast DCO message with 'K' flag set. If 'K' flag is not set then the receiver of the DCO message MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> send a DCO-ACK, especially to report an error condition.
              • </t>
            • <figure anchor="dco_ack">
              • <name>
                • DCO-ACK base object
                • </name>
              • <artwork align="center" name="" type="" alt="">

                • 0                   1                   2                   3
                  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
                  | RPLInstanceID |D|   Flags     |  DCOSequence  |    Status     |
                  |                                                               |
                  +                                                               +
                  |                                                               |
                  +                            DODAGID(optional)                  +
                  |                                                               |
                  +                                                               +
                  |                                                               |
                • </artwork>
              • </figure>
            • <dl newline="true">
              • <dt>
                • RPLInstanceID:
                • </dt>
              • <dd>
                • 8-bit field indicating the topology instance associated with the DODAG, as learned from the DIO.
                • </dd>
              • <dt>
                • RPLInstanceID:
                • </dt>
              • <tdd>
                • RPLInstanceID: 8-bit field indicating the topology instance associated with the DODAG, as learned from the DIO.
                • </t>
              • <dt>
                • D:
                • </dt>
              • <tdd>
                • D: The 'D' flag indicates that the DODAGID field is present. This flag MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be set when a local RPLInstanceID is used.
                • </t>
              • <dt>
                • Flags:
                • </dt>
              • <tdd>
                • Flags: 7-bit unused field. The field MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be initialized to zero by the sender and MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be ignored by the receiver.
                • </t>
              • <dt>
                • DCOSequence:
                • </dt>
              • <tdd>
                • DCOSequence: 8-bit field. The DCOSequence in DCO-ACK is copied from the DCOSequence received in the DCO message.
                • </t>
              • <dt>
                • Status:
                • </dt>
              • <tdd>
                • Status: Indicates the completion. Status 0 is defined as unqualified acceptance in this specification. Status 1 is defined as "No routing-entry for the Target found". The remaining status values are reserved as rejection codes.
                • </t>
              • <dt>
                • DODAGID (optional):
                • </dt>
              • <tdd>
                • DODAGID (optional): 128-bit unsigned integer set by a DODAG root that uniquely identifies a DODAG. This field MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be present when the 'D' flag is set and MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> be present when 'D' flag is not set. DODAGID is used when a local RPLInstanceID is in use, in order to identify the DODAGID that is associated with the RPLInstanceID.
                • </t>
              • </dl>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • Secure DCO-ACK
              • </name>
            • <t>
              • A Secure DCO-ACK message follows the format in Figure 7 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> Figure 7, "default"/>, where the base message format is the DCO-ACK message shown in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="dco_ack" format="default"/>.
              • </t>
            • </section>
          • </section>
        • <section anchor="base_rules" numbered="true" toc="default">
          • <name>
            • DCO Base Rules
            • </name>
          • <ol spacing="compact" "normal" type="1">
            • <li>
              • If a node sends a DCO message with newer or different information than the prior DCO message transmission, it MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> increment the DCOSequence field by at least one. A DCO message transmission that is identical to the prior DCO message transmission MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> increment the DCOSequence field. The DCOSequence counter follows the sequence counter operation as defined in Section 7.2 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>. sectionFormat="of" section="7.2"/>.
              • </li>
            • <li>
              • The RPLInstanceID and DODAGID fields of a DCO message MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be the same value as that of the DAO message in response to which the DCO is generated on the common ancestor node.
              • </li>
            • <li>
              • A node MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> set the 'K' flag in a unicast DCO message to solicit a unicast DCO-ACK in response in order to confirm the attempt.
              • </li>
            • <li>
              • A node receiving a unicast DCO message with the 'K' flag set SHOULD <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14> respond with a DCO-ACK. A node receiving a DCO message without the 'K' flag set MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> respond with a DCO-ACK, especially to report an error condition.
              • </li>
            • <li>
              • A node receiving a unicast DCO message MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> verify the stored Path Sequence in context to the given target. If the stored Path Sequence is more fresh, newer than the Path Sequence received in the DCO, then the DCO MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be dropped.
              • </li>
            • <li>
              • A node that sets the 'K' flag in a unicast DCO message but does not receive DCO-ACK in response MAY <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MAY</bcp14> reschedule the DCO message transmission for another attempt, up until an implementation specific number of retries.
              • </li>
            • <li>
              • A node receiving a unicast DCO message with its own address in the RPL Target Option MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> strip-off that Target Option. If this Target Option is the only one in the DCO message then the DCO message MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be dropped.
              • </li>
            • </ol>
          • <t>
            • The scope of DCOSequence values is unique to the node which generates it.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Unsolicited DCO
            • </name>
          • <t>
            • A 6LR may generate an unsolicited DCO to unilaterally cleanup the path on behalf of the target entry. The 6LR has all the state information, namely, the Target address and the Path Sequence, required for generating DCO in its routing table. The conditions why 6LR may generate an unsolicited DCO are beyond the scope of this document but some possible reasons could be:
            • </t>
          • <ol spacing="compact" "normal" type="1">
            • <li>
              • On route expiry of an entry, a 6LR may decide to graciously cleanup the entry by initiating DCO.
              • </li>
            • <li>
              • 6LR needs to entertain higher priority entries in case the routing table is full, thus resulting in eviction of an existing routing entry. In this case the eviction can be handled graciously using DCO.
              • </li>
            • </ol>
          • <t>
            • Note that if the 6LR initiates a unilateral path cleanup using DCO and if it has the latest state for the target then the DCO would finally reach the target node. Thus the target node would be informed of its invalidation.
            • </t>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Other considerations
            • </name>
          • <section numbered="true" toc="default">
            • <name>
              • Dependent Nodes invalidation
              • </name>
            • <t>
              • Current RPL <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> does not provide a mechanism for route invalidation for dependent nodes. This document allows the dependent nodes invalidation. Dependent nodes will generate their respective DAOs to update their paths, and the previous route invalidation for those nodes should work in the similar manner described for switching node. The dependent node may set the I-flag in the Transit Information Option as part of regular DAO so as to request invalidation of previous route from the common ancestor node.
              • </t>
            • <t>
              • Dependent nodes do not have any indication regarding if any of their parents in turn have decided to switch their parent. Thus for route invalidation the dependent nodes may choose to always set the 'I' flag in all its DAO message's Transit Information Option. Note that setting the I-flag is not counterproductive even if there is no previous route to be invalidated.
              • </t>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • NPDAO and DCO in the same network
              • </name>
            • <t>
              • The current NPDAO mechanism in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> can still be used in the same network where DCO is used. The NPDAO messaging can be used, for example, on route lifetime expiry of the target or when the node simply decides to gracefully terminate the RPL session on graceful node shutdown. Moreover, a deployment can have a mix of nodes supporting the DCO and the existing NPDAO mechanism. It is also possible that the same node supports both the NPDAO and DCO signaling for route invalidation.
              • </t>
            • <t>
              • Section 9.8 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> sectionFormat="of" section="9.8"/> states, "When a node removes a node from its DAO parent set, it SHOULD <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">SHOULD</bcp14> send a No-Path DAO message to that removed DAO parent to invalidate the existing router". This document introduces an alternative and more optimized way of route invalidation but it also allows existing NPDAO messaging to work. Thus an implementation has two choices to make when a route invalidation is to be initiated:
              • </t>
            • <ol spacing="compact" "normal" type="1">
              • <li>
                • Use NPDAO to invalidate the previous route and send regular DAO on the new path.
                • </li>
              • <li>
                • Send regular DAO on the new path with the 'I' flag set in the Transit Information Option such that the common ancestor node initiates the DCO message downstream to invalidate the previous route.
                • </li>
              • </ol>
            • <t>
              • This document recommends using option 2 for reasons specified in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="requirements" format="default"/> in this document.
              • </t>
            • <t>
              • This document assumes that all the 6LRs in the network support this specification. If there are 6LRs en-route DCO message path which do not support this document, then the route invalidation for corresponding targets may not work or may work partially i.e., only part of the path supporting DCO may be invalidated. Alternatively, a node could generate an NPDAO if it does not receive a DCO with itself as target within specified time limit. The specified time limit is deployment specific and depends upon the maximum depth of the network and per hop average latency. Note that sending NPDAO and DCO for the same operation would not result in unwanted side-effects because the acceptability of NPDAO or DCO depends upon the Path Sequence freshness.
              • </t>
            • </section>
          • <section anchor="dco_retry" numbered="true" toc="default">
            • <name>
              • Considerations for DCO retry
              • </name>
            • <t>
              • A DCO message could be retried by a sender if it sets the 'K' flag and does not receive a DCO-ACK. The DCO retry time could be dependent on the maximum depth of the network and average per hop latency. This could range from 2 seconds to 120 seconds depending on the deployment. In case the latency limits are not known, an implementation MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> retry more than once in 3 seconds and MUST NOT <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST NOT</bcp14> retry more than 3 times.
              • </t>
            • <t>
              • The number of retries could also be set depending on how critical the route invalidation could be for the deployment and the link layer retry configuration. For networks supporting only MP2P and P2MP flows, such as in AMI and telemetry applications, the 6LRs may not be very keen to invalidate routes, unless they are highly memory-constrained. For home and building automation networks which may have substantial P2P traffic, the 6LRs might be keen to invalidate efficiently because it may additionally impact the forwarding efficiency.
              • </t>
            • </section>
          • <section numbered="true" toc="default">
            • <name>
              • DCO with multiple preferred parents
              • </name>
            • <t>
              • <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> allows a node to select multiple preferred parents for route establishment. Section 9.2.1 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> sectionFormat="of" section="9.2.1"/> specifies, "All DAOs generated at the same time for the same Target MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be sent with the same Path Sequence in the Transit Information". Subsequently when route invalidation has to be initiated, RPL mentions use of NPDAO which can be initiated with an updated Path Sequence to all the parent nodes through which the route is to be invalidated.
              • </t>
            • <t>
              • With DCO, the Target node itself does not initiate the route invalidation and it is left to the common ancestor node. A common ancestor node when it discovers an updated DAO from a new next-hop, it initiates a DCO. With multiple preferred parents, this handling does not change. But in this case it is recommended that an implementation initiates a DCO after a time period (DelayDCO) such that the common ancestor node may receive updated DAOs from all possible next-hops. This will help to reduce DCO control overhead i.e., the common ancestor can wait for updated DAOs from all possible directions before initiating a DCO for route invalidation. After timeout, the DCO needs to be generated for all the next-hops for whom the route invalidation needs to be done.
              • </t>
            • <t>
              • This document recommends using a DelayDCO timer value of 1sec. This value is inspired by the default DelayDAO value of 1sec in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>. Here the hypothesis is that the DAOs from all possible parent sets would be received on the common ancestor within this time period.
