1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
|
Internet Engineering Task Force (IETF) A. Rahman, Ed.
Request for Comments: 7390 InterDigital Communications, LLC
Category: Experimental E. Dijk, Ed.
ISSN: 2070-1721 Philips Research
October 2014
Group Communication for the Constrained Application Protocol (CoAP)
Abstract
The Constrained Application Protocol (CoAP) is a specialized web
transfer protocol for constrained devices and constrained networks.
It is anticipated that constrained devices will often naturally
operate in groups (e.g., in a building automation scenario, all
lights in a given room may need to be switched on/off as a group).
This specification defines how CoAP should be used in a group
communication context. An approach for using CoAP on top of IP
multicast is detailed based on existing CoAP functionality as well as
new features introduced in this specification. Also, various use
cases and corresponding protocol flows are provided to illustrate
important concepts. Finally, guidance is provided for deployment in
various network topologies.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for examination, experimental implementation, and
evaluation.
This document defines an Experimental Protocol for the Internet
community. This document is a product of the Internet Engineering
Task Force (IETF). It represents the consensus of the IETF
community. It has received public review and has been approved for
publication by the Internet Engineering Steering Group (IESG). Not
all documents approved by the IESG are a candidate for any level of
Internet Standard; see Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7390.
Rahman & Dijk Experimental [Page 1]
^L
RFC 7390 Group Communication for CoAP October 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. This document is subject to
BCP 78 and the IETF Trust's Legal Provisions Relating to IETF
Documents (http://trustee.ietf.org/license-info) in effect on the
date of publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Conventions and Terminology . . . . . . . . . . . . . . . 4
2. Protocol Considerations . . . . . . . . . . . . . . . . . . . 5
2.1. IP Multicast Background . . . . . . . . . . . . . . . . . 5
2.2. Group Definition and Naming . . . . . . . . . . . . . . . 6
2.3. Port and URI Configuration . . . . . . . . . . . . . . . 7
2.4. RESTful Methods . . . . . . . . . . . . . . . . . . . . . 9
2.5. Request and Response Model . . . . . . . . . . . . . . . 9
2.6. Membership Configuration . . . . . . . . . . . . . . . . 10
2.6.1. Background . . . . . . . . . . . . . . . . . . . . . 10
2.6.2. Membership Configuration RESTful Interface . . . . . 11
2.7. Request Acceptance and Response Suppression Rules . . . . 17
2.8. Congestion Control . . . . . . . . . . . . . . . . . . . 19
2.9. Proxy Operation . . . . . . . . . . . . . . . . . . . . . 20
2.10. Exceptions . . . . . . . . . . . . . . . . . . . . . . . 21
3. Use Cases and Corresponding Protocol Flows . . . . . . . . . 22
3.1. Introduction . . . . . . . . . . . . . . . . . . . . . . 22
3.2. Network Configuration . . . . . . . . . . . . . . . . . . 22
3.3. Discovery of Resource Directory . . . . . . . . . . . . . 25
3.4. Lighting Control . . . . . . . . . . . . . . . . . . . . 26
3.5. Lighting Control in MLD-Enabled Network . . . . . . . . . 30
3.6. Commissioning the Network Based on Resource Directory . . 31
4. Deployment Guidelines . . . . . . . . . . . . . . . . . . . . 32
4.1. Target Network Topologies . . . . . . . . . . . . . . . . 32
4.2. Networks Using the MLD Protocol . . . . . . . . . . . . . 33
4.3. Networks Using RPL Multicast without MLD . . . . . . . . 33
4.4. Networks Using MPL Forwarding without MLD . . . . . . . . 34
4.5. 6LoWPAN Specific Guidelines for the 6LBR . . . . . . . . 35
5. Security Considerations . . . . . . . . . . . . . . . . . . . 35
5.1. Security Configuration . . . . . . . . . . . . . . . . . 35
5.2. Threats . . . . . . . . . . . . . . . . . . . . . . . . . 36
Rahman & Dijk Experimental [Page 2]
^L
RFC 7390 Group Communication for CoAP October 2014
5.3. Threat Mitigation . . . . . . . . . . . . . . . . . . . . 36
5.3.1. WiFi Scenario . . . . . . . . . . . . . . . . . . . . 37
5.3.2. 6LoWPAN Scenario . . . . . . . . . . . . . . . . . . 37
5.3.3. Future Evolution . . . . . . . . . . . . . . . . . . 37
5.4. Monitoring Considerations . . . . . . . . . . . . . . . . 38
5.4.1. General Monitoring . . . . . . . . . . . . . . . . . 38
5.4.2. Pervasive Monitoring . . . . . . . . . . . . . . . . 38
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 39
6.1. New 'core.gp' Resource Type . . . . . . . . . . . . . . . 39
6.2. New 'coap-group+json' Internet Media Type . . . . . . . . 39
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 41
7.1. Normative References . . . . . . . . . . . . . . . . . . 41
7.2. Informative References . . . . . . . . . . . . . . . . . 43
Appendix A. Multicast Listener Discovery (MLD) . . . . . . . . . 45
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 46
1. Introduction
1.1. Background
CoAP is a web transfer protocol based on Representational State
Transfer (REST) for resource constrained devices operating in an IP
network [RFC7252]. CoAP has many similarities to HTTP [RFC7230] but
also some key differences. Constrained devices can be large in
numbers but are often related to each other in function or by
location. For example, all the light switches in a building may
belong to one group, and all the thermostats may belong to another
group. Groups may be preconfigured before deployment or dynamically
formed during operation. If information needs to be sent to or
received from a group of devices, group communication mechanisms can
improve efficiency and latency of communication and reduce bandwidth
requirements for a given application. HTTP does not support any
equivalent functionality to CoAP group communication.
