tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search     info

RFC 7733

 
 
 

Applicability Statement: The Use of the Routing Protocol for Low-Power and Lossy Networks (RPL) Protocol Suite in Home Automation and Building Control

Part 2 of 2, p. 23 to 38
Prev RFC Part

 


prevText      Top      ToC       Page 23 
5.  MPL Profile

   MPL is used to distribute values to groups of devices.  Using MPL,
   based on the Trickle algorithm, timeliness should also be guaranteed.
   A deadline of 200 ms needs to be met when human action is followed by
   an immediately observable action such as switching on lights.  The
   deadline needs to be met in a building where the number of hops from
   seed to destination varies between 1 and 10.

5.1.  Recommended Configuration Defaults and Ranges

5.1.1.  Real-Time Optimizations

   When the network is heavily loaded, MAC delays contribute
   significantly to the end-to-end delays when MPL intervals between 10
   and 100 ms are used to meet the 200 ms deadline.  It is possible to
   set the number of buffers in the MAC to 1 and set the number of
   back-off repetitions to 1.  The number of MPL repetitions compensates
   for the reduced probability of transmission per MAC invocation
   [RT-MPL].

   In addition, end-to-end delays and message losses are reduced by
   adding a real-time layer between MPL and MAC to throw away the
   earliest messages (exploiting the MPL message numbering) and favor
   the most recent ones.

5.1.2.  Trickle Parameters

   This section proposes values for the Trickle parameters used by MPL
   for the distribution of packets that need to meet a 200 ms deadline.
   The probability of meeting the deadline is increased by (1) choosing
   a small Imin value, (2) reducing the number of MPL intervals, thus
   reducing the load, and (3) reducing the number of MPL Forwarders to
   also reduce the load.

   The consequence of this approach is that the value of k can be larger
   than 1 because network load reduction is already guaranteed by the
   network configuration.

Top      Up      ToC       Page 24 
   Under the condition that the density of MPL repeaters can be limited,
   it is possible to choose low MPL repeat intervals (Imin) connected to
   k values such that k > 1.  The minimum value of k is related to:

   o  The value of Imin.  The length of Imin determines the number of
      packets that can be received within the listening period of Imin.

   o  The number of repeaters receiving the broadcast message from the
      same forwarder or seed.  These repeaters repeat within the same
      Imin interval, thus increasing the c counter.

   Within the first MPL interval, a limited number, q, of messages can
   be transmitted.  Assuming a 3 ms transmission interval, q is given by
   q = Imin / 3.  Assuming that at most q message copies can reach a
   given forwarder within the first repeat interval of length Imin, the
   related MPL parameter values are suggested in the following sections.

5.1.2.1.  Imin

   The recommended value is Imin = 10 to 50 ms.

   When the chosen Imin value is much smaller, the interference between
   the copies leads to significant losses, given that q is much smaller
   than the number of repeated packets.  With much larger intervals, the
   probability that the deadline will be met decreases with increasing
   hop count.

5.1.2.2.  Imax

   The recommended value is Imax = 100 to 400 ms.

   The value of Imax is less important than the value of max_expiration.
   Given an Imin value of 10 ms, the third MPL interval has a value of
   10 * 2 * 2 = 40 ms.  When Imin has a value of 40 ms, the third
   interval has a value of 160 ms.  Given that more than three intervals
   are unnecessary, Imax does not contribute much to performance.

5.1.3.  Other Parameters

   Other parameters are the k parameter and the max_expiration
   parameter.

   k > q (see condition above).  Under this condition, and for a small
   Imin value, a value of k = 2 or k = 3 is usually sufficient to
   minimize the losses of packets in the first repeat interval.

   max_expiration = 2 - 4.  Higher values lead to more network load
   while generating copies that will probably not meet their deadline.

Top      Up      ToC       Page 25 
6.  Manageability Considerations

   At this time, it is not clear how homenets will be managed.
   Consequently, it is not clear which tools will be used and which
   parameters must be visible for management.

   In building control, management is mandatory.  It is expected that
   installations will be managed using the set of currently available
   tools (including IETF tools like Management Information Base (MIB)
   modules, Network Configuration Protocol (NETCONF) modules, Dynamic
   Host Configuration Protocol (DHCP), and others), with large
   differences between the ways an installation is managed.

