[Roll] DT update -- MUSTs
Tim Winter <wintert@acm.org> Fri, 15 May 2009 02:08 UTC
Return-Path: <wintert@acm.org>
X-Original-To: roll@core3.amsl.com
Delivered-To: roll@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 73D8228C277 for <roll@core3.amsl.com>; Thu, 14 May 2009 19:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.855
X-Spam-Level:
X-Spam-Status: No, score=-101.855 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_05=-1.11, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvnClngdvT7R for <roll@core3.amsl.com>; Thu, 14 May 2009 19:08:19 -0700 (PDT)
Received: from smtp108.prem.mail.ac4.yahoo.com (smtp108.prem.mail.ac4.yahoo.com [76.13.13.47]) by core3.amsl.com (Postfix) with SMTP id C99B228C125 for <roll@ietf.org>; Thu, 14 May 2009 19:08:18 -0700 (PDT)
Received: (qmail 57769 invoked from network); 15 May 2009 02:09:50 -0000
Received: from unknown (HELO ?192.168.47.101?) (wintert@206.83.249.194 with plain) by smtp108.prem.mail.ac4.yahoo.com with SMTP; 15 May 2009 02:09:49 -0000
X-YMail-OSG: ffkWKLQVM1kF6jmSi6yROkfQRF6Qpb1ZIZh0Oz1ZdGZ4UfSa5xgGsZ3aQoOBYyFsoRQ7ja.sWf0vILCnkZzrON9dCi.IRuMenScwnc7NdkT6tFJuZg8aYd5UJ3y0UN4bWgZneOYuF_ze6Srm5Qn5XfugKzuLQVfQ9GNsmK_29AA4pjAlNnhkbQbNHUyp_hZzAQJdRHw6VAqv7prwABfIG_j84pmENKSbxqYUhRDqLVasE.r39SJzJRJTRKgi.XTA4UAuN8s2wDr5rTA0yKj4Q.5dzjTcgvA.GL1V2YeElvT8QNemYNlTCI4clwpnfGNa_7BLOg--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4A0CCEE8.8020709@acm.org>
Date: Thu, 14 May 2009 22:09:44 -0400
From: Tim Winter <wintert@acm.org>
User-Agent: Thunderbird 2.0.0.21 (X11/20090330)
MIME-Version: 1.0
To: ROLL WG <roll@ietf.org>, dtroll@external.cisco.com
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: [Roll] DT update -- MUSTs
X-BeenThere: roll@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Routing Over Low power and Lossy networks <roll.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/roll>
List-Post: <mailto:roll@ietf.org>
List-Help: <mailto:roll-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/roll>, <mailto:roll-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2009 02:08:21 -0000
WG,
With the recent discussions regarding MUSTs, trade-offs, and how to
reconcile the 4 different requirements documents into one protocol, I do
hope that this update provides some useful insights into how the DT
is proceeding.
Here is a list of extracted MUSTs, with some categorization, along with
uncategorized SHOULDs.
Please do carefully note the following:
1) The source requirements documents contain much more background
text and detail for interpreting the meaning and intent of the MUSTs than
appears in this summary list. This summary list is quite simply keyed off
of MUSTs (and SHOULDs) in the requirements documents. This list can be
used like an index, but the requirements documents give further context
which is important for detailed interpretation, and the requirements
documents are authoritative.
2) The categories presented here may be considered a very coarse
grouping. The intent was to begin to place the 4 requirements documents
side by side in a way that is meaningful to begin interpretation, but is
not intended to be a precise taxonomy. Similarly, please do not place too
much meaning in the category names per se, they are perhaps coarse, but the
intent is that the grouped functionalities are related. Finally, the
coarse groupings may well produce `overlap' in some cases.
3) In some places [editorial comments] are added that do not
appear in the original drafts.
The design team underwent an exercise of going through and discussing
these requirements, and at a first cut asked `can this requirement _not_ be
satisfied?'. This exercise provides further familiarization with the
requirements as well as a crude `reality check' if you will.
So far, no requirement is clearly ruled out, and there is a basis to
continue the discussion of what a routing protocol solution to meet these
requirements will look like.
It is also clear when we look at these requirements that an attempt to find
or meet an intersection between all of them is very challenging.
Nevertheless, it is not our intended approach to pick and choose, e.g. we
do not want to say `let us define a protocol that will satisfy XXX in
HOME, but at the cost of YYY in INDUSTRIAL'. We are tasked clearly to try
and define _one_ protocol to satisfy _all_ of the requirements. Perhaps
as the process continues it will become clear and necessary that such a
`hard' trade-off needs to be made to resolve some fundamental conflict, but
it would be very premature to say such things at this point. If such a
trade-off emerges and becomes inevitable, there will most certainly be very
careful discussion and justification to be made.