1.2. Scope
Group communication involves a one-to-many relationship between CoAP
endpoints. Specifically, a single CoAP client can simultaneously get
(or set) resources from multiple CoAP servers using CoAP over IP
multicast. An example would be a CoAP light switch turning on/off
multiple lights in a room with a single CoAP group communication PUT
request and handling the potential multitude of (unicast) responses.
The base protocol aspects of sending CoAP requests on top of IP
multicast and processing the (unicast IP) responses are given in
Section 8 of [RFC7252]. To provide a more complete CoAP group
communication functionality, this specification introduces new CoAP
Rahman & Dijk Experimental [Page 3]
^L
RFC 7390 Group Communication for CoAP October 2014
processing functionality (e.g., new rules for reuse of Token values,
request suppression, and proxy operation) and a new management
interface for RESTful group membership configuration.
CoAP group communication will run in the Any Source Multicast (ASM)
mode [RFC5110] of IP multicast operation. This means that there is
no restriction on the source node that sends (originates) the CoAP
messages to the IP multicast group. For example, the source node may
or may not be part of the IP multicast group. Also, there is no
restriction on the number of source nodes.
While Section 9.1 of [RFC7252] supports various modes of security
based on Datagram Transport Layer Security (DTLS) for CoAP over
unicast IP, it does not specify any security modes for CoAP over IP
multicast. That is, it is assumed per [RFC7252] that CoAP over IP
multicast is not encrypted, nor authenticated, nor access controlled.
This document assumes the same security model (see Section 5.1).
However, there are several promising security approaches being
developed that should be considered in the future for protecting CoAP
group communications (see Section 5.3.3).
1.3. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119] when they appear in ALL CAPS. When these words are not in
ALL CAPS (such as "should" or "Should"), they have their usual
English meanings and are not to be interpreted as [RFC2119] key
words.
Note that this document refers back to other RFCs, and especially
[RFC7252], to help explain overall CoAP group communication features.
However, use of [RFC2119] key words is reserved for new CoAP
functionality introduced by this specification.
This document assumes readers are familiar with the terms and
concepts that are used in [RFC7252]. In addition, this document
defines the following terminology:
Group Communication:
A source node sends a single application-layer (e.g., CoAP)
message that is delivered to multiple destination nodes, where all
destinations are identified to belong to a specific group. The
source node itself may be part of the group. The underlying
mechanisms for CoAP group communication are UDP/IP multicast for
Rahman & Dijk Experimental [Page 4]
^L
RFC 7390 Group Communication for CoAP October 2014
the requests and unicast UDP/IP for the responses. The network
involved may be a constrained network such as a low-power, lossy
network.
Reliable Group Communication:
A special case of group communication where for each destination
node, it is guaranteed that the node either 1) eventually receives
the message sent by the source node or 2) does not receive the
message and the source node is notified of the non-reception
event. An example of a reliable group communication protocol is
[RFC5740].
Multicast:
Sending a message to multiple destination nodes with one network
invocation. There are various options to implement multicast,
including layer 2 (Media Access Control) and layer 3 (IP)
mechanisms.
IP Multicast:
A specific multicast approach based on the use of IP multicast
addresses as defined in "IANA Guidelines for IPv4 Multicast
Address Assignments" [RFC5771] and "IP Version 6 Addressing
Architecture" [RFC4291]. A complete IP multicast solution may
include support for managing group memberships and IP multicast
routing/forwarding (see Section 2.1).
Low-Power and Lossy Network (LLN):
A type of constrained IP network where devices are interconnected
by low-power and lossy links. The links may be composed of one or
more technologies such as IEEE 802.15.4, Bluetooth Low Energy
(BLE), Digital Enhanced Cordless Telecommunication (DECT), and
IEEE P1901.2 power-line communication.
2. Protocol Considerations
2.1. IP Multicast Background
IP multicast protocols have been evolving for decades, resulting in
standards such as Protocol Independent Multicast - Sparse Mode (PIM-
SM) [RFC4601]. IP multicast is very popular in specific deployments
such as in enterprise networks (e.g., for video conferencing), smart
home networks (e.g., Universal Plug and Play (UPnP)), and carrier
IPTV deployments. The packet economy and minimal host complexity of
IP multicast make it attractive for group communication in
constrained environments.