              • </t>
            • <t>
              • It is still possible that a DCO is generated before all the updated DAOs from all the paths are received. In this case, the ancestor node would start the invalidation procedure for paths from which the updated DAO is not received. The DCO generated in this case would start invalidating the segments along these paths on which the updated DAOs are not received. But once the DAO reaches these segments, the routing state would be updated along these segments and should not lead to any inconsistent routing state.
              • </t>
            • <t>
              • Note that there is no requirement for synchronization between DCO and DAOs. The DelayDCO timer simply ensures that the DCO control overhead can be reduced and is only needed when the network contains nodes using multiple preferred parent.
              • </t>
            • </section>
          • </section>
        • </section>
      • <section anchor="Acknowledgments" numbered="true" toc="default">
        • <name>
          • Acknowledgments
          • </name>
        • <t>
          • Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, Georgios Papadopoulous, Peter Van Der Stok for their review and comments. Alvaro Retana helped shape this document's final version with critical review comments.
          • </t>
        • </section>
      • <-- Possibly a 'Contributors' section ... -->
      • <section anchor="IANA" numbered="true" toc="default">
        • <name>
          • IANA Considerations
          • </name>
        • <t>
          • IANA is requested to allocate new codes for the DCO and DCO-ACK messages from the RPL Control Codes registry.
          • </t>
        • <table align="center">
          • <thead>
            • <tr>
              • <th align="center">
                • Code
                • </th>
              • <th align="center">
                • Description
                • </th>
              • <th align="center">
                • Reference
                • </th>
              • </tr>
            • </thead>
          • <tbody>
            • <tr>
              • <td align="center">
                • TBD1
                • </td>
              • <td align="center">
                • Destination Cleanup Object
                • </td>
              • <td align="center">
                • This document
                • </td>
              • </tr>
            • <tr>
              • <td align="center">
                • TBD2
                • </td>
              • <td align="center">
                • Destination Cleanup Object Acknowledgment
                • </td>
              • <td align="center">
                • This document
                • </td>
              • </tr>
            • <tr>
              • <td align="center">
                • TBD3
                • </td>
              • <td align="center">
                • Secure Destination Cleanup Object
                • </td>
              • <td align="center">
                • This document
                • </td>
              • </tr>
            • <tr>
              • <td align="center">
                • TBD4
                • </td>
              • <td align="center">
                • Secure Destination Cleanup Object Acknowledgment
                • </td>
              • <td align="center">
                • This document
                • </td>
              • </tr>
            • </tbody>
          • </table>
        • <t>
          • IANA is requested to allocate bit 1 from the Transit Information Option Flags registry for the I-flag (<xref xmlns:xi="http://www.w3.org/2001/XInclude" target="transit_opt_changes" format="default"/>)
          • </t>
        • <section numbered="true" toc="default">
          • <name>
            • New Registry for the Destination Cleanup Object (DCO) Flags
            • </name>
          • <t>
            • IANA is requested to create a registry for the 8-bit Destination Cleanup Object (DCO) Flags field. This registry should be located in existing category of "Routing Protocol for Low Power and Lossy Networks (RPL)".
            • </t>
          • <t>
            • New bit numbers may be allocated only by an IETF Review. Each bit is tracked with the following qualities:
            • </t>
          • <ul spacing="compact">
            • <li>
              • Bit number (counting from bit 0 as the most significant bit)
              • </li>
            • <li>
              • Capability description
              • </li>
            • <li>
              • Defining RFC
              • </li>
            • </ul>
          • <t>
            • The following bits are currently defined:
            • </t>
          • <table align="center">
            • <name>
              • DCO Base Flags
              • </name>
            • <thead>
              • <tr>
                • <th align="center">
                  • Bit number
                  • </th>
                • <th align="center">
                  • Description
                  • </th>
                • <th align="center">
                  • Reference
                  • </th>
                • </tr>
              • </thead>
            • <tbody>
              • <tr>
                • <td align="center">
                  • 0
                  • </td>
                • <td align="center">
                  • DCO-ACK request (K)
                  • </td>
                • <td align="center">
                  • This document
                  • </td>
                • </tr>
              • <tr>
                • <td align="center">
                  • 1
                  • </td>
                • <td align="center">
                  • DODAGID field is present (D)
                  • </td>
                • <td align="center">
                  • This document
                  • </td>
                • </tr>
              • </tbody>
            • </table>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • New Registry for the Destination Cleanup Object Acknowledgment (DCO-ACK) Status field
            • </name>
          • <t>
            • IANA is requested to create a registry for the 8-bit Destination Cleanup Object Acknowledgment (DCO-ACK) Status field. This registry should be located in existing category of "Routing Protocol for Low Power and Lossy Networks (RPL)".
            • </t>
          • <t>
            • New Status values may be allocated only by an IETF Review. Each value is tracked with the following qualities:
            • </t>
          • <ul spacing="compact">
            • <li>
              • Status Code
              • </li>
            • <li>
              • Description
              • </li>
            • <li>
              • Defining RFC
              • </li>
            • </ul>
          • <t>
            • The following values are currently defined:
            • </t>
          • <table align="center">
            • <name>
              • DCO-ACK Status Codes
              • </name>
            • <thead>
              • <tr>
                • <th align="center">
                  • Status Code
                  • </th>
                • <th align="center">
                  • Description
                  • </th>
                • <th align="center">
                  • Reference
                  • </th>
                • </tr>
              • </thead>
            • <tbody>
              • <tr>
                • <td align="center">
                  • 0
                  • </td>
                • <td align="center">
                  • Unqualified acceptance
                  • </td>
                • <td align="center">
                  • This document
                  • </td>
                • </tr>
              • <tr>
                • <td align="center">
                  • 1
                  • </td>
                • <td align="center">
                  • No routing-entry for the indicated Target found
                  • </td>
                • <td align="center">
                  • This document
                  • </td>
                • </tr>
              • </tbody>
            • </table>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • New Registry for the Destination Cleanup Object (DCO) Acknowledgment Flags
            • </name>
          • <t>
            • IANA is requested to create a registry for the 8-bit Destination Cleanup Object (DCO) Acknowledgment Flags field. This registry should be located in existing category of "Routing Protocol for Low Power and Lossy Networks (RPL)".
            • </t>
          • <t>
            • New bit numbers may be allocated only by an IETF Review. Each bit is tracked with the following qualities:
            • </t>
          • <ul spacing="compact">
            • <li>
              • Bit number (counting from bit 0 as the most significant bit)
              • </li>
            • <li>
              • Capability description
              • </li>
            • <li>
              • Defining RFC
              • </li>
            • </ul>
          • <t>
            • The following bits are currently defined:
            • </t>
          • <table align="center">
            • <name>
              • DCO-ACK Base Flags
              • </name>
            • <thead>
              • <tr>
                • <th align="center">
                  • Bit number
                  • </th>
                • <th align="center">
                  • Description
                  • </th>
                • <th align="center">
                  • Reference
                  • </th>
                • </tr>
              • </thead>
            • <tbody>
              • <tr>
                • <td align="center">
                  • 0
                  • </td>
                • <td align="center">
                  • DODAGID field is present (D)
                  • </td>
                • <td align="center">
                  • This document
                  • </td>
                • </tr>
              • </tbody>
            • </table>
          • </section>
        • </section>
      • <section anchor="Security" numbered="true" toc="default">
        • <name>
          • Security Considerations
          • </name>
        • <t>
          • This document introduces the ability for a common ancestor node to invalidate a route on behalf of the target node. The common ancestor node could be directed to do so by the target node using the I-flag in DCO's Transit Information Option. However, the common ancestor node is in a position to unilaterally initiate the route invalidation since it possesses all the required state information, namely, the Target address and the corresponding Path Sequence. Thus a rogue common ancestor node could initiate such an invalidation and impact the traffic to the target node.
          • </t>
        • <t>
          • This document also introduces an I-flag which is set by the target node and used by the ancestor node to initiate a DCO if the ancestor sees an update in the route adjacency. However, this flag could be spoofed by a malicious 6LR in the path and can cause invalidation of an existing active path. Note that invalidation will happen only if the other conditions such as Path Sequence condition is also met. Having said that, such a malicious 6LR may spoof a DAO on behalf of the (sub) child with the I-flag set and can cause route invalidation on behalf of the (sub) child node. Note that, using existing mechanisms offered by <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>, a malicious 6LR might also spoof a DAO with lifetime of zero or otherwise cause denial of service by dropping traffic entirely, so the new mechanism described in this document does not present a substantially increased risk of disruption.
          • </t>
        • <t>
          • This document assumes that the security mechanisms as defined in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/> are followed, which means that the common ancestor node and all the 6LRs are part of the RPL network because they have the required credentials. A non-secure RPL network needs to take into consideration the risks highlighted in this section as well as those highlighted in <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>.
          • </t>
        • <t>
          • All RPL messages support a secure version of messages which allows integrity protection using either a MAC or a signature. Optionally, secured RPL messages also have encryption protection for confidentiality.
          • </t>
        • <t>
          • The document adds new messages (DCO, DCO-ACK) which are syntactically similar to existing RPL messages such as DAO, DAO-ACK. Secure versions of DCO and DCO-ACK are added similar to other RPL messages (such as DAO, DAO-ACK).
          • </t>
        • <t>
          • RPL supports three security modes as mentioned in Section 10.1 of <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="RFC6550" format="default"/>: sectionFormat="of" section="10.1"/>:
          • </t>
        • <ol spacing="compact" "normal" type="1">
          • <li>
            • Unsecured: In this mode, it is expected that the RPL control messages are secured by other security mechanisms, such as link-layer security. In this mode, the RPL control messages, including DCO, DCO-ACK, do not have Security sections. Also note that unsecured mode does not imply that all messages are sent without any protection.
            • </li>
          • <li>
            • Preinstalled: In this mode, RPL uses secure messages. Thus secure versions of DCO, DCO-ACK MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be used in this mode.
            • </li>
          • <li>
            • Authenticated: In this mode, RPL uses secure messages. Thus secure versions of DCO, DCO-ACK MUST <bcp14 xmlns:xi="http://www.w3.org/2001/XInclude">MUST</bcp14> be used in this mode.
            • </li>
          • </ol>
        • </section>
      • </middle>
    • <back>
      • <-- References split into informative and normative -->
      • <-- There are 2 ways to insert reference entries from the citation libraries:
             1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
             2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
                (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")

             Both are cited textually in the same manner: by using xref elements.