7.  Security Considerations

   This section refers to the security considerations of [RFC6997],
   [RFC6550], and [RFC7731], as well as some attacks and countermeasures
   as discussed in Sections 6 and 7, respectively, of [RFC7416].

   Communications network security is based on providing integrity
   protection and encryption to messages.  This can be applied at
   various layers in the network protocol stack, based on using various
   credentials and a network identity.

   The credentials that are relevant in the case of RPL are (i) the
   credential used at the link layer in the case where link-layer
   security is applied (see Section 7.1) or (ii) the credential used for
   securing RPL messages.  In both cases, the assumption is that the
   credential is a shared key.  Therefore, there MUST be a mechanism in
   place that allows secure distribution of a shared key and
   configuration of a network identity.  Both MAY be done using
   (i) pre-installation using an out-of-band method, (ii) secure
   delivery when a device is introduced into the network, or
   (iii) secure delivery by a trusted neighboring device, as described
   in Section 4.1.8.1.  The shared key MUST be stored in a secure
   fashion that will make it difficult to be read by an unauthorized
   party.

   This document mandates that a Layer 2 mechanism be used during
   initial and incremental deployment.  Please see the following
   sections.

Top      Up      ToC       Page 26 
7.1.  Security Considerations during Initial Deployment

   Wireless mesh networks are typically secured at the link layer in
   order to prevent unauthorized parties from accessing the information
   exchanged over the links.  It is a basic practice to create a network
   of nodes that share the same keys for link-layer security and exclude
   nodes sending unsecured messages.  With per-message data origin
   authentication, it is possible to prevent unauthorized nodes from
   joining the mesh.

   At initial deployment, the network is secured by consecutively
   securing nodes at the link layer, thus building a network of secured
   nodes.  Section 4.1.8.2 describes a mechanism for building a network
   of secured nodes.

   This document does not specify a multicast security solution.
   Networks deployed with this specification will depend upon Layer 2
   security to prevent outsiders from sending multicast traffic.  It is
   recognized that this does not protect this control traffic from
   impersonation by already-trusted devices.  This is an area for a
   future specification.

   For building control, an installer will use an installation tool that
   establishes a secure communication path with the joining node.  It is
   recognized that the recommendations for initial deployment as
   discussed in this section do not cover all building requirements,
   such as selecting -- independent of network topology -- the node to
   be secured.

   It is expected that a set of protocol combinations will evolve within
   currently existing alliances of building control manufacturers.  Each
   set satisfies the installation requirements of installers, operators,
   and manufacturers of building control networks in a given
   installation context, e.g., lighting deployment in offices, HVAC
   installation, incremental addition of equipment in homes, and others.

   In the home, nodes can be visually inspected by the home owner.
   Also, a simple procedure, e.g., pushing buttons simultaneously on an
   already-secured device and an unsecured joining device, is usually
   sufficient to ensure that the unsecured joining device is
   authenticated securely, configured securely, and paired
   appropriately.

   This recommendation is in line with the countermeasures described in
   Section 7.1 of [RFC7416].

Top      Up      ToC       Page 27 
7.2.  Security Considerations during Incremental Deployment

   Once a network is operational, new nodes need to be added, or nodes
   fail and need to be replaced.  When a new node needs to be added to
   the network, the new node is added to the network via an assisting
   node in the manner described in Section 7.1.

   On detection of a compromised node, all trusted nodes need to have
   their symmetric keys that are known to be shared with the compromised
   node rekeyed, and the trusted network is built up as described in
   Section 7.1.

7.3.  Security Considerations for P2P Implementations

   Refer to the security considerations of [RFC6997].

7.4.  MPL Routing

   The routing of MPL is determined by the enabling of the interfaces
   for specified multicast addresses.  The specification of these
   addresses can be done via a Constrained Application Protocol (CoAP)
   application as specified in [RFC7390].  An alternative is the
   creation of an MPL MIB and the use of the Simple Network Management
   Protocol (SNMPv3) [RFC3411] or equivalent techniques to specify the
   multicast addresses in the MIB.  For secure dissemination of MPL
   packets, Layer 2 security SHOULD be used, and the configuration of
   multicast addresses as described in this section MUST be secure.

7.5.  RPL Security Features

   This section refers to the structure of Section 8 ("RPL Security
   Features") of [RFC7416].  [RFC7416] provides a thorough analysis of
   security threats and proposed countermeasures relevant to RPL
   and MPL.