Rahman & Dijk Experimental [Page 5]
^L
RFC 7390 Group Communication for CoAP October 2014
To achieve IP multicast beyond link-local (LL) scope, an IP multicast
routing or forwarding protocol needs to be active on IP routers. An
example of a routing protocol specifically for LLNs is the IPv6
Routing Protocol for Low-Power and Lossy Networks (RPL) (Section 12
of [RFC6550]), and an example of a forwarding protocol for LLNs is
the Multicast Protocol for Low-Power and Lossy Networks (MPL)
[MCAST-MPL]. RPL and MPL do not depend on each other; each can be
used in isolation, and both can be used in combination in a network.
Finally, PIM-SM [RFC4601] is often used for multicast routing in
traditional IP networks (i.e., networks that are not constrained).
IP multicast can also be run in an LL scope. This means that there
is no routing involved, and an IP multicast message is only received
over the link on which it was sent.
For a complete IP multicast solution, in addition to a routing/
forwarding protocol, a "listener" protocol may be needed for the
devices to subscribe to groups (see Section 4.2). Also, a multicast
forwarding proxy node [RFC4605] may be required.
IP multicast is generally classified as an unreliable service in that
packets are not guaranteed to be delivered to each and every member
of the group. In other words, it cannot be directly used as a basis
for "reliable group communication" as defined in Section 1.3.
However, the level of reliability can be increased by employing a
multicast protocol that performs periodic retransmissions as is done,
for example, in MPL.
2.2. Group Definition and Naming
A CoAP group is defined as a set of CoAP endpoints, where each
endpoint is configured to receive CoAP group communication requests
that are sent to the group's associated IP multicast address. The
individual response by each endpoint receiver to a CoAP group
communication request is always sent back as unicast. An endpoint
may be a member of multiple groups. Group membership of an endpoint
may dynamically change over time.
All CoAP server nodes SHOULD join the "All CoAP Nodes" multicast
group (Section 12.8 of [RFC7252]) by default to enable CoAP
discovery. For IPv4, the address is 224.0.1.187, and for IPv6, a
server node joins at least both the link-local scoped address
ff02::fd and the site-local scoped address ff05::fd. IPv6 addresses
of other scopes MAY be enabled.
A CoAP group URI has the scheme 'coap' and includes in the authority
part either a group IP multicast address or a hostname (e.g., Group
Fully Qualified Domain Name (FQDN)) that can be resolved to the group
Rahman & Dijk Experimental [Page 6]
^L
RFC 7390 Group Communication for CoAP October 2014
IP multicast address. A group URI also contains an optional CoAP
port number in the authority part. Group URIs follow the regular
CoAP URI syntax (Section 6 of [RFC7252]).
Note: A group URI is needed to initiate CoAP group communications.
For CoAP client implementations, it is recommended to use the URI
decomposition method of Section 6.4 of [RFC7252] in such a way that,
from a group URI, a CoAP group communication request is generated.
For sending nodes, it is recommended to use the IP multicast address
literal in a group URI. (This is because DNS infrastructure may not
be deployed in many constrained network deployments.) However, in
case a group hostname is used, it can be uniquely mapped to an IP
multicast address via DNS resolution (if supported). Some examples
of hierarchical group FQDN naming (and scoping) for a building
control application are shown below:
URI authority Targeted group of nodes
--------------------------------------- --------------------------
all.bldg6.example.com "all nodes in building 6"
all.west.bldg6.example.com "all nodes in west wing,
building 6"
all.floor1.west.bldg6.example.com "all nodes in floor 1,
west wing, building 6"
all.bu036.floor1.west.bldg6.example.com "all nodes in office bu036,
floor 1, west wing,
building 6"
Similarly, if supported, reverse mapping (from IP multicast address
to Group FQDN) is possible using the reverse DNS resolution technique
([RFC1033]). Reverse mapping is important, for example, in
troubleshooting to translate IP multicast addresses back to human-
readable hostnames to show in a diagnostics user interface.
2.3. Port and URI Configuration
A CoAP server that is a member of a group listens for CoAP messages
on the group's IP multicast address, usually on the CoAP default UDP
port, 5683. If the group uses a specified non-default UDP port, be
careful to ensure that all group members are configured to use that
same port.
Different ports for the same IP multicast address are preferably not
used to specify different CoAP groups. If disjoint groups share the
same IP multicast address, then all the devices interested in one
group will accept IP traffic also for the other disjoint groups, only
to ultimately discard the traffic higher in their IP stack (based on
UDP port discrimination).