             If you use the PI option, xml2rfc will, by default, try to find included files in the same
             directory as the including file. You can also define the XML_LIBRARY environment variable
             with a value containing a set of directories to search. These can be either in the local
             filing system or remote ones accessed by http (http://domain/dir/... ).-->
      • <references>
        • <name>
          • Normative References
          • </name>
        • <--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?-->
        • <reference anchor="RFC6550" target="https://www.rfc-editor.org/info/rfc6550" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6550.xml">
          • <front>
            • <title>
              • RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks
              • </title>
            • <seriesInfo name="DOI" value="10.17487/RFC6550"/>
            • <seriesInfo name="RFC" value="6550"/>
            • <author initials="T." surname="Winter" fullname="T. Winter" role="editor">
              • <organization/>
              • </author>
            • <author initials="P." surname="Thubert" fullname="P. Thubert" role="editor">
              • <organization/>
              • </author>
            • <author initials="A." surname="Brandt" fullname="A. Brandt">
              • <organization/>
              • </author>
            • <author initials="J." surname="Hui" fullname="J. Hui">
              • <organization/>
              • </author>
            • <author initials="R." surname="Kelsey" fullname="R. Kelsey">
              • <organization/>
              • </author>
            • <author initials="P." surname="Levis" fullname="P. Levis">
              • <organization/>
              • </author>
            • <author initials="K." surname="Pister" fullname="K. Pister">
              • <organization/>
              • </author>
            • <author initials="R." surname="Struik" fullname="R. Struik">
              • <organization/>
              • </author>
            • <author initials="JP." surname="Vasseur" fullname="JP. Vasseur">
              • <organization/>
              • </author>
            • <author initials="R." surname="Alexander" fullname="R. Alexander">
              • <organization/>
              • </author>
            • <date year="2012" month="March"/>
            • <abstract>
              • <t>
                • Low-Power and Lossy Networks (LLNs) are a class of network in which both the routers and their interconnect are constrained. LLN routers typically operate with constraints on processing power, memory, and energy (battery power). Their interconnects are characterized by high loss rates, low data rates, and instability. LLNs are comprised of anything from a few dozen to thousands of routers. Supported traffic flows include point-to-point (between devices inside the LLN), point-to-multipoint (from a central control point to a subset of devices inside the LLN), and multipoint-to-point (from devices inside the LLN towards a central control point). This document specifies the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL), which provides a mechanism whereby multipoint-to-point traffic from devices inside the LLN towards a central control point as well as point-to-multipoint traffic from the central control point to the devices inside the LLN are supported. Support for point-to-point traffic is also available. [STANDARDS-TRACK]
                • </t>
              • </abstract>
            • </front>
          • </reference>
        • <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
          • <front>
            • <title>
              • Key words for use in RFCs to Indicate Requirement Levels
              • </title>
            • <seriesInfo name="DOI" value="10.17487/RFC2119"/>
            • <seriesInfo name="RFC" value="2119"/>
            • <seriesInfo name="BCP" value="14"/>
            • <author initials="S." surname="Bradner" fullname="S. Bradner">
              • <organization/>
              • </author>
            • <date year="1997" month="March"/>
            • <abstract>
              • <t>
                • In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
                • </t>
              • </abstract>
            • </front>
          • </reference>
        • <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml">
          • <front>
            • <title>
              • Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
              • </title>
            • <seriesInfo name="DOI" value="10.17487/RFC8174"/>
            • <seriesInfo name="RFC" value="8174"/>
            • <seriesInfo name="BCP" value="14"/>
            • <author initials="B." surname="Leiba" fullname="B. Leiba">
              • <organization/>
              • </author>
            • <date year="2017" month="May"/>
            • <abstract>
              • <t>
                • RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
                • </t>
              • </abstract>
            • </front>
          • </reference>
        • </references>
      • <section anchor="app-additional" numbered="true" toc="default">
        • <name>
          • Example Messaging
          • </name>
        • <section numbered="true" toc="default">
          • <name>
            • Example DCO Messaging
            • </name>
          • <t>
            • In <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="sample_top" format="default"/>, node (D) switches its parent from (B) to (C). This example assumes that Node D has already established its own route via Node B-G-A-6LBR using pathseq=x. The example uses DAO and DCO messaging convention and specifies only the required parameters to explain the example namely, the parameter 'tgt', which stands for Target Option and value of this parameter specifies the address of the target node. The parameter 'pathseq', which specifies the Path Sequence value carried in the Transit Information Option. The parameter 'I_flag' specifies the 'I' flag in the Transit Information Option. sequence of actions is as follows:
            • </t>
          • <ol spacing="compact" "normal" type="1">
            • <li>
              • Node D switches its parent from node B to node C
              • </li>
            • <li>
              • D sends a regular DAO(tgt=D,pathseq=x+1,I_flag=1) in the updated path to C
              • </li>
            • <li>
              • C checks for a routing entry on behalf of D, since it cannot find an entry on behalf of D it creates a new routing entry and forwards the reachability information of the target D to H in a DAO(tgt=D,pathseq=x+1,I_flag=1).
              • </li>
            • <li>
              • Similar to C, node H checks for a routing entry on behalf of D, cannot find an entry and hence creates a new routing entry and forwards the reachability information of the target D to A in a DAO(tgt=D,pathseq=x+1,I_flag=1).
              • </li>
            • <li>
              • Node A receives the DAO(tgt=D,pathseq=x+1,I_flag=1), and checks for a routing entry on behalf of D. It finds a routing entry but checks that the next hop for target D is different (i.e., Node G). Node A checks the I_flag and generates DCO(tgt=D,pathseq=x+1) to previous next hop for target D which is G. Subsequently, Node A updates the routing entry and forwards the reachability information of target D upstream DAO(tgt=D,pathseq=x+1,I_flag=1).
              • </li>
            • <li>
              • Node G receives the DCO(tgt=D,pathseq=x+1). It checks if the received path sequence is later than the stored path sequence. If it is later, Node G invalidates the routing entry of target D and forwards the (un)reachability information downstream to B in DCO(tgt=D,pathseq=x+1).
              • </li>
            • <li>
              • Similarly, B processes the DCO(tgt=D,pathseq=x+1) by invalidating the routing entry of target D and forwards the (un)reachability information downstream to D.
              • </li>
            • <li>
              • D ignores the DCO(tgt=D,pathseq=x+1) since the target is itself.
              • </li>
            • <li>
              • The propagation of the DCO will stop at any node where the node does not have an routing information associated with the target. If cached routing information is present and the cached Path Sequence is higher than the value in the DCO, then the DCO is dropped.
              • </li>
            • </ol>
          • </section>
        • <section numbered="true" toc="default">
          • <name>
            • Example DCO Messaging with multiple preferred parents
            • </name>
          • <figure anchor="sample_top_mpp">
            • <name>
              • Sample topology 2
              • </name>
            • <artwork align="center" name="" type="" alt="">

              •         (6LBR)
                         / \
                        /   \
                       /     \
                    (N21)   (N22)
                      /      / \
                     /      /   \
                    /      /     \
                 (N31)  (N32)  (N33)
                     :    |    /
                      :   |   /
                       :  |  /
              • </artwork>
            • </figure>
          • <t>
            • In <xref xmlns:xi="http://www.w3.org/2001/XInclude" target="sample_top_mpp" format="default"/>, node (N41) selects multiple preferred parents (N32) and (N33). The sequence of actions is as follows:
            • </t>
          • <ol spacing="compact" "normal" type="1">
            • <li>
              • (N41) sends DAO(tgt=N41,PS=x,I_flag=1) to (N32) and (N33). Here I_flag refers to the Invalidation flag and PS refers to Path Sequence in Transit Information option.
              • </li>
            • <li>
              • (N32) sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N33) also sends DAO(tgt=N41,PS=x,I_flag=1) to (N22). (N22) learns multiple routes for the same destination (N41) through multiple next-hops. (N22) may receive the DAOs from (N32) and (N33) in any order with the I_flag set. The implementation should use the DelayDCO timer to wait to initiate the DCO. If (N22) receives an updated DAO from all the paths then the DCO need not be initiated in this case. Thus the route table at N22 should contain (Dst,NextHop,PS): { (N41,N32,x), (N41,N33,x) }.
              • </li>
            • <li>
              • (N22) sends DAO(tgt=N41,PS=x,I_flag=1) to (N11).
              • </li>
            • <li>
              • (N11) sends DAO(tgt=N41,PS=x,I_flag=1) to (6LBR). Thus the complete path is established.
              • </li>
            • <li>
              • (N41) decides to change preferred parent set from { N32, N33 } to { N31, N32 }.
              • </li>
            • <li>
              • (N41) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N32). (N41) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N31).
              • </li>
            • <li>
              • (N32) sends DAO(tgt=N41,PS=x+1,I_flag=1) to (N22). (N22) has multiple routes to destination (N41). It sees that a new Path Sequence for Target=N41 is received and thus it waits for pre-determined time period (DelayDCO time period) to invalidate another route {(N41),(N33),x}. After time period, (N22) sends DCO(tgt=N41,PS=x+1) to (N33). Also (N22) sends the regular DAO(tgt=N41,PS=x+1,I_flag=1) to (N11).
              • </li>
            • <li>
              • (N33) receives DCO(tgt=N41,PS=x+1). The received Path Sequence is latest and thus it invalidates the entry associated with target (N41). (N33) then sends the DCO(tgt=N41,PS=x+1) to (N41). (N41) sees itself as the target and drops the DCO.
              • </li>
            • <li>
              • From Step 6 above, (N31) receives the DAO(tgt=N41,PS=x+1,I_flag=1). It creates a routing entry and sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N21). Similarly (N21) receives the DAO and subsequently sends the DAO(tgt=N41,PS=x+1,I_flag=1) to (N11).
              • </li>
            • <li>
              • (N11) receives DAO(tgt=N41,PS=x+1,I_flag=1) from (N21). It waits for DelayDCO timer since it has multiple routes to (N41). (N41) will receive DAO(tgt=N41,PS=x+1,I_flag=1) from (N22) from Step 7 above. Thus (N11) has received regular DAO(tgt=N41,PS=x+1,I_flag=1) from all paths and thus does not initiate DCO.
              • </li>
            • <li>
              • (N11) forwards the DAO(tgt=N41,PS=x+1,I_flag=1) to 6LBR and the full path is established.