This is the inspiration behind the approach we are taking:
1) define a basic core protocol + optional extensions
2) allow the protocol to be parameterized
-> such that the implementor has the ability to make appropriate detailed
trade-offs with the guidance of applicability statements as appropriate to
the target application/platform.
It is our hope that by following this approach we have a protocol which
provides a practical and implementable framework in which can be made
proper and measured compromises with respect to different applications.
We do hope not to end up with a duck ;)
More updates to come as the work proceeds.
Regards,
-Tim
---------------------------------------------------------------------------
- Categorized MUSTs
Sources:
draft-ietf-roll-urban-routing-reqs-05.txt
draft-ietf-roll-indus-routing-reqs-05.txt
draft-ietf-roll-building-routing-reqs-05.txt
draft-ietf-roll-home-routing-reqs-06.txt
---------------------------------------------------------------------------
A. General:
-----------
A.1
URBAN: For the latter [patches/updates], the protocol(s) MUST support
multi- and any-cast addressing.
A.2
URBAN: Routing protocols activated in urban sensor networks MUST
support unicast (traffic is sent to a single field device),
multicast (traffic is sent to a set of devices that are
subscribed to the same multicast group), and anycast (where
multiple field devices are configured to accept traffic sent
on a single IP anycast address) transmission schemes.
A.3
BUILDING: Routing MUST support anycast, unicast, and multicast.
A.4
BUILDING: A network device MUST be able to communicate in a peer-
to-peer manner with any other device on the network. Thus, the
routing protocol MUST provide routes between arbitrary hosts
within the appropriate administrative domain.
A.5
BUILDING: The routing protocol MUST support a metric of route quality
and optimize path selection according to such metrics within
constraints established for links along the paths.
A.6
BUILDING: In such cases [sleeping nodes], the routing protocol MUST
discover the capability of a node to act as a proxy during
path calculation; then deliver the packet to the assigned
proxy for later delivery to the sleeping device upon its next
awakened cycle.
B. Traffic Flows:
-----------------
[ Node -> (thru) LBR ]
[ (thru) LBR -> Node ]
[ Node -> Node ]
B.1
URBAN: The routing protocol MUST be able to accommodate traffic
bursts by dynamically computing and selecting multiple paths
towards the same destination.
B.2
INDUSTRIAL: The routing protocol MUST be able to compute paths of
not-necessarily-equal cost toward a given destination so as to
enable load balancing across a variety of paths.
B.3
INDUSTRIAL: The routing protocol MUST be able to compute a set of
unidirectional routes with potentially different costs that
are composed of one or more non-congruent paths.
C. Autonomous Configuration/Management/Reliability:
----------------------------------------
C.1
URBAN: To this end, the routing protocol(s) MUST provide a set of
features including 0-configuration at network ramp-up,
(network-internal) self- organization and configuration due to
topological changes, and the ability to support
(network-external) patches and configuration updates.
C.2
INDUSTRIAL: The routing protocol MUST route on paths that are changed to
appropriately provision the application requirements. The
routing protocol MUST support the ability to recompute paths
based on Network Layer abstractions of the underlying link
attributes/metric that may change dynamically.
C.3
INDUSTRIAL: The routing algorithm MUST be able to generate different
routes with different characteristics (e.g. optimized
according to difference cost, etc...).
C.4
INDUSTRIAL: The routing protocol MUST enable the full discovery and setup
of the environment (available links, selected peers, reachable
network). The protocol also MUST support the distribution of
configuration from a centralized management controller if
operator-initiated configuration change is allowed.
C.5
BUILDING: It MUST be possible to fully commission network devices
without requiring any additional commissioning device (e.g.
laptop).
C.6
BUILDING: Devices referencing data in the replaced device MUST be able
to reference data in its replacement without being
reconfigured to refer to the new device. Thus, such a
reference cannot be a hardware identifier, such as the MAC
address, nor a hard-coded route. If such a reference is an IP
address, the replacement device MUST be assigned the IP
addressed previously bound to the replaced device. Or if the
logical equivalent of a hostname is used for the reference, it
must be translated to the replacement IP address.
C.7
HOME: Thus the routing protocol designed for home automation
networks MUST provide a set of features including zero-
configuration of the routing protocol for a new node to be
added to the network. From a routing perspective,
zero-configuration means that a node can obtain an address
and join the network on its own, without human intervention.