Rahman & Dijk Experimental [Page 7]
^L
RFC 7390 Group Communication for CoAP October 2014
CoAP group communication will not work if there is diversity in the
authority port (e.g., different dynamic port addresses across the
group) or if other parts of the group URI such as the path, or the
query, differ on different endpoints. Therefore, some measures must
be present to ensure uniformity in port number and resource names/
locations within a group. All CoAP group communication requests MUST
be sent using a port number according to one of the below options:
1. A preconfigured port number.
2. If the client is configured to use service discovery including
URI and port discovery, it uses the port number obtained via a
service discovery lookup operation for the targeted CoAP group.
3. Use the default CoAP UDP port (5683).
For a CoAP server node that supports resource discovery, the default
port 5683 must be supported (Section 7.1 of [RFC7252]) for the "All
CoAP Nodes" group. Regardless of the method of selecting the port
number, the same port MUST be used across all CoAP servers in a group
and across all CoAP clients performing the group requests.
All CoAP group communication requests SHOULD operate on group URI
paths in one of the following ways:
1. Preconfigured group URI paths, if available. Implementers are
free to define the paths as they see fit. However, note that
[RFC7320] prescribes that a specification must not constrain or
define the structure or semantics for any path component. So for
this reason, a predefined URI path is not specified in this
document and also must not be provided in other specifications.
2. If the client is configured to use default Constrained RESTful
Environments (CoRE) resource discovery, it uses URI paths
retrieved from a "/.well-known/core" lookup on a group member.
The URI paths the client will use MUST be known to be available
also in all other endpoints in the group. The URI path
configuration mechanism on servers MUST ensure that these URIs
(identified as being supported by the group) are configured on
all group endpoints.
3. If the client is configured to use another form of service
discovery, it uses group URI paths from an equivalent service
discovery lookup that returns the resources supported by all
group members.
Rahman & Dijk Experimental [Page 8]
^L
RFC 7390 Group Communication for CoAP October 2014
4. If the client has received a group URI through a previous RESTful
interaction with a trusted server, it can use this URI in a CoAP
group communication request. For example, a commissioning tool
may instruct a sensor device in this way to which target group
(group URI) it should report sensor events.
However, when the URI path is selected, the same path MUST be used
across all CoAP servers in a group and all CoAP clients performing
the group requests.
2.4. RESTful Methods
Group communication most often uses the idempotent CoAP methods GET
and PUT. The idempotent method DELETE can also be used. The non-
idempotent CoAP method POST may only be used for group communication
if the resource being POSTed to has been designed to cope with the
unreliable and lossy nature of IP multicast. For example, a client
may resend a multicast POST request for additional reliability. Some
servers will receive the request two times while others may receive
it only once. For idempotent methods, all these servers will be in
the same state while for POST, this is not guaranteed; so, the
resource POST operation must be specifically designed to take message
loss into account.
2.5. Request and Response Model
All CoAP requests that are sent via IP multicast must be Non-
confirmable (Section 8.1 of [RFC7252]). The Message ID in an IP
multicast CoAP message is used for optional message deduplication as
detailed in Section 4.5 of [RFC7252].
A server optionally sends back a unicast response to the CoAP group
communication request (e.g., response "2.05 Content" to a group GET
request). The unicast responses received by the CoAP client may be a
mixture of success (e.g., 2.05 Content) and failure (e.g., 4.04 Not
Found) codes depending on the individual server processing results.
Detailed processing rules for IP multicast request acceptance and
unicast response suppression are given in Section 2.7.
A CoAP request sent over IP multicast and any unicast response it
causes must take into account the congestion control rules defined in
Section 2.8.
The CoAP client can distinguish the origin of multiple server
responses by the source IP address of the UDP message containing the
CoAP response or any other available unique identifier (e.g.,
Rahman & Dijk Experimental [Page 9]
^L
RFC 7390 Group Communication for CoAP October 2014
contained in the CoAP payload). In case a CoAP client sent multiple
group requests, the responses are as usual matched to a request using
the CoAP Token.
For multicast CoAP requests, there are additional constraints on the
reuse of Token values, compared to the unicast case. In the unicast
case, receiving a response effectively frees up its Token value for
reuse since no more responses will follow. However, for multicast
CoAP, the number of responses is not bounded a priori. Therefore,
the reception of a response cannot be used as a trigger to "free up"
a Token value for reuse. Reusing a Token value too early could lead
to incorrect response/request matching in the client and would be a
protocol error. Therefore, the time between reuse of Token values
used in multicast requests MUST be greater than:
NON_LIFETIME + MAX_LATENCY + MAX_SERVER_RESPONSE_DELAY
where NON_LIFETIME and MAX_LATENCY are defined in Section 4.8 of
[RFC7252]. MAX_SERVER_RESPONSE_DELAY is defined here as the expected
maximum response delay over all servers that the client can send a
multicast request to. This delay includes the maximum Leisure time
period as defined in Section 8.2 of [RFC7252]. CoAP does not define
a time limit for the server response delay. Using the default CoAP
parameters, the Token reuse time MUST be greater than 250 seconds
plus MAX_SERVER_RESPONSE_DELAY. A preferred solution to meet this
requirement is to generate a new unique Token for every multicast
request, such that a Token value is never reused. If a client has to
reuse Token values for some reason, and also
MAX_SERVER_RESPONSE_DELAY is unknown, then using
MAX_SERVER_RESPONSE_DELAY = 250 seconds is a reasonable guideline.