   In accordance with Section 8.1 ("Confidentiality Features") of
   [RFC7416], RPL message security implements payload protection, as
   explained in Section 7 of this document.  The attributes for key
   length and lifetime of the keys depend on operational conditions,
   maintenance, and installation procedures.

   Sections 7.1 and 7.2 of this document recommend link-layer security
   to assure integrity in accordance with Section 8.2 ("Integrity
   Features") of [RFC7416].

   The provision of multiple paths recommended in Section 8.3
   ("Availability Features") of [RFC7416] is also recommended from a
   reliability point of view.  Randomly choosing paths MAY be supported.

Top      Up      ToC       Page 28 
   A mechanism for key management, as discussed in Section 8.4 ("Key
   Management") of [RFC7416], is provided in Section 4.1.8.2 of this
   document.

8.  Other Related Protocols

   Application and transport protocols used in home and building
   automation domains are expected to mostly consist of CoAP over UDP,
   or equivalents.  Typically, UDP is used for IP transport to keep down
   the application response time and bandwidth overhead.  CoAP is used
   at the application layer to reduce memory footprint and bandwidth
   requirements.

9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3748]  Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
              Levkowetz, Ed., "Extensible Authentication Protocol
              (EAP)", RFC 3748, DOI 10.17487/RFC3748, June 2004,
              <http://www.rfc-editor.org/info/rfc3748>.

   [RFC4279]  Eronen, P., Ed., and H. Tschofenig, Ed., "Pre-Shared Key
              Ciphersuites for Transport Layer Security (TLS)",
              RFC 4279, DOI 10.17487/RFC4279, December 2005,
              <http://www.rfc-editor.org/info/rfc4279>.

   [RFC4492]  Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
              Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
              for Transport Layer Security (TLS)", RFC 4492,
              DOI 10.17487/RFC4492, May 2006,
              <http://www.rfc-editor.org/info/rfc4492>.

   [RFC4868]  Kelly, S. and S. Frankel, "Using HMAC-SHA-256,
              HMAC-SHA-384, and HMAC-SHA-512 with IPsec", RFC 4868,
              DOI 10.17487/RFC4868, May 2007,
              <http://www.rfc-editor.org/info/rfc4868>.

   [RFC4944]  Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
              "Transmission of IPv6 Packets over IEEE 802.15.4
              Networks", RFC 4944, DOI 10.17487/RFC4944, September 2007,
              <http://www.rfc-editor.org/info/rfc4944>.

Top      Up      ToC       Page 29 
   [RFC5116]  McGrew, D., "An Interface and Algorithms for Authenticated
              Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008,
              <http://www.rfc-editor.org/info/rfc5116>.

   [RFC5191]  Forsberg, D., Ohba, Y., Ed., Patil, B., Tschofenig, H.,
              and A. Yegin, "Protocol for Carrying Authentication for
              Network Access (PANA)", RFC 5191, DOI 10.17487/RFC5191,
              May 2008, <http://www.rfc-editor.org/info/rfc5191>.

   [RFC5216]  Simon, D., Aboba, B., and R. Hurst, "The EAP-TLS
              Authentication Protocol", RFC 5216, DOI 10.17487/RFC5216,
              March 2008, <http://www.rfc-editor.org/info/rfc5216>.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
              (TLS) Protocol Version 1.2", RFC 5246,
              DOI 10.17487/RFC5246, August 2008,
              <http://www.rfc-editor.org/info/rfc5246>.

   [RFC5288]  Salowey, J., Choudhury, A., and D. McGrew, "AES Galois
              Counter Mode (GCM) Cipher Suites for TLS", RFC 5288,
              DOI 10.17487/RFC5288, August 2008,
              <http://www.rfc-editor.org/info/rfc5288>.

   [RFC5289]  Rescorla, E., "TLS Elliptic Curve Cipher Suites with
              SHA-256/384 and AES Galois Counter Mode (GCM)", RFC 5289,
              DOI 10.17487/RFC5289, August 2008,
              <http://www.rfc-editor.org/info/rfc5289>.

   [RFC5487]  Badra, M., "Pre-Shared Key Cipher Suites for TLS with
              SHA-256/384 and AES Galois Counter Mode", RFC 5487,
              DOI 10.17487/RFC5487, March 2009,
              <http://www.rfc-editor.org/info/rfc5487>.