              • </li>
            • </ol>
          • </section>
        • </section>
      • </back>
    • </rfc>
1<?xml version='1.0' encoding='utf-8'?>
3<rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF"
4     category="std" number="0000" consensus="true" ipr="trust200902"
5      xml:lang="en" version="3" obsoletes="" updates=""
6      docName="draft-ietf-roll-efficient-npdao-15"
7      sortRefs="true" symRefs="true" tocInclude="true">
9<!-- category values: std, bcp, info, exp, and historic
10    ipr values: full3667, noModification3667, noDerivatives3667
11    you can add the attributes updates="NNNN" and obsoletes="NNNN"
12    they will automatically be output with "(if approved)" -->
13<!-- ***** FRONT MATTER ***** -->
15  <front>
16    <title abbrev="Efficient Route Invalidation">Efficient Route
17    Invalidation</title>
19<!-- The abbreviated title is used in the page header - it is only necessary if the
20    full title is longer than 39 characters -->    
22    <seriesInfo name="RFC" value="0000"/>
23    <author fullname="Rahul Arvind Jadhav" initials="R.A." role="editor" surname="Jadhav">
24      <organization>Huawei</organization>
25      <address>
26        <postal>
27          <street>Kundalahalli Village, Whitefield,</street>
28          <city>Bangalore</city>
29          <region>Karnataka</region>
30          <code>560037</code>
31          <country>India</country>
32        </postal>
33        <phone>+91-080-49160700</phone>
34        <email>rahul.ietf@gmail.com</email>
35      </address>
36    </author>
37    <author initials="P" surname="Thubert" fullname="Pascal Thubert">
38      <organization abbrev="Cisco">Cisco Systems, Inc</organization>
39      <address>
40        <postal>
41          <street>Building D</street>
42          <street>45 Allee des Ormes - BP1200 </street>
43          <city>MOUGINS - Sophia Antipolis</city>
44          <code>06254</code>
45          <country>France</country>
46        </postal>
47        <phone>+33 497 23 26 34</phone>
48        <email>pthubert@cisco.com</email>
49      </address>
50    </author>
51    <author fullname="Rabi Narayan Sahoo" initials="R.N." surname="Sahoo">
52      <organization>Huawei</organization>
53      <address>
54        <postal>
55          <street>Kundalahalli Village, Whitefield, </street>
56          <city>Bangalore</city>
57          <region>Karnataka</region>
58          <code>560037</code>
59          <country>India</country>
60        </postal>
61        <phone>+91-080-49160700</phone>
62        <email>rabinarayans@huawei.com</email>
63      </address>
64    </author>
65    <author initials="Z" surname="Cao" fullname="Zhen Cao">
66      <organization>Huawei</organization>
67      <address>
68        <postal>
69          <street>W Chang'an Ave</street>
70          <city>Beijing</city>
71          <country>P.R. China</country>
72        </postal>
73        <email>zhencao.ietf@gmail.com</email>
74      </address>
75    </author>
76    <date month="August" year="2019"/>
77    <!-- If the month and year are both specified and are the current ones, xml2rfc will fill
78         in the current day for you. If only the current year is specified, xml2rfc will fill
79     in the current day and month for you. If the year is not the current one, it is
80     necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
81     purpose of calculating the expiry date). With drafts it is normally sufficient to
82     specify just the year. -->
83    <!-- Meta-data Declarations -->
84    <area>General</area>
85    <workgroup>ROLL</workgroup>
86    <!-- WG name at the upperleft corner of the doc,
87         IETF is fine for individual submissions.
88     If this element is not present, the default is "Network Working Group",
89         which is used by the RFC Editor as a nod to the history of the IETF. -->
90    <keyword>template</keyword>
91    <!-- Keywords will be incorporated into HTML output
92         files in a meta tag but they have no effect on text or nroff
93         output. If you submit your draft to the RFC Editor, the
94         keywords will be used for the search engine. -->
95    <abstract>
96      <t>
97        This document explains the problems associated with the current use of
98        NPDAO messaging and also discusses the requirements for an optimized
99        route invalidation messaging scheme. Further a new proactive route
100        invalidation message called as "Destination Cleanup Object" (DCO) is
101        specified which fulfills requirements of an optimized route
102        invalidation messaging.
103      </t>
104    </abstract>
105  </front>
106  <middle>
107    <section numbered="true" toc="default">
108      <name>Introduction</name>
109      <t>
110            RPL <xref target="RFC6550" format="default"/> (Routing Protocol for Low power and
111            lossy networks) specifies a proactive distance-vector based routing
112            scheme. RPL has optional messaging in the form of DAO
113            (Destination Advertisement Object) messages, which the 6LBR (6Lo
114            Border Router) and 6LR (6Lo Router) can use to learn a route
115            towards the downstream nodes. In storing mode, DAO messages would
116            result in routing entries being created on all intermediate 6LRs
117            from the node's parent all the way towards the 6LBR.
118      </t>
119      <t>
120            RPL allows the use of No-Path DAO (NPDAO) messaging to invalidate a
121            routing path corresponding to the given target, thus releasing
122            resources utilized on that path. A NPDAO is a DAO message with
123            route lifetime of zero, originates at the target node and always
124            flows upstream towards the 6LBR. This document explains the
125            problems associated with the current use of NPDAO messaging and
126            also discusses the requirements for an optimized route invalidation
127            messaging scheme. Further a new proactive route invalidation
128            message called as "Destination Cleanup Object" (DCO) is specified
129            which fulfills requirements of an optimized route invalidation
130            messaging.
131      </t>
132      <t>
133            The document only caters to the RPL's storing mode of operation
134            (MOP). The non-storing MOP does not require use of NPDAO for route
135            invalidation since routing entries are not maintained on 6LRs.
136      </t>
137      <section numbered="true" toc="default">
138        <name>Requirements Language and Terminology</name>
139        <t>
140                The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
141                NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
142                "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
143                described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all
144                capitals, as shown here.
145        </t>
146        <t>
147                This specification requires readers to be familiar with all the
148                terms and concepts that are discussed in "RPL: IPv6 Routing
149                Protocol for Low-Power and Lossy Networks" <xref target="RFC6550" format="default"/>.
150        </t>
151        <dl newline="true" spacing="normal">
152          <dt>Low Power and Lossy Networks (LLN):</dt>
153          <dd>
154                        Network in which both the routers and their
155                        interconnect are constrained. LLN routers typically
156                        operate with constraints on processing power, memory,
157                        and energy (batter power). Their interconnects are
158                        characterized by high loss rates, low data rates, and
159                        instability.
160                    </dd>
161          <dt>6LoWPAN Router (6LR):</dt>
162          <dd>
163                        An intermediate router that is able to send and receive Router
164                        Advertisements (RAs) and Router Solicitations (RSs) as well as
165                        forward and route IPv6 packets.
166                    </dd>
167          <dt>Directed Acyclic Graph (DAG):</dt>
168          <dd>
169                        A directed graph having the property that all edges are
170                        oriented in such a way that no cycles exist.
171                    </dd>
172          <dt>Destination-Oriented DAG (DODAG):</dt>
173          <dd>
174                        A DAG rooted at a single destination, i.e., at a single
175                        DAG root with no outgoing edges.
176                    </dd>
177          <dt>6LoWPAN Border Router (6LBR):</dt>
178          <dd>
179                        A border router which is a DODAG root and is the edge
180                        node for traffic flowing in and out of the 6LoWPAN
181                        network.
182                    </dd>
183          <dt>Destination Advertisement Object (DAO):</dt>
184          <dd>
185                        DAO messaging allows downstream routes to the nodes to
186                        be established.
187                    </dd>
188          <dt>DODAG Information Object (DIO):</dt>
189          <dd>
190                        DIO messaging allows upstream routes to the 6LBR to be
191                        established. DIO messaging is initiated at the DAO
192                        root.
193                    </dd>
194          <dt>Common Ancestor node</dt>
195          <dd>
196                        6LR/6LBR node which is the first common node between
197                        two paths of a target node.
198                    </dd>
199          <dt>No-Path DAO (NPDAO):</dt>
200          <dd>
201                        A DAO message which has target with lifetime 0 used for
202                        the purpose of route invalidation.
203                    </dd>
204          <dt>Destination Cleanup Object (DCO):</dt>
205          <dd>
206                        A new RPL control message code defined by this
207                        document. DCO messaging improves proactive route
208                        invalidation in RPL.
209                    </dd>
210          <dt>Regular DAO:</dt>
211          <dd>
212                        A DAO message with non-zero lifetime. Routing
213                        adjacencies are created or updated based on this
214                        message.
215                    </dd>
216          <dt>Target node:</dt>
217          <dd>
218                        The node switching its parent whose routing adjacencies
219                        are updated (created/removed).
220                    </dd>
221        </dl>
222      </section>
223      <section anchor="current_npdao" numbered="true" toc="default">
224        <name>Current NPDAO messaging</name>
225        <t>
226                RPL uses NPDAO messaging in the storing mode so that the node
227                changing its routing adjacencies can invalidate the previous
228                route. This is needed so that nodes along the previous path can
229                release any resources (such as the routing entry) they maintain
230                on behalf of target node.
231        </t>
232        <t>
233                For the rest of this document consider the following topology:
234        </t>
235        <figure anchor="sample_top">
236          <name>Sample                     topology</name>
237          <artwork align="center" name="" type="" alt=""><![CDATA[
238    (6LBR)
239      |
240      |
241      |
242     (A)
243     / \
244    /   \
245   /     \
246 (G)     (H)
247  |       |
248  |       |
249  |       |
250 (B)     (C)
251   \      ;
252    \    ;
253     \  ;
254      (D)
255      / \
256     /   \
257    /     \
258  (E)     (F)
259                        ]]></artwork>
260        </figure>
261        <t>
262                Node (D) is connected via preferred parent (B). (D) has an
263                alternate path via (C) towards the 6LBR. Node (A) is the common
264                ancestor for (D) for paths through (B)-(G) and (C)-(H). When
265                (D) switches from (B) to (C), RPL allows sending NPDAO to (B)
266                and regular DAO to (C).
267        </t>
268      </section>
269      <!--
270        <section title="Cases when No-Path DAO may be used">
271            <t> There are following cases in which a node switches its parent
272                and may employ No-Path DAO messaging:</t>
274            <t>Case I: Current parent becomes unavailable because of transient
275                or permanent link or parent node failure.</t>
277            <t>Case II: The node finds a better parent node i.e. the metrics of
278                another parent is better than its current parent.</t>
280            <t>Case III: The node switches to a new parent whom it "thinks" has
281                a better metric but does not in reality.</t>
283            <t>The usual steps of operation when the node switches the parent
284                is that the node sends a No-Path DAO message via its current parent
285                to invalidate its current route and subsequently it tries to
286                establish a new routing path by sending a new DAO via its new
287                parent.</t>
288        </section>
289        -->
290      <section numbered="true" toc="default">
291        <name>Why Is NPDAO Important?</name>
292        <t>
293                Nodes in LLNs may be resource constrained. There is limited
294                memory available and routing entry records are one of the
295                primary elements occupying dynamic memory in the nodes. Route
296                invalidation helps 6LR nodes to decide which entries could be
297                discarded to better optimize resource utilization. Thus it
298                becomes necessary to have an efficient route invalidation
299                mechanism. Also note that a single parent switch may result in
300                a "sub-tree" switching from one parent to another. Thus the
301                route invalidation needs to be done on behalf of the sub-tree
302                and not the switching node alone. In the above example, when
303                Node (D) switches parent, the route updates needs to be done
304                for the routing tables entries of (C),(H),(A),(G), and (B) with
305                destination (D),(E) and (F). Without efficient route
306                invalidation, a 6LR may have to hold a lot of stale route
307                entries.