The time between Token reuses is in that case set to a value greater
than 500 seconds.
2.6. Membership Configuration
2.6.1. Background
2.6.1.1. Member Discovery
CoAP groups, and the membership of these groups, can be discovered
via the lookup interfaces in the Resource Directory (RD) defined in
[CoRE-RD]. This discovery interface is not required to invoke CoAP
group communications. However, it is a potential complementary
interface useful for overall management of CoAP groups. Other
methods to discover groups (e.g., proprietary management systems) can
also be used. An example of doing some of the RD-based lookups is
given in Section 3.6.
Rahman & Dijk Experimental [Page 10]
^L
RFC 7390 Group Communication for CoAP October 2014
2.6.1.2. Configuring Members
The group membership of a CoAP endpoint may be configured in one of
the following ways. First, the group membership may be preconfigured
before node deployment. Second, a node may be programmed to discover
(query) its group membership using a specific service discovery
means. Third, it may be configured by another node (e.g., a
commissioning device).
In the first case, the preconfigured group information may be either
an IP multicast address or a hostname (FQDN) that is resolved later
(during operation) to an IP multicast address by the endpoint using
DNS (if supported).
For the second case, a CoAP endpoint may look up its group membership
using techniques such as DNS-based Service Discovery (DNS-SD) and RD
[CoRE-RD].
In the third case, typical in scenarios such as building control, a
dynamic commissioning tool determines to which group(s) a sensor or
actuator node belongs, and writes this information to the node, which
can subsequently join the correct IP multicast group(s) on its
network interface. The information written per group may again be an
IP multicast address or a hostname.
2.6.2. Membership Configuration RESTful Interface
To achieve better interoperability between endpoints from different
manufacturers, an OPTIONAL CoAP membership configuration RESTful
interface for configuring endpoints with relevant group information
is described here. This interface provides a solution for the third
case mentioned above. To access this interface, a client will use
unicast CoAP methods (GET/PUT/POST/DELETE). This interface is a
method of configuring group information in individual endpoints.
Also, a form of authorization (preferably making use of unicast DTLS-
secured CoAP per Section 9.1 of [RFC7252]) should be used such that
only authorized controllers are allowed by an endpoint to configure
its group membership.
It is important to note that other approaches may be used to
configure CoAP endpoints with relevant group information. These
alternative approaches may support a subset or superset of the
membership configuration RESTful interface described in this
document. For example, a simple interface to just read the endpoint
group information may be implemented via a classical Management
Information Base (MIB) approach (e.g., following the approach of
[RFC3433]).
Rahman & Dijk Experimental [Page 11]
^L
RFC 7390 Group Communication for CoAP October 2014
2.6.2.1. CoAP-Group Resource Type and Media Type
CoAP endpoints implementing the membership configuration RESTful
interface MUST support the CoAP group configuration Internet Media
Type "application/coap-group+json" (Section 6.2).
A resource offering this representation can be annotated for direct
discovery [RFC6690] using the Resource Type (rt=) Link Target
Attribute "core.gp", where "gp" is shorthand for "group"
(Section 6.1). An authorized client uses this media type to query/
manage group membership of a CoAP endpoint as defined in the
following subsections.
The Group Configuration resource and its sub-resources have a content
format based on JavaScript Object Notation (JSON) (as indicated by
the "application/coap-group+json" media type). The resource includes
zero or more group membership JSON objects [RFC7159] in a format as
defined in Section 2.6.2.4. A group membership JSON object contains
one or more key/value pairs as defined below, and represents a single
IP multicast group membership for the CoAP endpoint. Each key/value
pair is encoded as a member of the JSON object, where the key is the
member name and the value is the member's value.
Examples of four different group membership objects are as follows:
{ "n": "All-Devices.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:abcd]:4567" }
{ "n": "sensors.floor2.east.bldg6.example.com" }
{ "n": "coap-test",
"a": "224.0.1.187:56789" }
{ "a": "[ff15::c0a7:15:c001]" }
The OPTIONAL "n" key/value pair stands for "name" and identifies the
group with a hostname (and optionally the port number), for example,
an FQDN. The OPTIONAL "a" key/value pair specifies the IP multicast
address (and optionally the port number) of the group. It contains
an IPv4 address (in dotted-decimal notation) or an IPv6 address. The
following ABNF rule can be used for parsing the address, referring to
the definitions in Section 3.2.2 of [RFC3986] that are also used in
the base CoAP (Section 6 of [RFC7252].
group-address = IPv4address [ ":" port ]
/ "[" IPv6address "]" [":" port ]
Rahman & Dijk Experimental [Page 12]
^L
RFC 7390 Group Communication for CoAP October 2014
In any group membership object, if the IP address is known when the
object is created, it is included in the "a" key/value pair. If the
"a" value cannot be provided, the "n" value MUST be included,
containing a valid hostname with an optional port number that can be
translated to an IP multicast address via DNS.
group-name = host [ ":" port ]
If the port number is not provided, then the endpoint will attempt to
look up the port number from DNS if it supports a method to do this.