   [RFC5548]  Dohler, M., Ed., Watteyne, T., Ed., Winter, T., Ed., and
              D. Barthel, Ed., "Routing Requirements for Urban Low-Power
              and Lossy Networks", RFC 5548, DOI 10.17487/RFC5548,
              May 2009, <http://www.rfc-editor.org/info/rfc5548>.

   [RFC5673]  Pister, K., Ed., Thubert, P., Ed., Dwars, S., and T.
              Phinney, "Industrial Routing Requirements in Low-Power and
              Lossy Networks", RFC 5673, DOI 10.17487/RFC5673,
              October 2009, <http://www.rfc-editor.org/info/rfc5673>.

   [RFC5826]  Brandt, A., Buron, J., and G. Porcu, "Home Automation
              Routing Requirements in Low-Power and Lossy Networks",
              RFC 5826, DOI 10.17487/RFC5826, April 2010,
              <http://www.rfc-editor.org/info/rfc5826>.

Top      Up      ToC       Page 30 
   [RFC5867]  Martocci, J., Ed., De Mil, P., Riou, N., and W. Vermeylen,
              "Building Automation Routing Requirements in Low-Power and
              Lossy Networks", RFC 5867, DOI 10.17487/RFC5867,
              June 2010, <http://www.rfc-editor.org/info/rfc5867>.

   [RFC6282]  Hui, J., Ed., and P. Thubert, "Compression Format for IPv6
              Datagrams over IEEE 802.15.4-Based Networks", RFC 6282,
              DOI 10.17487/RFC6282, September 2011,
              <http://www.rfc-editor.org/info/rfc6282>.

   [RFC6345]  Duffy, P., Chakrabarti, S., Cragie, R., Ohba, Y., Ed., and
              A. Yegin, "Protocol for Carrying Authentication for
              Network Access (PANA) Relay Element", RFC 6345,
              DOI 10.17487/RFC6345, August 2011,
              <http://www.rfc-editor.org/info/rfc6345>.

   [RFC6550]  Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
              Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
              JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
              Low-Power and Lossy Networks", RFC 6550,
              DOI 10.17487/RFC6550, March 2012,
              <http://www.rfc-editor.org/info/rfc6550>.

   [RFC6551]  Vasseur, JP., Ed., Kim, M., Ed., Pister, K., Dejean, N.,
              and D. Barthel, "Routing Metrics Used for Path Calculation
              in Low-Power and Lossy Networks", RFC 6551,
              DOI 10.17487/RFC6551, March 2012,
              <http://www.rfc-editor.org/info/rfc6551>.

   [RFC6554]  Hui, J., Vasseur, JP., Culler, D., and V. Manral, "An IPv6
              Routing Header for Source Routes with the Routing Protocol
              for Low-Power and Lossy Networks (RPL)", RFC 6554,
              DOI 10.17487/RFC6554, March 2012,
              <http://www.rfc-editor.org/info/rfc6554>.

   [RFC6655]  McGrew, D. and D. Bailey, "AES-CCM Cipher Suites for
              Transport Layer Security (TLS)", RFC 6655,
              DOI 10.17487/RFC6655, July 2012,
              <http://www.rfc-editor.org/info/rfc6655>.

   [RFC6786]  Yegin, A. and R. Cragie, "Encrypting the Protocol for
              Carrying Authentication for Network Access (PANA)
              Attribute-Value Pairs", RFC 6786, DOI 10.17487/RFC6786,
              November 2012, <http://www.rfc-editor.org/info/rfc6786>.

Top      Up      ToC       Page 31 
   [RFC6997]  Goyal, M., Ed., Baccelli, E., Philipp, M., Brandt, A., and
              J. Martocci, "Reactive Discovery of Point-to-Point Routes
              in Low-Power and Lossy Networks", RFC 6997,
              DOI 10.17487/RFC6997, August 2013,
              <http://www.rfc-editor.org/info/rfc6997>.

   [RFC6998]  Goyal, M., Ed., Baccelli, E., Brandt, A., and J. Martocci,
              "A Mechanism to Measure the Routing Metrics along a
              Point-to-Point Route in a Low-Power and Lossy Network",
              RFC 6998, DOI 10.17487/RFC6998, August 2013,
              <http://www.rfc-editor.org/info/rfc6998>.