C.8
HOME: The routing protocol MUST support the ability to isolate a
misbehaving node thus preserving the correct operation of the
overall network.
D. Scalability:
---------------
D.1
URBAN: The routing protocol(s) MUST be capable of supporting the
organization of a large number of sensing nodes into regions
containing on the order of 10^2 to 10^4 sensing nodes each.
D.2
URBAN: The routing protocol(s) MUST be scalable so as to accommodate
a very large and increasing number of nodes without
deteriorating selected performance parameters below
configurable thresholds.
D.3
BUILDING: The routing protocol MUST be able to support networks with at
least 2000 nodes supporting at least 1000 routing devices and
1000 non-routing device. Subnetworks (e.g. rooms, primary
equipment) within the network must support upwards to 255
sensors and/or actuators.
D.4
HOME: The routing protocol MUST support 250 devices in the network.
E. Performance:
---------------
E.1
INDUSTRIAL: The routing algorithm MUST find the appropriate route(s) and
report success or failure within several minutes, and SHOULD
report success or failure within tens of seconds.
E.2
INDUSTRIAL: The routing algorithm MUST respond to normal link failure
rates with routes that meet the Service requirements
(especially latency) throughout the routing response. The
routing algorithm SHOULD always be in the process of
recalculating the route in response to changing link
statistics. The routing algorithm MUST recalculate the paths
when field devices change due to insertion, removal or
failure, and this recalculation MUST NOT cause latencies
greater than the specified constraints (typically seconds to
minutes).
E.3
HOME: The routing protocol MUST provide mobility with convergence
time below 0.5 second if only the sender has moved.
E.4
HOME: Sleeping nodes may appear to be non-responsive. The routing
protocol MUST take into account the delivery time to a
sleeping target node. The wake-up interval of a sleeping node
MUST be less than one second.
E.5
HOME: The routing protocol MUST converge within 0.5 second if no
nodes have moved.
E.6
HOME: The routing protocol MUST converge within 2 seconds if the
destination node of the packet has moved.
F. Constraint-based Routing:
----------------------------
F.1
URBAN: To this end, the routing protocol(s) MUST support parameter
constrained routing, where examples of such parameters (CPU,
memory size, battery level, etc.) have been given in the
previous paragraph. In other words the routing protocol MUST
be able to advertise node capabilities that will be
exclusively used by the routing protocol engine for routing
decision.
F.2
INDUSTRIAL: The routing protocol MUST also support different metric types
for each link used to compute the path according to some
objective function (e.g. minimize latency) depending on the
nature of the traffic.
F.3
INDUSTRIAL: The routing algorithm MUST support node-constrained routing
(e.g. taking into account the existing energy state as a node
constraint). Node constraints include power and memory, as
well as constraints placed on the device by the user, such as
battery life.
F.4
BUILDING: The routing protocol MUST take into account device
characteristics such as power budget.
F.5
HOME: The routing protocol MUST support constraint-based routing
taking into account node properties (CPU, memory, level of
energy, sleep intervals, safety/convenience of changing
battery).
G. Security:
------------
G.1
URBAN: The U-LLN network MUST deny any node who has not been
authenticated to the U-LLN and authorized to participate to
the routing decision process.
G.2
URBAN: Mechanisms MUST be in place to deny any node which attempts
to take malicious advantage of self-configuration and self-
organization procedures.
G.3
URBAN: A node MUST authenticate itself to a trusted node that is
already associated with the U-LLN before the former can take
part in self-configuration or self-organization.
G.4
URBAN: A node that has already authenticated and associated with the
U-LLN MUST deny, to the maximum extent possible, the
allocation of resources to any unauthenticated peer.
G.5
URBAN: The routing protocol(s) MUST deny service to any node which
has not clearly established trust with the U-LLN.
G.6
URBAN: To this end, routing protocol(s) proposed in the context of
U-LLNs MUST support authentication and integrity measures and
SHOULD support confidentiality (routing security) measures.
G.7
INDUSTRIAL: The routing MUST be configured and managed using secure
messages and protocols that prevent outsider attacks and limit
insider attacks from field devices installed in insecure
locations in the plant.
G.8
BUILDING: Authentication policy and updates MUST be routable
over-the-air.
G.9
BUILDING: Data encryption of packets MUST optionally be supported by
use of either a network wide key and/or application key.
G.10
BUILDING: The routing protocol MUST allow routing a packet encrypted
with an application key through forwarding devices that
without requiring each node in the path have the application
key.
G.11
BUILDING: The encryption policy MUST support encryption of the payload
only or the entire packet.