The possible DNS methods include DNS SRV [RFC2782] or DNS-SD
[RFC6763]. If port lookup is not supported or not provided by DNS,
the default CoAP port (5683) is assumed.
After any change on a Group Configuration resource, the endpoint MUST
effect registration/deregistration from the corresponding IP
multicast group(s) by making use of APIs such as IPV6_RECVPKTINFO
[RFC3542].
2.6.2.2. Creating a New Multicast Group Membership (POST)
Method: POST
URI Template: /{+gp}
Location-URI Template: /{+gp}/{index}
URI Template Variables:
gp - Group Configuration Function Set path (mandatory).
index - Group index. Index MUST be a string of maximum two (2)
alphanumeric ASCII characters (case insensitive). It MUST be
locally unique to the endpoint server. It indexes the particular
endpoint's list of group memberships.
Example:
Req: POST /coap-group
Content-Format: application/coap-group+json
{ "n": "All-Devices.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:abcd]:4567" }
Res: 2.01 Created
Location-Path: /coap-group/12
For the 'gp' variable, it is recommended to use the path "coap-group"
by default. The "a" key/value pair is always used if it is given.
The "n" pair is only used when there is no "a" pair. If only the "n"
pair is given, the CoAP endpoint performs DNS resolution to obtain
the IP multicast address from the hostname in the "n" pair. If DNS
resolution is not successful, then the endpoint does not attempt
joining or listening to any multicast group for this case since the
IP multicast address is unknown.
Rahman & Dijk Experimental [Page 13]
^L
RFC 7390 Group Communication for CoAP October 2014
After any change on a Group Configuration resource, the endpoint MUST
effect registration/deregistration from the corresponding IP
multicast group(s) by making use of APIs such as IPV6_RECVPKTINFO
[RFC3542]. When a POST payload contains an "a", an IP multicast
address to which the endpoint is already subscribed, no change to
that subscription is needed.
2.6.2.3. Deleting a Single Group Membership (DELETE)
Method: DELETE
URI Template: {+location}
URI Template Variables:
location - The Location-Path returned by the CoAP server
as a result of a successful group creation.
Example:
Req: DELETE /coap-group/12
Res: 2.02 Deleted
2.6.2.4. Reading All Group Memberships at Once (GET)
A (unicast) GET on the CoAP-group resource returns a JSON object
containing multiple keys and values. The keys (member names) are
group indices, and the values (member values) are the corresponding
group membership objects. Each group membership object describes one
IP multicast group membership. If no group memberships are
configured, then an empty JSON object is returned.
Method: GET
URI Template: /{+gp}
URI Template Variables:
gp - see Section 2.6.2.2
Example:
Req: GET /coap-group
Res: 2.05 Content
Content-Format: application/coap-group+json
{ "8" :{ "a": "[ff15::4200:f7fe:ed37:14ca]" },
"11":{ "n": "sensors.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:25cb]" },
"12":{ "n": "All-Devices.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:abcd]:4567" }
}
Rahman & Dijk Experimental [Page 14]
^L
RFC 7390 Group Communication for CoAP October 2014
Note: the returned IPv6 address string will represent the same IPv6
address that was originally submitted in group membership creation,
though it might be a different string because of different choices in
IPv6 string representation formatting that may be allowed for the
same address (see [RFC5952]).
2.6.2.5. Reading a Single Group Membership (GET)
Similar to Section 2.6.2.4, but only a single group membership is
read. If the requested group index does not exist, then a 4.04 Not
Found response is returned.
Method: GET
URI Template 1: {+location}
URI Template 2: /{+gp}/{index}
URI Template Variables:
location - see Section 2.6.2.3
gp, index - see Section 2.6.2.2
Example:
Req: GET /coap-group/12
Res: 2.05 Content
Content-Format: application/coap-group+json
{"n": "All-Devices.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:abcd]:4567"}
2.6.2.6. Creating/Updating All Group Memberships at Once (PUT)
A (unicast) PUT with a group configuration media type as payload will
replace all current group memberships in the endpoint with the new
ones defined in the PUT request. This operation MUST only be used to
delete or update group membership objects for which the CoAP client,
invoking this operation, is responsible. The responsibility is based
on application-level knowledge. For example, a commissioning tool
will be responsible for any group membership objects that it created.