   [RFC7102]  Vasseur, JP., "Terms Used in Routing for Low-Power and
              Lossy Networks", RFC 7102, DOI 10.17487/RFC7102,
              January 2014, <http://www.rfc-editor.org/info/rfc7102>.

   [RFC7251]  McGrew, D., Bailey, D., Campagna, M., and R. Dugal,
              "AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites
              for TLS", RFC 7251, DOI 10.17487/RFC7251, June 2014,
              <http://www.rfc-editor.org/info/rfc7251>.

   [RFC7296]  Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
              Kivinen, "Internet Key Exchange Protocol Version 2
              (IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296,
              October 2014, <http://www.rfc-editor.org/info/rfc7296>.

   [RFC7416]  Tsao, T., Alexander, R., Dohler, M., Daza, V., Lozano, A.,
              and M. Richardson, Ed., "A Security Threat Analysis for
              the Routing Protocol for Low-Power and Lossy Networks
              (RPLs)", RFC 7416, DOI 10.17487/RFC7416, January 2015,
              <http://www.rfc-editor.org/info/rfc7416>.

   [RFC7731]  Hui, J. and R. Kelsey, "Multicast Protocol for Low-Power
              and Lossy Networks (MPL)", RFC 7731, DOI 10.17487/RFC7731,
              February 2016, <http://www.rfc-editor.org/info/rfc7731>.

Top      Up      ToC       Page 32 
   [IEEE802.15.4]
              IEEE, "IEEE Standard for Local and metropolitan area
              networks--Part 15.4: Low-Rate Wireless Personal Area
              Networks (LR-WPANs)", IEEE 802.15.4,
              DOI 10.1109/ieeestd.2011.6012487,
              <http://ieeexplore.ieee.org/servlet/
              opac?punumber=6012485>.

   [G.9959]   International Telecommunication Union, "Short range
              narrow-band digital radiocommunication transceivers - PHY,
              MAC, SAR and LLC layer specifications", ITU-T
              Recommendation G.9959, January 2015,
              <http://www.itu.int/rec/T-REC-G.9959>.

9.2.  Informative References

   [RFC3411]  Harrington, D., Presuhn, R., and B. Wijnen, "An
              Architecture for Describing Simple Network Management
              Protocol (SNMP) Management Frameworks", STD 62, RFC 3411,
              DOI 10.17487/RFC3411, December 2002,
              <http://www.rfc-editor.org/info/rfc3411>.

   [RFC3561]  Perkins, C., Belding-Royer, E., and S. Das, "Ad hoc
              On-Demand Distance Vector (AODV) Routing", RFC 3561,
              DOI 10.17487/RFC3561, July 2003,
              <http://www.rfc-editor.org/info/rfc3561>.

   [RFC5889]  Baccelli, E., Ed., and M. Townsley, Ed., "IP Addressing
              Model in Ad Hoc Networks", RFC 5889, DOI 10.17487/RFC5889,
              September 2010, <http://www.rfc-editor.org/info/rfc5889>.

   [RFC6552]  Thubert, P., Ed., "Objective Function Zero for the Routing
              Protocol for Low-Power and Lossy Networks (RPL)",
              RFC 6552, DOI 10.17487/RFC6552, March 2012,
              <http://www.rfc-editor.org/info/rfc6552>.

   [RFC7228]  Bormann, C., Ersue, M., and A. Keranen, "Terminology for
              Constrained-Node Networks", RFC 7228,
              DOI 10.17487/RFC7228, May 2014,
              <http://www.rfc-editor.org/info/rfc7228>.

   [RFC7390]  Rahman, A., Ed., and E. Dijk, Ed., "Group Communication
              for the Constrained Application Protocol (CoAP)",
              RFC 7390, DOI 10.17487/RFC7390, October 2014,
              <http://www.rfc-editor.org/info/rfc7390>.

Top      Up      ToC       Page 33 
   [RFC7428]  Brandt, A. and J. Buron, "Transmission of IPv6 Packets
              over ITU-T G.9959 Networks", RFC 7428,
              DOI 10.17487/RFC7428, February 2015,
              <http://www.rfc-editor.org/info/rfc7428>.

   [SOFT11]   Baccelli, E., Philipp, M., and M. Goyal, "The P2P-RPL
              Routing Protocol for IPv6 Sensor Networks: Testbed
              Experiments", Proceedings of the 19th Annual Conference on
              Software Telecommunications and Computer Networks, Split,
              Croatia, September 2011.