G.12
BUILDING: Due to the limited resources of an LLN, the security policy
defined within the LLN MUST be able to differ from that of the
rest of the IP network within the facility yet packets MUST
still be able to route to or through the LLN from/to these
networks.
G.13
BUILDING: The routing protocol MUST gracefully handle routing temporal
security updates (e.g. dynamic keys) to sleeping devices on
their 'awake' cycle to assure that sleeping devices can
readily and efficiently access then network.
G.14
HOME: The routing protocol chosen for ROLL MUST allow for low-
power, low-cost network devices with limited security needs.
G.15
HOME: Protection against unintentional inclusion in neighboring
networks MUST be provided.
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Uncategorized SHOULDs
---------------------------------------------------------------------------
draft-ietf-roll-building-routing-reqs
---------------------------------------------------------------------------
5.1.3. Local Testing
Routing should allow for temporary ad hoc paths to be established that are
updated as the network physically and functionally expands.
5.3.1. Mobile Device Requirements
To minimize network dynamics, mobile devices SHOULD not be allowed to act
as forwarding devices (routers) for other devices in the LLN.
A mobile device that moves within an LLN SHOULD reestablish end-to- end
communication to a fixed device also in the LLN within 2
seconds. The network convergence time should be less than 5
seconds once the mobile device stops moving.
A mobile device that moves outside of an LLN SHOULD reestablish end-
to-end communication to a fixed device in the new LLN within 5
seconds. The network convergence time should be less than 5
seconds once the mobile device stops moving.
A mobile device that moves outside of one LLN into another LLN SHOULD
reestablish end-to-end communication to a fixed device in the
old LLN within 10 seconds. The network convergence time
should be less than 10 seconds once the mobile device stops.
A mobile device that moves outside of one LLN into another LLN SHOULD
reestablish end-to-end communication to another mobile device
in the new LLN within 20 seconds. The network convergence
time should be less than 30 seconds once the mobile devices
stop moving.
A mobile device that moves outside of one LLN into another LLN SHOULD
reestablish end-to-end communication to a mobile device in the
old LLN within 30 seconds. The network convergence time
should be less than 30 seconds once the mobile devices stop
moving.
5.4.1. Limited Processing Power for Non-routing Devices.
The software size requirement for non-routing devices (e.g. sleeping
sensors and actuators) SHOULD be implementable in 8-bit
devices with no more than 128KB of memory.
5.4.2. Limited Processing Power for Routing Devices
The software size requirements for routing devices (e.g. room controllers)
SHOULD be implementable in 8-bit devices with no more than
256KB of flash memory.
5.6.2. Route Tracking
Route diagnostics SHOULD be supported providing information such as path
quality; number of hops; available alternate active paths with
associated costs. Path quality is the relative measure of
'goodness' of the selected source to destination path as
compared to alternate paths. This composite value may be
measured as a function of hop count, signal strength,
available power, existing active paths or any other criteria
deemed by ROLL as the path cost differentiator.
5.7.1. Path Cost
[...] These metrics SHOULD reflect metrics such as signal strength,
available bandwidth, hop count, energy availability and
communication error rates.
5.7.3. Route Redundancy
The routing layer SHOULD be configurable to allow secondary and tertiary
paths to be established and used upon failure of the primary
path.
5.7.4. Route Discovery Time
If route discovery occurs during packet transmission time, it SHOULD NOT
add more than 120ms of latency to the packet delivery time.
5.7.5. Route Preference
Route cost algorithms SHOULD allow the installer to optionally select
'preferred' paths based on the known spatial layout of the
communicating devices.
---------------------------------------------------------------------------
draft-ietf-roll-home-routing-reqs
---------------------------------------------------------------------------
<EMPTY>
---------------------------------------------------------------------------
roll-indus-routing-reqs
---------------------------------------------------------------------------
-
In fast control, tens of milliseconds of latency is typical.
[...]
For these reasons, the ROLL routing infrastructure is required to compute
and update constrained routes on demand, and it can be
expected that this model will become more prevalent for field
device to field device connectivity as well as for some field
device to Infrastructure devices over time.
[ A route that connects a field device to a plant application may have
multiple paths that go through more than one LLN access
point. The routing protocol MUST be able to compute paths of
not-necessarily-equal cost toward a given destination so as to
enable load balancing across a variety of paths. The
availability of each path in a multipath route can change over
time. Hence, it is important to measure the availability on a
per-path basis and select a path (or paths) according to the
availability requirements. ]
The routing protocol SHOULD support broadcast or multicast addressing.