Method: PUT
URI Template: /{+gp}
URI Template Variables:
gp - see Section 2.6.2.2
Rahman & Dijk Experimental [Page 15]
^L
RFC 7390 Group Communication for CoAP October 2014
Example: (replacing all existing group memberships with two new
group memberships)
Req: PUT /coap-group
Content-Format: application/coap-group+json
{ "1":{ "a": "[ff15::4200:f7fe:ed37:1234]" },
"2":{ "a": "[ff15::4200:f7fe:ed37:5678]" }
}
Res: 2.04 Changed
Example: (clearing all group memberships at once)
Req: PUT /coap-group
Content-Format: application/coap-group+json
{}
Res: 2.04 Changed
After a successful PUT on the Group Configuration resource, the
endpoint MUST effect registration to any new IP multicast group(s)
and deregistration from any previous IP multicast group(s), i.e., not
any more present in the new memberships. An API such as
IPV6_RECVPKTINFO [RFC3542] should be used for this purpose. Also, it
MUST take into account the group indices present in the new resource
during the generation of any new unique group indices in the future.
2.6.2.7. Updating a Single Group Membership (PUT)
A (unicast) PUT with a group membership JSON object will replace an
existing group membership in the endpoint with the new one defined in
the PUT request. This can be used to update the group membership.
Method: PUT
URI Template 1: {+location}
URI Template 2: /{+gp}/{index}
URI Template Variables:
location - see Section 2.6.2.3
gp, index - see Section 2.6.2.2
Example: (group name and IP multicast port change)
Req: PUT /coap-group/12
Content-Format: application/coap-group+json
{"n": "All-My-Devices.floor1.west.bldg6.example.com",
"a": "[ff15::4200:f7fe:ed37:abcd]"}
Res: 2.04 Changed
Rahman & Dijk Experimental [Page 16]
^L
RFC 7390 Group Communication for CoAP October 2014
After a successful PUT on the Group Configuration resource, the
endpoint MUST effect registration to any new IP multicast group(s)
and deregistration from any previous IP multicast group(s), i.e., not
any more present in the new membership. An API such as
IPV6_RECVPKTINFO [RFC3542] should be used for this purpose.
2.7. Request Acceptance and Response Suppression Rules
CoRE Link Format [RFC6690] and Section 8 of CoAP [RFC7252] define
behaviors for the following:
1. IP multicast request acceptance -- in which cases a CoAP request
is accepted and executed, and when it is not.
2. IP multicast response suppression -- in which cases the CoAP
response to an already executed request is returned to the
requesting endpoint, and when it is not.
A CoAP response differs from a CoAP ACK; ACKs are never sent by
servers in response to an IP multicast CoAP request. This section
first summarizes these behaviors and then presents additional
guidelines for response suppression. Also, a number of IP multicast
example applications are given to illustrate the overall approach.
To apply any rules for request and/or response suppression, a CoAP
server must be aware that an incoming request arrived via IP
multicast by making use of APIs such as IPV6_RECVPKTINFO [RFC3542].
For IP multicast request acceptance, the behaviors are as follows:
o A server should not accept an IP multicast request that cannot be
"authenticated" in some way (i.e, cryptographically or by some
multicast boundary limiting the potential sources); see
Section 11.3 of [RFC7252]. See Section 5.3 for examples of
multicast boundary limiting methods.
o A server should not accept an IP multicast discovery request with
a query string (as defined in CoRE Link Format [RFC6690]) if
filtering [RFC6690] is not supported by the server.
o A server should not accept an IP multicast request that acts on a
specific resource for which IP multicast support is not required.
(Note that for the resource "/.well-known/core", IP multicast
support is required if "multicast resource discovery" is supported
as specified in Section 1.2.1 of [RFC6690].) Implementers are
advised to disable IP multicast support by default on any other
resource, until explicitly enabled by an application or by
configuration.
Rahman & Dijk Experimental [Page 17]
^L
RFC 7390 Group Communication for CoAP October 2014
o Otherwise, accept the IP multicast request.
For IP multicast response suppression, the behaviors are as follows:
o A server should not respond to an IP multicast discovery request
if the filter specified by the request's query string does not
match.
o A server may choose not to respond to an IP multicast request if
there's nothing useful to respond back (e.g., error or empty
response).
The above response suppression behaviors are complemented by the
following guidelines. CoAP servers should implement configurable
response suppression, enabling at least the following options per
resource that supports IP multicast requests:
o Suppression of all 2.xx success responses;
o Suppression of all 4.xx client errors;
o Suppression of all 5.xx server errors; and
o Suppression of all 2.05 responses with empty payload.
A number of CoAP group communication example applications are given
below to illustrate how to make use of response suppression:
o CoAP resource discovery: Suppress 2.05 responses with empty
payload and all 4.xx and 5.xx errors.
o Lighting control: Suppress all 2.xx responses after a lighting
change command.
o Update configuration data in a group of devices using group
communication PUT: No suppression at all. The client uses
collected responses to identify which group members did not
receive the new configuration and then attempts using CoAP CON
unicast to update those specific group members. Note that in this
case, the client implements a "reliable group communication" (as
defined in Section 1.3) function using additional, non-
standardized functions above the CoAP layer.
o IP multicast firmware update by sending blocks of data: Suppress
all 2.xx and 5.xx responses. After having sent all IP multicast
blocks, the client checks each endpoint by unicast to identify
which data blocks are still missing in each endpoint.