   [INTEROP12]
              Philipp, M., Baccelli, E., Brandt, A., Valev, H., and J.
              Buron, "Report on P2P-RPL Interoperability Testing", INRIA
              Research Report RR-7864, January 2012.

   [RT-MPL]   van der Stok, P., "Real-Time multicast for wireless mesh
              networks using MPL", White paper, April 2014,
              <http://www.vanderstok.org/papers/Real-time-MPL.pdf>.

   [OccuSwitch]
              Philips lighting Electronics, "OccuSwitch Wireless
              (brochure)", May 2012,
              <http://www.philipslightingcontrols.com/assets/
              cms/uploads/files/osw/MK_OSWNETBROC_5.pdf>.

   [Office-Light]
              Clanton and Associates, Inc., "Wireless Lighting Control -
              A Life Cycle Cost Evaluation of Multiple Lighting Control
              Strategies", February 2014, <http://www.daintree.net/
              wp-content/uploads/2014/02/
              clanton_lighting_control_report_0411.pdf>.

   [RTN2011]  Holtman, K. and P. van der Stok, "Real-time routing for
              low-latency 802.15.4 control networks", 23rd Euromicro
              Conference on Real-Time Systems, Porto, Portugal,
              July 2011.

   [MEAS]     Holtman, K., "Connectivity loss in large scale
              IEEE 802.15.4 network", Private Communication,
              November 2013.

Top      Up      ToC       Page 34 
   [BC-Survey]
              Kastner, W., Neugschwandtner, G., Soucek, S., and H.
              Newmann, "Communication Systems for Building Automation
              and Control", Proceedings of the IEEE, Vol. 93, No. 6,
              DOI 10.1109/JPROC.2005.849726, June 2005.

   [ZigBeeIP]
              ZigBee Alliance, "ZigBee IP specification", ZigBee
              document 095023r34, March 2014, <http://www.zigbee.org/>.

Top      Up      ToC       Page 35 
Appendix A.  RPL Shortcomings in Home and Building Deployments

A.1.  Risk of Undesirable Long P2P Routes

   The DAG, being a tree structure, is formed from a root.  If nodes
   residing in different branches need to communicate internally, DAG
   mechanisms provided in RPL [RFC6550] will propagate traffic towards
   the root, potentially all the way to the root, and down along another
   branch [RFC6998].  In a typical example, two nodes could reach each
   other via only two router nodes, but in some unfortunate cases, RPL
   may send traffic three hops up and three hops down again.  This leads
   to several undesirable phenomena, as described in the following
   sections.

A.1.1.  Traffic Concentration at the Root

   If many P2P data flows have to move up towards the root to get down
   again in another branch, there is an increased risk of congestion the
   nearer to the root of the DAG the data flows.  Due to the broadcast
   nature of radio frequency (RF) systems, any child node of the root is
   not only directing RF power downwards in its sub-tree but just as
   much upwards towards the root, potentially jamming other MP2P traffic
   leaving the tree or preventing the root of the DAG from sending P2MP
   traffic into the DAG because the listen-before-talk link-layer
   protection kicks in.

A.1.2.  Excessive Battery Consumption in Source Nodes

   Battery-powered nodes originating P2P traffic depend on the route
   length.  Long routes cause source nodes to stay awake for longer
   periods before returning to sleep.  Thus, a longer route translates
   proportionally (more or less) into higher battery consumption.

A.2.  Risk of Delayed Route Repair

   The RPL DAG mechanism uses DIO and DAO messages to monitor the health
   of the DAG.  On rare occasions, changed radio conditions may render
   routes unusable just after a destination node has returned a DAO
   indicating that the destination is reachable.  Given enough time, the
   next Trickle timer-controlled DIO/DAO update will eventually repair
   the broken routes; however, this may not occur in a timely manner
   appropriate to the application.  In an apparently stable DAG,
   Trickle timer dynamics may reduce the update rate to a few times
   every hour.  If a user issues an actuator command, e.g., light on in
   the time interval between the time that the last DAO message was
   issued the destination module and the time that one of the parents
   sends the next DIO, the destination cannot be reached.  There is no

Top      Up      ToC       Page 36 
   mechanism in RPL to initiate the restoration of connectivity in a
   reactive fashion.  The consequence is a broken service in home and
   building applications.