308        </t>
309      </section>
310    </section>
311    <section anchor="current_npdao_problems" numbered="true" toc="default">
312      <name>Problems with current NPDAO messaging</name>
313      <section numbered="true" toc="default">
314        <name>Lost NPDAO due to link break to the previous parent</name>
315        <t>
316                When a node switches its parent, the NPDAO is to be sent to
317                its previous parent and a regular DAO to its new parent. In
318                cases where the node switches its parent because of transient
319                or permanent parent link/node failure then the NPDAO message is
320                bound to fail.
321        </t>
322        <!--
323            <t>
324                RPL allows use of route lifetime to remove unwanted routes in
325                case the routes could not be refreshed. But route lifetimes in
326                case of LLNs could be substantially high and thus the route
327                entries would be stuck for longer times.
328            </t>
329            -->
330      </section>
331      <section numbered="true" toc="default">
332        <name>Invalidate Routes of Dependent Nodes</name>
333        <t>
334                RPL does not specify how route invalidation will work for
335                dependent nodes rooted at the switching node, resulting in
336                stale routing entries of the dependent nodes. The only way for
337                6LR to invalidate the route entries for dependent nodes would
338                be to use route lifetime expiry which could be substantially
339                high for LLNs.
340        </t>
341        <t>
342                In the example topology, when Node (D) switches its parent,
343                Node (D) generates an NPDAO on its behalf. There is no NPDAO
344                generated by the dependent child nodes (E) and (F), through the
345                previous path via (D) to (B) and (G), resulting in stale
346                entries on nodes (B) and (G) for nodes (E) and (F).
347        </t>
348      </section>
349      <section numbered="true" toc="default">
350        <name>Possible route downtime caused by asynchronous operation of NPDAO and DAO</name>
351        <t>
352                A switching node may generate both an NPDAO and DAO via two
353                different paths at almost the same time. There is a possibility
354                that an NPDAO generated may invalidate the previous route and
355                the regular DAO sent via the new path gets lost on the way.
356                This may result in route downtime impacting downward
357                traffic for the switching node.
358        </t>
359        <t>
360                In the example topology, consider Node (D) switches from parent
361                (B) to (C). An NPDAO sent via the previous route may invalidate
362                the previous route whereas there is no way to determine whether
363                the new DAO has successfully updated the route entries on the
364                new path.
365        </t>
366      </section>
367    </section>
368    <section anchor="requirements" numbered="true" toc="default">
369      <name>Requirements for the NPDAO Optimization</name>
370      <section numbered="true" toc="default">
371        <name>Req#1: Remove messaging dependency on link to the previous parent</name>
372        <t>
373                When the switching node sends the NPDAO message to the previous
374                parent, it is normal that the link to the previous parent is
375                prone to failure (that's why the node decided to switch).
376                Therefore, it is required that the route invalidation does not
377                depend on the previous link which is prone to failure. The
378                previous link referred here represents the link between the
379                node and its previous parent (from whom the node is now
380                disassociating).
381        </t>
382      </section>
383      <section numbered="true" toc="default">
384        <name>Req#2: Dependent nodes route invalidation on parent             switching</name>
385        <t>
386                It should be possible to do route invalidation for dependent
387                nodes rooted at the switching node.
388        </t>
389      </section>
390      <section numbered="true" toc="default">
391        <name>Req#3: Route invalidation should not impact data traffic</name>
392        <t>
393                While sending the NPDAO and DAO messages, it is possible that
394                the NPDAO successfully invalidates the previous path, while the
395                newly sent DAO gets lost (new path not set up successfully).
396                This will result in downstream unreachability to the node
397                switching paths. Therefore, it is desirable that the route
398                invalidation is synchronized with the DAO to avoid the risk of
399                route downtime.
400        </t>
401      </section>
402    </section>
403    <!-- Too Confusing section and may not be needed now... If required this can be added in Appendix.
404    <section title="Existing Solution">
405        <section title="NPDAO can be generated by the parent node who detects
406        link failure to the child">
407            <t>RPL states mechanisms which could be utilized to clear DAO
408            states in a sub-DODAG. [RFC6550] Section states "With DAO
409            inconsistency loop recovery, a packet can be used to recursively
410            explore and clean up the obsolete DAO states along a
411            sub-DODAG".</t>
413            <t>Thus in the sample topology in Figure 1, when Node (B) detects
414            link failure to (D), (B) has an option of generating an NPDAO on
415            behalf of Node (D) and its sub-childs, (E) and (F).</t>
417            <t>This section explains why generation of an NPDAO in such cases
418            may not function as desired. Primarily the DAO state information in
419            the form of Path Sequence plays a major role here. Every target is
420            associated with a Path Sequence number which relates to the latest
421            state of the target. <xref target="RFC6550"/> Section 7.1 explains
422            the semantics of Path Sequence number. The target node increments
423            the Path Sequence number every time it generates a new DAO. The
424            router nodes en-route utilize this Path Sequence number to decide
425            the freshness of target information. If a non-target node has to
426            generate an NPDAO then it could use following two possibilities
427            with Path Sequence number: </t>
429            <t>Let the Path Sequence number of old regular DAO that flowed
430            through (B) be x. The subsequent regular DAO generated by Node (D)
431            will have sequence number x+1.</t>
433            <t>i. Node (B) uses the previous Path Sequence number from the
434            regular DAO i.e. NPDAO(pathseq=x)</t>
436            <t>ii. Node (B) increments the Path Sequence number i.e.
437            NPDAO(pathseq=x+1)</t>
439            <t>In case i, the NPDAO(pathseq=x) will be dropped by all the
440            intermediate nodes since the semantics of Path Sequence number
441            dictates that any DAO with an older Path Sequence number be
442            dropped.</t>
444            <t>In case ii, there is a risk that the NPDAO(pathseq=x+1)
445            traverses up the DODAG and invalidates all the routes till the root
446            and then the regular DAO(pathseq=x+1) from the target traverses
447            upwards. In this case the regular DAO(pathseq=x+1) will be dropped
448            from common ancestor node to the root. This will result in route
449            downtime.</t>
451            <t>Another problem with this scheme is its dependence on the
452            upstream neighbor to detect that the downstream neighbor is
453            unavailable. There are two possibilities by which such a detection
454            might be put to work:</t>
456            <t>i. There is P2P traffic from the previous sub-DODAG to any of
457            nodes in the sub-tree which has switched the path. In the above
458            example, lets consider that Node (G) has P2P traffic for either of
459            nodes (D), (E), or (F). In this case, Node (B) will detect
460            forwarding error while forwarding the packets from Node (B) to (D).
461            But dependence on P2P traffic may not be an optimal way to solve
462            this problem considering the reactive approach of the scheme. The
463            P2P traffic pattern might be sparse and thus such a detection might
464            kick-in too late.</t>
466            <t>ii. The other case is where Node (B) explicitly employs some
467            mechanism to probe directly attached downstream child nodes. Such
468            kind of schemes are seldom used.</t>
469        </section>
471        <section title="NPDAO can be generated once the link is restored to
472        the previous parent">
473            <t>This scheme solves a specific scenario of transient links. The
474            child node can detect that the connection to previous parent is
475            restored and then transmit an NPDAO to the previous parent to
476            invalidate the route. This scheme is stateful, thus requires more
477            memory and solves a specific scenario.</t>
478        </section>
479    </section>
480    -->
481    <section numbered="true" toc="default">
482      <name>Changes to RPL signaling</name>
483      <section numbered="true" toc="default">
484        <name>Change in RPL route invalidation semantics</name>
485        <t>
486                As described in <xref target="current_npdao" format="default"/>, the NPDAO
487                originates at the node changing to a new parent and traverses
488                upstream towards the root. In order to solve the problems as
489                mentioned in <xref target="current_npdao_problems" format="default"/>, the
490                document adds a new proactive route invalidation message
491                called "Destination Cleanup Object" (DCO) that originates at a
492                common ancestor node and flows downstream between the new and
493                old path. The common ancestor node generates a DCO in response
494                to the change in the next-hop on receiving a regular DAO with
495                updated Path Sequence for the target.
496        </t>
497        <t>
498                The 6LRs in the path for DCO take action such as route
499                invalidation based on the DCO information and subsequently send
500                another DCO with the same information downstream to the next
501                hop. This operation is similar to how the DAOs are handled on
502                intermediate 6LRs in storing MOP in <xref target="RFC6550" format="default"/>.
503                Just like DAO in storing MOP, the DCO is sent using link-local
504                unicast source and destination IPv6 address. Unlike DAO, which
505                always travels upstream, the DCO always travels downstream.
506        </t>
507        <t>
508                In <xref target="sample_top" format="default"/>, when node D decides to
509                switch the path from B to C, it sends a regular DAO to node C
510                with reachability information containing the address of D as
511                the target and an incremented Path Sequence. Node C will update
512                the routing table based on the reachability information in the
513                DAO and in turn generate another DAO with the same reachability
514                information and forward it to H. Node H also follows the same
515                procedure as Node C and forwards it to node A. When node A
516                receives the regular DAO, it finds that it already has a
517                routing table entry on behalf of the target address of node D.
518                It finds however that the next hop information for reaching
519                node D has changed i.e., node D has decided to change the
520                paths. In this case, Node A which is the common ancestor node
521                for node D along the two paths (previous and new), should
522                generate a DCO which traverses downwards in the network. Node A
523                handles normal DAO forwarding to 6LBR as required by <xref target="RFC6550" format="default"/>.
524        </t>
525      </section>
526      <section anchor="transit_opt_changes" numbered="true" toc="default">
527        <name>Transit Information Option changes</name>
528        <t>
529                Every RPL message is divided into base message fields and
530                additional Options as described in <xref target="RFC6550"
531 sectionFormat="of" section="6"/>. The base fields apply to the message as a
532                whole and options are appended to add message/use-case specific
533                attributes. As an example, a DAO message may be attributed by
534                one or more "RPL Target" options which specify the reachability
535                information for the given targets. Similarly, a Transit
536                Information option may be associated with a set of RPL Target
537                options.