The routing protocol SHOULD support the wireless worker with fast network
connection times of a few of seconds, and low command and
response latencies to the plant behind the LLN access points,
to applications, and to field devices. The routing protocol
SHOULD also support the bandwidth allocation for bulk
transfers between the field device and the handheld device of
the wireless worker. The routing protocol SHOULD support
walking speeds for maintaining network connectivity as the
handheld device changes position in the wireless network.
The routing protocol SHOULD NOT require to preprovision information about
the environment where the node will be deployed. The routing
protocol MUST enable the full discovery and setup of the
environment (available links, selected peers, reachable
network).The protocol also MUST support the distribution of
configuration from a centralized management controller if
operator-initiated configuration change is allowed.
In industrial plants it must be assumed that the field devices have
marginal physical security and might be compromised. The
routing protocol SHOULD limit the risk incurred by one node
being compromised, for instance by proposing non congruent
path for a given route and balancing the traffic across the
network.
The routing protocol SHOULD compartmentalize the trust placed in field
devices so that a compromised field device does not destroy
the security of the whole network.
---------------------------------------------------------------------------
-
draft-ietf-roll-urban-routing-reqs-04
---------------------------------------------------------------------------
-
The routing protocols(s) SHOULD support the organization of a large number
of nodes into regions of configurable size.
Routing within urban sensor networks SHOULD require the U-LLN nodes to
dynamically compute, select and install different paths
towards a same destination, depending on the nature of the
traffic. Such functionality in support of, for example, data
aggregation, may imply to use some mechanisms to mark/tag the
traffic for appropriate routing decision using the IPv6 packet
format (e.g. use of DSCP, Flow Label) based on an upper layer
marking decision.
The protocol(s) SHOULD also support the formation and identification of
groups of field devices in the network.
The routing protocol(s) SHOULD be able to dynamically adapt, e.g. through
the application of appropriate routing metrics, to ever-
changing conditions of communication (possible degradation of
QoS, variable nature of the traffic (real time vs. non real
time, sensed data vs. alerts), node mobility, a combination
thereof, etc.)
The routing protocol(s) SHOULD be able to dynamically compute, select and
possibly optimize the (multiple) path(s) that will be used by
the participating devices to forward the traffic towards the
actuators and/or a LBR according to the service-specific and
traffic-specific QoS, traffic engineering and routing security
policies that will have to be enforced at the scale of a
routing domain (that is, a set of networking devices
administered by a globally unique entity), or a region of such
domain (e.g. a metropolitan area composed of clusters of
sensors).
To this end, local network dynamics SHOULD NOT impact the entire network
to be re-organized or re-reconfigured; however, the network
SHOULD be locally optimized to cater for the encountered
changes. The routing protocol(s) SHOULD support appropriate
mechanisms in order to be informed of the association,
disassociation, and disappearance of nodes. The routing
protocol(s) SHOULD support appropriate updating mechanisms in
order to be informed of changes in connectivity. The routing
protocol(s) SHOULD use this information to initiate protocol
specific mechanisms for reorganization and reconfiguration as
necessary to maintain overall routing efficiency. Convergence
and route establishment times SHOULD be significantly lower
than the smallest reporting interval.
Differentiation SHOULD be made between node disappearance, where the node
disappears without prior notification, and user or node-
initiated disassociation ("phased-out"), where the node has
enough time to inform the network about its pending removal.
The routing protocol(s) SHOULD also support the ability to route according
to different metrics (one of which could e.g. be latency).
The routing protocol(s) SHOULD support defense against DoS attacks and
other attempts to maliciously or inadvertently cause the
routing protocol(s) mechanisms to over consume the limited
resources of LLN nodes, e.g. by constructing forwarding loops
or causing excessive routing protocol overhead traffic, etc.
The U-LLN SHOULD NOT interface with any external network which has not
established trust. The U-LLN SHOULD be capable of limiting the
resources granted in support of an external network so as not
to be vulnerable to DoS.
---------------------------------------------------------------------------
- [Roll] DT update -- MUSTs Tim Winter
- Re: [Roll] DT update -- MUSTs - energy for link m… Alexandru Petrescu
- Re: [Roll] DT update -- MUSTs - energy for link m… JP Vasseur
- Re: [Roll] DT update -- MUSTs - energy for link m… JP Vasseur
- Re: [Roll] DT update -- MUSTs - energy for link m… JP Vasseur
- Re: [Roll] DT update -- MUSTs - energy for link m… Alexandru Petrescu
- Re: [Roll] DT update -- MUSTs - energy for link m… Alexandru Petrescu
- Re: [Roll] DT update -- MUSTs - energy for link m… JP Vasseur