A.2.1.  Broken Service

   Experience from the telecom industry shows that if the voice delay
   exceeds 250 ms, users start getting confused, frustrated, and/or
   annoyed.  In the same way, if the light does not turn on within the
   same period of time, a home control user will activate the controls
   again, causing a sequence of commands such as
   Light{on,off,off,on,off,...} or Volume{up,up,up,up,up,...}.  Whether
   the outcome is nothing or some unintended response, this is
   unacceptable.  A controlling system must be able to restore
   connectivity to recover from the error situation.  Waiting for an
   unknown period of time is not an option.  Although this issue was
   identified during the P2P analysis, it applies just as well to
   application scenarios where an IP application outside the LLN
   controls actuators, lights, etc.

Appendix B.  Communication Failures

   Measurements of connectivity between neighboring nodes are discussed
   in [RTN2011] and [MEAS].

   The work is motivated by the measurements in literature that affirm
   that the range of an antenna is not circle symmetric but that the
   signal strength of a given level follows an intricate pattern around
   the antenna, and there may be holes within the area delineated by a
   polar plot.  It is reported that communication is not symmetric:
   reception of messages from node A by node B does not imply reception
   of messages from node B by node A.  The quality of the signal
   fluctuates over time, and also the height of the antenna within a
   room can have consequences for the range.  As a function of the
   distance from the source, three regions are generally recognized:
   (1) a clear region with excellent signal quality, (2) a region with
   fluctuating signal quality, and (3) a region without reception.
   Installation of meshes with neighbors in the clear region is not
   sufficient, as described below.

Top      Up      ToC       Page 37 
   [RTN2011] extends existing work by:

   o  Observations over periods of at least a week,

   o  Testing links that are in the clear region,

   o  Observation in an office building during working hours, and

   o  Concentrating on one-hop and two-hop routes.

   Eight nodes were distributed over a surface of 30 square meters.  All
   nodes are at a one-hop distance from each other, and all are situated
   in each other's clear region.  Each node sends messages to each of
   its neighbors and repeats the message until it arrives.  The latency
   of the message was measured over periods of at least a week.  It was
   noticed that latencies longer than a second occurred without any
   apparent reason, but only during working days and never during the
   weekends.  Bad periods could last for minutes.  By sending messages
   via two paths -- (1) a one-hop path directly and (2) a two-hop path
   via a randomly chosen neighbor -- the probability of delays larger
   than 100 ms decreased significantly.

   The conclusion is that even for one-hop communication between
   not-too-distant "line of sight" nodes, there are periods of low
   reception in which communication deadlines of 200 ms are exceeded.
   It pays to send a second message over a two-hop path to increase the
   reliability of timely message transfer.

   [MEAS] confirms that temporary bad reception by close neighbors can
   occur within other types of areas.  Nodes were installed on the
   ceiling in a grid with a distance of 30-50 cm between them.
   Two hundred nodes were distributed over an area of 10 m x 5 m.  It
   clearly transpired that with increasing distance the probability of
   reception decreased.  At the same time, a few nodes furthest away
   from the sender had a high probability of message reception, while
   some close neighbors of the sender did not receive messages.  The
   patterns of nodes experiencing good reception evolved over time.

   The conclusion here is that even for direct neighbors reception can
   temporarily be bad for periods of several minutes.  For reliable and
   timely communication, it is imperative to have at least two
   communication paths available (e.g., two-hop paths next to the
   one-hop path for direct neighbors).

Top      Up      ToC       Page 38 
Acknowledgements

   This document reflects discussions and remarks from several
   individuals, including (in alphabetical order) Stephen Farrell, Mukul
   Goyal, Sandeep Kumar, Jerry Martocci, Catherine Meadows, Yoshihiro
   Ohba, Charles Perkins, Yvonne-Anne Pignolet, Michael Richardson, Ines
   Robles, Zach Shelby, and Meral Sherazipour.

Authors' Addresses

   Anders Brandt
   Sigma Designs

   Email: anders_Brandt@sigmadesigns.com


   Emmanuel Baccelli
   INRIA

   Email: Emmanuel.Baccelli@inria.fr


   Robert Cragie
   ARM Ltd.
   110 Fulbourn Road
   Cambridge  CB1 9NJ
   United Kingdom

   Email: robert.cragie@arm.com


   Peter van der Stok
   Consultant

   Email: consultancy@vanderstok.org