538        </t>
539        <t>
540                This document specifies a change in the Transit Information Option to
541                contain the "Invalidate previous route" (I) flag. This I-flag signals
542                the common ancestor node to generate a DCO on behalf of the
543                target node. The I-flag is carried in the Transit Information
544                Option which augments the reachability information for a given
545                set of RPL Target(s). Transit Information Option with I-flag
546                set should be carried in the DAO message when route
547                invalidation is sought for the corresponding target(s).
548        </t>
549        <figure anchor="transit_info_with_i">
550          <name>Updated Transit Information Option (New I flag                     added)</name>
551          <artwork align="center" name="" type="" alt=""><![CDATA[
5520                   1                   2                   3
5530 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
555|   Type = 0x06 | Option Length |E|I|  Flags    | Path Control  |
557| Path Sequence | Path Lifetime |
559                        ]]></artwork>
560        </figure>
561        <dl newline="true">
562                <dt>I (Invalidate previous route) flag:</dt><dd>The 'I' flag is set by the
563                target node to indicate to the common ancestor node that it
564                wishes to invalidate any previous route between the two paths.</dd>
565        </dl>
566        <t>
567                <xref target="RFC6550" format="default"/> allows the parent address to be sent in
568                the Transit Information Option depending on the mode of
569                operation. In case of storing mode of operation the field is
570                usually not needed. In case of DCO, the parent address field
571                <bcp14>MUST NOT</bcp14> be included.
572        </t>
573        <t>
574                The common ancestor node <bcp14>SHOULD</bcp14> generate a DCO message in
575                response to this I-flag when it sees that the routing
576                adjacencies have changed for the target. The I-flag is
577                intended to give the target node control over its own route
578                invalidation, serving as a signal to request DCO generation.
579        </t>
580      </section>
581      <section numbered="true" toc="default">
582        <name>Destination Cleanup Object (DCO)</name>
583        <t>
584                A new ICMPv6 RPL control message code is defined by this
585                specification and is referred to as "Destination Cleanup Object"
586                (DCO), which is used for proactive cleanup of state and routing
587                information held on behalf of the target node by 6LRs. The DCO
588                message always traverses downstream and cleans up route
589                information and other state information associated with the
590                given target.
591        </t>
592        <figure anchor="dco_obj">
593          <name>DCO base object</name>
594          <artwork align="center" name="" type="" alt=""><![CDATA[
5950                   1                   2                   3
5960 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
598| RPLInstanceID |K|D|   Flags   |   Reserved    | DCOSequence   |
600|                                                               |
601+                                                               +
602|                                                               |
603+                            DODAGID(optional)                  +
604|                                                               |
605+                                                               +
606|                                                               |
608|   Option(s)...
610                        ]]></artwork>
611        </figure>
612<dl newline="true">
615<dd>8-bit field indicating the topology instance associated with the DODAG, as
616learned from the DIO.
620<dd>The 'K' flag indicates that the recipient of DCO message is expected to
621send a DCO-ACK back. If the DCO-ACK is not received even after setting the 'K'
622flag, an implementation may retry the DCO at a later time. The number of
623retries are implementation and deployment dependent and are expected to be
624kept similar with those used in DAO retries in <xref target="RFC6550"
625format="default"/>. <xref target="dco_retry" format="default"/> specifies the
626considerations for DCO retry. A node receiving a DCO message without the 'K'
627flag set <bcp14>MAY</bcp14> respond with a DCO-ACK, especially to report an error
628condition. An example error condition could be that the node sending the
629DCO-ACK does not find the routing entry for the indicated target. When the
630sender does not set the 'K' flag it is an indication that the sender does not
631expect a response, and the sender <bcp14>SHOULD NOT</bcp14> retry the DCO.
635<dd>The 'D' flag indicates that the DODAGID field is present. This flag <bcp14>MUST</bcp14>
636be set when a local RPLInstanceID is used.
640<dd>The 6 bits remaining unused in the Flags field are reserved for future
641use. These bits <bcp14>MUST</bcp14> be initialized to zero by the sender and <bcp14>MUST</bcp14> be ignored
642by the receiver.
646<dd>8-bit unused field. The field <bcp14>MUST</bcp14> be initialized to zero by the sender
647and <bcp14>MUST</bcp14> be ignored by the receiver.
651<dd> 8-bit field incremented at each unique DCO message from a node and echoed
652in the DCO-ACK message. The initial DCOSequence can be chosen randomly by the
653node. <xref target="base_rules" format="default"/> explains the handling of
654the DCOSequence.
656<dt>DODAGID (optional):
658<dd>128-bit unsigned integer set by a DODAG root that uniquely identifies a
659DODAG. This field <bcp14>MUST</bcp14> be present when the 'D' flag is set and <bcp14>MUST NOT</bcp14> be
660present if 'D' flag is not set. DODAGID is used when a local RPLInstanceID is
661in use, in order to identify the DODAGID that is associated with the RPLInstanceID.
666        <section numbered="true" toc="default">
667          <name>Secure DCO</name>
668          <t>
669                    A Secure DCO message follows the format in Figure 7 of <xref target="RFC6550" format="default"/>, where the base message
670                    format is the DCO message shown in <xref target="dco_obj" format="default"/>.
671          </t>
672        </section>
673        <section numbered="true" toc="default">
674          <name>DCO Options</name>
675          <t>
676                    The DCO message <bcp14>MUST</bcp14> carry at least one RPL Target and the
677                    Transit Information Option and <bcp14>MAY</bcp14> carry other valid
678                    options. This specification allows for the DCO message to
679                    carry the following options:
680          </t>
685<tr><td>0x05</td><td>RPL Target</td></tr>
686<tr><td>0x06</td><td>Transit Information</td></tr>
687<tr><td>0x09</td><td>RPL Target Descriptor</td></tr>
691          <t>
692                    <xref target="RFC6550" sectionFormat="of" section="6.7" /> defines all the
693                    above mentioned options. The DCO carries an RPL Target
694                    Option and an associated Transit Information Option with a
695                    lifetime of 0x00000000 to indicate a loss of reachability
696                    to that Target.
697          </t>
698        </section>
699        <section numbered="true" toc="default">
700          <name>Path Sequence number in the DCO</name>
701          <t>
702                    A DCO message may contain a Path Sequence in the Transit
703                    Information Option to identify the freshness of the DCO
704                    message. The Path Sequence in the DCO <bcp14>MUST</bcp14> use the same
705                    Path Sequence number present in the regular DAO message
706                    when the DCO is generated in response to a DAO message.
707                    Thus if a DCO is received by a 6LR and subsequently a DAO
708                    is received with an old sequence number, then the DAO
709                    <bcp14>MUST</bcp14> be ignored. When the DCO is generated in response to a
710                    DCO from upstream parent, the Path Sequence <bcp14>MUST</bcp14> be copied
711                    from the received DCO.
712          </t>
713        </section>
714        <section numbered="true" toc="default">
715          <name>Destination Cleanup Option Acknowledgment (DCO-ACK)</name>
716          <t>
717                    The DCO-ACK message <bcp14>SHOULD</bcp14> be sent as a unicast packet by a
718                    DCO recipient in response to a unicast DCO message with 'K'
719                    flag set. If 'K' flag is not set then the receiver of the
720                    DCO message <bcp14>MAY</bcp14> send a DCO-ACK, especially to report an error
721                    condition.
722          </t>
723          <figure anchor="dco_ack">
724            <name>DCO-ACK base                         object</name>
725            <artwork align="center" name="" type="" alt=""><![CDATA[
7260                   1                   2                   3
7270 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
729| RPLInstanceID |D|   Flags     |  DCOSequence  |    Status     |
731|                                                               |
732+                                                               +
733|                                                               |
734+                            DODAGID(optional)                  +
735|                                                               |
736+                                                               +
737|                                                               |
739                            ]]></artwork>
740          </figure>
742 <dl newline="true"> <dt>RPLInstanceID:</dt> 
744<dd>8-bit field indicating the topology instance associated with the DODAG, as
745learned from the DIO. </dd>
748<dd>8-bit field indicating the topology instance associated with the DODAG, as
749learned from the DIO.
753<dd>The 'D' flag indicates that the DODAGID field is present.  This flag <bcp14>MUST</bcp14>
754be set when a local RPLInstanceID is used.
758<dd>7-bit unused field. The field <bcp14>MUST</bcp14> be initialized to zero by the sender
759and <bcp14>MUST</bcp14> be ignored by the receiver.
763<dd>8-bit field. The DCOSequence in DCO-ACK is copied from the DCOSequence
764received in the DCO message.
768<dd>Indicates the completion. Status 0 is defined as unqualified acceptance in
769this specification. Status 1 is defined as "No routing-entry for the Target
770found". The remaining status values are reserved as rejection codes.
773<dt>DODAGID (optional):
775<dd>128-bit unsigned integer set by a DODAG root that uniquely identifies a
776DODAG. This field <bcp14>MUST</bcp14> be present when the 'D' flag is set and <bcp14>MUST NOT</bcp14> be
777present when 'D' flag is not set. DODAGID is used when a local RPLInstanceID
778is in use, in order to identify the DODAGID that is associated with the
779RPLInstanceID.  </dd> </dl>
782        </section>
783        <section numbered="true" toc="default">
784          <name>Secure DCO-ACK</name>
785          <t>
786                    A Secure DCO-ACK message follows the format in Figure 7 of
787     <xref target="RFC6550" format="default"/>, where the base message
788                    format is the DCO-ACK message shown in <xref target="dco_ack" format="default"/>.
789          </t>
790        </section>
791      </section>
792      <section anchor="base_rules" numbered="true" toc="default">
793        <name>DCO Base Rules</name>
794        <ol spacing="normal" type="1">
795          <li>
796                        If a node sends a DCO message with newer or different
797                        information than the prior DCO message transmission, it
798                        <bcp14>MUST</bcp14> increment the DCOSequence field by at least one.
799                        A DCO message transmission that is identical to the
800                        prior DCO message transmission <bcp14>MAY</bcp14> increment the
801                        DCOSequence field. The DCOSequence counter follows the
802                        sequence counter operation as defined in
803                        <xref target="RFC6550" sectionFormat="of" section="7.2"/>.
804                    </li>
805          <li>
806                        The RPLInstanceID and DODAGID fields of a DCO message
807                        <bcp14>MUST</bcp14> be the same value as that of the DAO message in
808                        response to which the DCO is generated on the common
809                        ancestor node.
810                    </li>
811          <li>
812                        A node <bcp14>MAY</bcp14> set the 'K' flag in a unicast DCO message to
813                        solicit a unicast DCO-ACK in response in order to
814                        confirm the attempt.
815                    </li>
816          <li>
817                        A node receiving a unicast DCO message with the 'K'
818                        flag set <bcp14>SHOULD</bcp14> respond with a DCO-ACK. A node
819                        receiving a DCO message without the 'K' flag set <bcp14>MAY</bcp14>
820                        respond with a DCO-ACK, especially to report an error
821                        condition.
822                    </li>
823          <li>
824                        A node receiving a unicast DCO message <bcp14>MUST</bcp14> verify the
825                        stored Path Sequence in context to the given target. If
826                        the stored Path Sequence is more fresh, newer than
827                        the Path Sequence received in the DCO, then the DCO
828                        <bcp14>MUST</bcp14> be dropped.
829                    </li>
830          <li>
831                        A node that sets the 'K' flag in a unicast DCO message
832                        but does not receive DCO-ACK in response <bcp14>MAY</bcp14> reschedule
833                        the DCO message transmission for another attempt, up
834                        until an implementation specific number of retries.
835                    </li>
836          <li>
837                        A node receiving a unicast DCO message with its own
838                        address in the RPL Target Option <bcp14>MUST</bcp14> strip-off that
839                        Target Option. If this Target Option is the only one in
840                        the DCO message then the DCO message <bcp14>MUST</bcp14> be dropped.
841                    </li>
842        </ol>
843        <t>
844                The scope of DCOSequence values is unique to the node which
845                generates it.
846        </t>
847      </section>
848      <section numbered="true" toc="default">
849        <name>Unsolicited DCO</name>
850        <t>
851                A 6LR may generate an unsolicited DCO to unilaterally cleanup
852                the path on behalf of the target entry. The 6LR has all the
853                state information, namely, the Target address and the Path
854                Sequence, required for generating DCO in its routing table.
855                The conditions why 6LR may generate an unsolicited DCO are
856                beyond the scope of this document but some possible reasons
857                could be:
858        </t>
859        <ol spacing="normal" type="1">
860          <li>
861                        On route expiry of an entry, a 6LR may decide to
862                        graciously cleanup the entry by initiating DCO.
863                    </li>
864          <li>
865                        6LR needs to entertain higher priority entries in case
866                        the routing table is full, thus resulting in eviction
867                        of an existing routing entry. In this case the eviction
868                        can be handled graciously using DCO.
869                    </li>
870        </ol>
871        <t>
872                Note that if the 6LR initiates a unilateral path cleanup using
873                DCO and if it has the latest state for the target then the DCO
874                would finally reach the target node. Thus the target node would
875                be informed of its invalidation.
876        </t>
877      </section>
878      <section numbered="true" toc="default">
879        <name>Other considerations</name>
880        <section numbered="true" toc="default">
881          <name>Dependent Nodes invalidation</name>
882          <t>
883                    Current RPL <xref target="RFC6550" format="default"/> does not provide a
884                    mechanism for route invalidation for dependent nodes. This
885                    document allows the dependent nodes invalidation. Dependent
886                    nodes will generate their respective DAOs to update their
887                    paths, and the previous route invalidation for those nodes
888                    should work in the similar manner described for switching
889                    node. The dependent node may set the I-flag in the Transit
890                    Information Option as part of regular DAO so as to
891                    request invalidation of previous route from the common
892                    ancestor node.
893          </t>
894          <t>
895                    Dependent nodes do not have any indication regarding if any
896                    of their parents in turn have decided to switch their
897                    parent. Thus for route invalidation the dependent nodes may
898                    choose to always set the 'I' flag in all its DAO message's
899                    Transit Information Option. Note that setting the I-flag is
900                    not counterproductive even if there is no previous
901                    route to be invalidated.
902          </t>
903        </section>
904        <section numbered="true" toc="default">
905          <name>NPDAO and DCO in the same network</name>
906          <t>
907                    The current NPDAO mechanism in <xref target="RFC6550" format="default"/> can
908                    still be used in the same network where DCO is used. The
909                    NPDAO messaging can be used, for example, on route lifetime
910                    expiry of the target or when the node simply decides to
911                    gracefully terminate the RPL session on graceful node
912                    shutdown. Moreover, a deployment can have a mix of nodes
913                    supporting the DCO and the existing NPDAO mechanism. It is
914                    also possible that the same node supports both the NPDAO
915                    and DCO signaling for route invalidation.
916          </t>
917          <t>
918                    <xref target="RFC6550" sectionFormat="of" section="9.8"/> states, "When a
919                    node removes a node from its DAO parent set, it <bcp14>SHOULD</bcp14>
920                    send a No-Path DAO message to that removed DAO parent to
921                    invalidate the existing router". This document introduces
922                    an alternative and more optimized way of route invalidation
923                    but it also allows existing NPDAO messaging to work. Thus
924                    an implementation has two choices to make when a route
925                    invalidation is to be initiated:
926          </t>
927          <ol spacing="normal" type="1">
928            <li>
929                            Use NPDAO to invalidate the previous route and
930                            send regular DAO on the new path.
931                        </li>
932            <li>
933                            Send regular DAO on the new path with the 'I'
934                            flag set in the Transit Information Option such
935                            that the common ancestor node initiates the DCO
936                            message downstream to invalidate the previous
937                            route.
938                        </li>
939          </ol>
940          <t>
941                    This document recommends using option 2 for reasons
942                    specified in <xref target="requirements" format="default"/> in this
943                    document.
944          </t>
945          <t>
946                    This document assumes that all the 6LRs in the network
947                    support this specification. If there are 6LRs en-route DCO
948                    message path which do not support this document, then the
949                    route invalidation for corresponding targets may not work
950                    or may work partially i.e., only part of the path
951                    supporting DCO may be invalidated. Alternatively, a node
952                    could generate an NPDAO if it does not receive a DCO with
953                    itself as target within specified time limit. The specified
954                    time limit is deployment specific and depends upon the
955                    maximum depth of the network and per hop average latency.
956                    Note that sending NPDAO and DCO for the same operation
957                    would not result in unwanted side-effects because the
958                    acceptability of NPDAO or DCO depends upon the Path
959                    Sequence freshness.
960          </t>
961        </section>
962        <section anchor="dco_retry" numbered="true" toc="default">
963          <name>Considerations for DCO retry</name>
964          <t>
965                    A DCO message could be retried by a sender if it sets the
966                    'K' flag and does not receive a DCO-ACK. The DCO retry time
967                    could be dependent on the maximum depth of the network and
968                    average per hop latency. This could range from 2 seconds to
969                    120 seconds depending on the deployment. In case the
970                    latency limits are not known, an implementation <bcp14>MUST NOT</bcp14>
971                    retry more than once in 3 seconds and <bcp14>MUST NOT</bcp14> retry more
972                    than 3 times.
973          </t>
974          <t>
975                    The number of retries could also be set depending on how
976                    critical the route invalidation could be for the deployment
977                    and the link layer retry configuration. For networks
978                    supporting only MP2P and P2MP flows, such as in AMI and
979                    telemetry applications, the 6LRs may not be very keen to
980                    invalidate routes, unless they are highly
981                    memory-constrained. For home and building automation
982                    networks which may have substantial P2P traffic, the 6LRs
983                    might be keen to invalidate efficiently because it may
984                    additionally impact the forwarding efficiency.
985          </t>
986        </section>
987        <section numbered="true" toc="default">
988          <name>DCO with multiple preferred parents</name>
989          <t>
990                    <xref target="RFC6550" format="default"/> allows a node to select multiple
991                    preferred parents for route establishment. 
992                    <xref target="RFC6550" sectionFormat="of" section="9.2.1"/> specifies, "All DAOs generated
993                    at the same time for the same Target <bcp14>MUST</bcp14> be sent with the
994                    same Path Sequence in the Transit Information".
995                    Subsequently when route invalidation has to be initiated,
996                    RPL mentions use of NPDAO which can be initiated with an
997                    updated Path Sequence to all the parent nodes through which
998                    the route is to be invalidated.
999          </t>
1000          <t>
1001                    With DCO, the Target node itself does not initiate the
1002                    route invalidation and it is left to the common ancestor
1003                    node. A common ancestor node when it discovers an updated
1004                    DAO from a new next-hop, it initiates a DCO. With multiple
1005                    preferred parents, this handling does not change. But in
1006                    this case it is recommended that an implementation
1007                    initiates a DCO after a time period (DelayDCO) such that
1008                    the common ancestor node may receive updated DAOs from all
1009                    possible next-hops. This will help to reduce DCO control
1010                    overhead i.e., the common ancestor can wait for updated
1011                    DAOs from all possible directions before initiating a DCO
1012                    for route invalidation. After timeout, the DCO needs to be
1013                    generated for all the next-hops for whom the route
1014                    invalidation needs to be done.
1015          </t>
1016          <t>
1017                    This document recommends using a DelayDCO timer value of
1018                    1sec. This value is inspired by the default DelayDAO value
1019                    of 1sec in <xref target="RFC6550" format="default"/>. Here the hypothesis is
1020                    that the DAOs from all possible parent sets would be
1021                    received on the common ancestor within this time period.
1022          </t>
1023          <t>
1024                    It is still possible that a DCO is generated before all the
1025                    updated DAOs from all the paths are received. In this case,
1026                    the ancestor node would start the invalidation procedure
1027                    for paths from which the updated DAO is not received. The
1028                    DCO generated in this case would start invalidating the
1029                    segments along these paths on which the updated DAOs are
1030                    not received. But once the DAO reaches these segments, the
1031                    routing state would be updated along these segments and
1032                    should not lead to any inconsistent routing state.
1033          </t>
1034          <t>
1035                    Note that there is no requirement for synchronization
1036                    between DCO and DAOs. The DelayDCO timer simply ensures
1037                    that the DCO control overhead can be reduced and is only
1038                    needed when the network contains nodes using multiple
1039                    preferred parent.
1040          </t>
1041        </section>
1042      </section>
1043    </section>
1044    <section anchor="Acknowledgments" numbered="true" toc="default">
1045      <name>Acknowledgments</name>
1046      <t>
1047            Many thanks to Alvaro Retana, Cenk Gundogan, Simon Duquennoy, Georgios
1048            Papadopoulous, Peter Van Der Stok for their review and comments.
1049            Alvaro Retana helped shape this document's final version with
1050            critical review comments.
1051      </t>
1052    </section>
1053    <!-- Possibly a 'Contributors' section ... -->
1054    <section anchor="IANA" numbered="true" toc="default">
1055      <name>IANA Considerations</name>
1056      <t>
1057            IANA is requested to allocate new codes for the DCO and DCO-ACK
1058            messages from the RPL Control Codes registry.
1059      </t>
1060      <table align="center">
1061        <thead>
1062          <tr>
1063            <th align="center">Code</th>
1064            <th align="center">Description</th>
1065            <th align="center">Reference</th>
1066          </tr>
1067        </thead>
1068        <tbody>
1069          <tr>
1070            <td align="center">TBD1</td>
1071            <td align="center">Destination Cleanup Object</td>
1072            <td align="center">This document</td>
1073          </tr>
1074          <tr>
1075            <td align="center">TBD2</td>
1076            <td align="center">Destination Cleanup Object Acknowledgment</td>
1077            <td align="center">This document</td>
1078          </tr>
1079          <tr>
1080            <td align="center">TBD3</td>
1081            <td align="center">Secure Destination Cleanup Object</td>
1082            <td align="center">This document</td>
1083          </tr>
1084          <tr>
1085            <td align="center">TBD4</td>
1086            <td align="center">Secure Destination Cleanup Object Acknowledgment</td>
1087            <td align="center">This document</td>
1088          </tr>
1089        </tbody>
1090      </table>
1091      <t>
1092            IANA is requested to allocate bit 1 from the Transit Information
1093            Option Flags registry for the I-flag (<xref target="transit_opt_changes" format="default"/>)
1094      </t>
1095      <section numbered="true" toc="default">
1096        <name>New Registry for the Destination Cleanup Object (DCO) Flags</name>
1097        <t>
1098                IANA is requested to create a registry for the 8-bit Destination Cleanup
1099                Object (DCO) Flags field. This registry should be located in
1100                existing category of "Routing Protocol for Low Power and Lossy
1101                Networks (RPL)".
1102        </t>
1103        <t>
1104                New bit numbers may be allocated only by an IETF Review. Each
1105                bit is tracked with the following qualities:
1106        </t>
1107        <ul spacing="compact">
1108          <li>Bit number (counting from bit 0 as the most significant bit)</li>
1109          <li>Capability description</li>
1110          <li>Defining RFC</li>
1111        </ul>
1112        <t>
1113                The following bits are currently defined:
1114        </t>
1115        <table align="center">
1116          <name>DCO Base Flags</name>
1117          <thead>
1118            <tr>
1119              <th align="center">Bit number</th>
1120              <th align="center">Description</th>
1121              <th align="center">Reference</th>
1122            </tr>
1123          </thead>
1124          <tbody>
1125            <tr>
1126              <td align="center">0</td>
1127              <td align="center">DCO-ACK request (K)</td>
1128              <td align="center">This document</td>
1129            </tr>
1130            <tr>
1131              <td align="center">1</td>
1132              <td align="center">DODAGID field is present (D)</td>
1133              <td align="center">This document</td>
1134            </tr>
1135          </tbody>
1136        </table>
1137      </section>
1138      <section numbered="true" toc="default">
1139        <name>New Registry for the Destination Cleanup Object Acknowledgment (DCO-ACK) Status field</name>
1140        <t>
1141                IANA is requested to create a registry for the 8-bit Destination Cleanup
1142                Object Acknowledgment (DCO-ACK) Status field. This registry
1143                should be located in existing category of "Routing Protocol for
1144                Low Power and Lossy Networks (RPL)".
1145        </t>
1146        <t>
1147                New Status values may be allocated only by an IETF Review. Each
1148                value is tracked with the following qualities:
1149        </t>
1150        <ul spacing="compact">
1151          <li>Status Code</li>
1152          <li>Description</li>
1153          <li>Defining RFC</li>
1154        </ul>
1155        <t>
1156                The following values are currently defined:
1157        </t>
1158        <table align="center">
1159          <name>DCO-ACK Status Codes</name>
1160          <thead>
1161            <tr>
1162              <th align="center">Status Code</th>
1163              <th align="center">Description</th>
1164              <th align="center">Reference</th>
1165            </tr>
1166          </thead>
1167          <tbody>
1168            <tr>
1169              <td align="center">0</td>
1170              <td align="center">Unqualified acceptance</td>
1171              <td align="center">This document</td>
1172            </tr>
1173            <tr>
1174              <td align="center">1</td>
1175              <td align="center">No routing-entry for the indicated Target found</td>
1176              <td align="center">This document</td>
1177            </tr>
1178          </tbody>
1179        </table>
1180      </section>
1181      <section numbered="true" toc="default">
1182        <name>New Registry for the Destination Cleanup Object (DCO)         Acknowledgment Flags</name>
1183        <t>
1184                IANA is requested to create a registry for the 8-bit
1185                Destination Cleanup Object (DCO) Acknowledgment Flags field.
1186                This registry should be located in existing category of
1187                "Routing Protocol for Low Power and Lossy Networks (RPL)".
1188        </t>
1189        <t>
1190                New bit numbers may be allocated only by an IETF Review. Each
1191                bit is tracked with the following qualities:
1192        </t>
1193        <ul spacing="compact">
1194          <li>Bit number (counting from bit 0 as the most significant bit)</li>
1195          <li>Capability description</li>
1196          <li>Defining RFC</li>
1197        </ul>
1198        <t>
1199                The following bits are currently defined:
1200        </t>
1201        <table align="center">
1202          <name>DCO-ACK Base Flags</name>
1203          <thead>
1204            <tr>
1205              <th align="center">Bit number</th>
1206              <th align="center">Description</th>
1207              <th align="center">Reference</th>
1208            </tr>
1209          </thead>
1210          <tbody>
1211            <tr>
1212              <td align="center">0</td>
1213              <td align="center">DODAGID field is present (D)</td>
1214              <td align="center">This document</td>
1215            </tr>
1216          </tbody>
1217        </table>
1218      </section>
1219    </section>
1220    <section anchor="Security" numbered="true" toc="default">
1221      <name>Security Considerations</name>
1222      <t>
1223            This document introduces the ability for a common ancestor node to
1224            invalidate a route on behalf of the target node. The common
1225            ancestor node could be directed to do so by the target node using
1226            the I-flag in DCO's Transit Information Option. However, the common
1227            ancestor node is in a position to unilaterally initiate the route
1228            invalidation since it possesses all the required state information,
1229            namely, the Target address and the corresponding Path Sequence.
1230            Thus a rogue common ancestor node could initiate such an
1231            invalidation and impact the traffic to the target node.
1232      </t>
1233      <t>
1234            This document also introduces an I-flag which is set by the target
1235            node and used by the ancestor node to initiate a DCO if the
1236            ancestor sees an update in the route adjacency. However,
1237            this flag could be spoofed by a malicious 6LR in the path and can
1238            cause invalidation of an existing active path. Note that invalidation
1239            will happen only if the other conditions such as Path Sequence
1240            condition is also met. Having said that, such a malicious 6LR may
1241            spoof a DAO on behalf of the (sub) child with the I-flag set and
1242            can cause route invalidation on behalf of the (sub) child node.
1243            Note that, using existing mechanisms offered by <xref target="RFC6550" format="default"/>, a malicious 6LR might also spoof a DAO with
1244            lifetime of zero or otherwise cause denial of service by dropping
1245            traffic entirely, so the new mechanism described in this document
1246            does not present a substantially increased risk of disruption.
1247      </t>
1248      <t>
1249            This document assumes that the security mechanisms as defined in
1250            <xref target="RFC6550" format="default"/> are followed, which means that the common
1251            ancestor node and all the 6LRs are part of the RPL network because
1252            they have the required credentials. A non-secure RPL network needs
1253            to take into consideration the risks highlighted in this section as
1254            well as those highlighted in <xref target="RFC6550" format="default"/>.
1255      </t>
1256      <t>
1257            All RPL messages support a secure version of messages which allows
1258            integrity protection using either a MAC or a signature. Optionally,
1259            secured RPL messages also have encryption protection for
1260            confidentiality.
1261      </t>
1262      <t>
1263            The document adds new messages (DCO, DCO-ACK) which are
1264            syntactically similar to existing RPL messages such as DAO,
1265            DAO-ACK. Secure versions of DCO and DCO-ACK are added similar to
1266            other RPL messages (such as DAO, DAO-ACK).
1267      </t>
1268      <t>
1269            RPL supports three security modes as mentioned in 
1270            <xref target="RFC6550" sectionFormat="of" section="10.1"/>:
1271      </t>
1272      <ol spacing="normal" type="1">
1273        <li>
1274                    Unsecured: In this mode, it is expected that the RPL control messages
1275                    are secured by other security mechanisms, such as
1276                    link-layer security. In this mode, the RPL control messages,
1277                    including DCO, DCO-ACK, do not have Security sections.
1278                    Also note that unsecured mode does not imply that all
1279                    messages are sent without any protection.
1280                </li>
1281        <li>
1282                    Preinstalled: In this mode, RPL uses secure messages. Thus
1283                    secure versions of DCO, DCO-ACK <bcp14>MUST</bcp14> be used in this mode.
1284                </li>
1285        <li>
1286                    Authenticated: In this mode, RPL uses secure messages. Thus
1287                    secure versions of DCO, DCO-ACK <bcp14>MUST</bcp14> be used in this mode.
1288                </li>
1289      </ol>
1290    </section>
1291  </middle>
1292  <back>
1293    <!-- References split into informative and normative -->
1294    <!-- There are 2 ways to insert reference entries from the citation libraries:
1295     1. define an ENTITY at the top, and use "ampersand character"RFC2629; here (as shown)
1296     2. simply use a PI "less than character"?rfc include="reference.RFC.2119.xml"?> here
1297        (for I-Ds: include="reference.I-D.narten-iana-considerations-rfc2434bis.xml")
1299     Both are cited textually in the same manner: by using xref elements.
1300     If you use the PI option, xml2rfc will, by default, try to find included files in the same
1301     directory as the including file. You can also define the XML_LIBRARY environment variable
1302     with a value containing a set of directories to search. These can be either in the local
1303     filing system or remote ones accessed by http (http://domain/dir/... ).-->
1304    <references>
1305      <name>Normative References</name>
1306      <!--?rfc include="http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml"?-->
1307      <reference anchor="RFC6550" target="https://www.rfc-editor.org/info/rfc6550" xml:base="https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6550.xml">
1308        <front>
1309          <title>RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks</title>
1310          <seriesInfo name="DOI" value="10.17487/RFC6550"/>
1311          <seriesInfo name="RFC" value="6550"/>
1312          <author initials="T." surname="Winter" fullname="T. Winter" role="editor">
1313            <organization/>
1314          </author>
1315          <author initials="P." surname="Thubert" fullname="P. Thubert" role="editor">
1316            <organization/>
1317          </author>
1318          <author initials="A." surname="Brandt" fullname="A. Brandt">
1319            <organization/>
1320          </author>
1321          <author initials="J." surname="Hui" fullname="J. Hui">
1322            <organization/>
1323          </author>
1324          <author initials="R." surname="Kelsey" fullname=&qu