Rahman & Dijk Experimental [Page 18]
^L
RFC 7390 Group Communication for CoAP October 2014
o Conditional reporting for a group (e.g., sensors) based on a group
URI query: Suppress all 2.05 responses with empty payload (i.e.,
if a query produces no matching results).
2.8. Congestion Control
CoAP group communication requests may result in a multitude of
responses from different nodes, potentially causing congestion.
Therefore, both the sending of IP multicast requests and the sending
of the unicast CoAP responses to these multicast requests should be
conservatively controlled.
CoAP [RFC7252] reduces IP multicast-specific congestion risks through
the following measures:
o A server may choose not to respond to an IP multicast request if
there's nothing useful to respond to (e.g., error or empty
response); see Section 8.2 of [RFC7252]. See Section 2.7 for more
detailed guidelines on response suppression.
o A server should limit the support for IP multicast requests to
specific resources where multicast operation is required
(Section 11.3 of [RFC7252]).
o An IP multicast request must be Non-confirmable (Section 8.1 of
[RFC7252]).
o A response to an IP multicast request should be Non-confirmable
(Section 5.2.3 of [RFC7252]).
o A server does not respond immediately to an IP multicast request
and should first wait for a time that is randomly picked within a
predetermined time interval called the Leisure (Section 8.2 of
[RFC7252]).
Additional guidelines to reduce congestion risks defined in this
document are as follows:
o A server in an LLN should only support group communication GET for
resources that are small. For example, the payload of the
response is limited to approximately 5% of the IP Maximum Transmit
Unit (MTU) size, so it fits into a single link-layer frame in case
IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN) (see
Section 4 of [RFC4944]) is used.
Rahman & Dijk Experimental [Page 19]
^L
RFC 7390 Group Communication for CoAP October 2014
o A server can minimize the payload length in response to a group
communication GET on "/.well-known/core" by using hierarchy in
arranging link descriptions for the response. An example of this
is given in Section 5 of [RFC6690].
o A server can also minimize the payload length of a response to a
group communication GET (e.g., on "/.well-known/core") using CoAP
blockwise transfers [BLOCKWISE-CoAP], returning only a first block
of the CoRE Link Format description. For this reason, a CoAP
client sending an IP multicast CoAP request to "/.well-known/core"
should support core-block.
o A client should use CoAP group communication with the smallest
possible IP multicast scope that fulfills the application needs.
As an example, site-local scope is always preferred over global
scope IP multicast if this fulfills the application needs.
Similarly, realm-local scope is always preferred over site-local
scope if this fulfills the application needs.
More guidelines specific to the use of CoAP in 6LoWPAN networks
[RFC4919] are given in Section 4.5 of this document.
2.9. Proxy Operation
CoAP (Section 5.7.2 of [RFC7252]) allows a client to request a
forward-proxy to process its CoAP request. For this purpose, the
client specifies either the request group URI as a string in the
Proxy-URI option or the Proxy-Scheme option with the group URI
constructed from the usual Uri-* options. This approach works well
for unicast requests. However, there are certain issues and
limitations of processing the (unicast) responses to a CoAP group
communication request made in this manner through a proxy.
A proxy may buffer all the individual (unicast) responses to a CoAP
group communication request and then send back only a single
(aggregated) response to the client. However, there are some issues
with this aggregation approach:
o Aggregation of (unicast) responses to a CoAP group communication
request in a proxy is difficult. This is because the proxy does
not know how many members there are in the group or how many group
members will actually respond. Also, the proxy does not know how
long to wait before deciding to send back the aggregated response
to the client.
o There is no default format defined in CoAP for aggregation of
multiple responses into a single response.
Rahman & Dijk Experimental [Page 20]
^L
RFC 7390 Group Communication for CoAP October 2014
Alternatively, if a proxy follows directly the specification for a
CoAP Proxy (Section 5.7.2 of [RFC7252]), the proxy would simply
forward all the individual (unicast) responses to a CoAP group
communication request to the client (i.e., no aggregation). There
are also issues with this approach:
o The client may be confused as it may not have known that the
Proxy-URI contained a group URI target. That is, the client may
be expecting only one (unicast) response but instead receives
multiple (unicast) responses, potentially leading to fault
conditions in the application.
o Each individual CoAP response will appear to originate (IP source
address) from the CoAP Proxy, and not from the server that
produced the response. This makes it impossible for the client to
identify the server that produced each response.
Due to the above issues, a CoAP Proxy SHOULD NOT support processing
an IP multicast CoAP request but rather return a 501 (Not
Implemented) response in such case. The exception case here (i.e.,
to process it) is allowed if all the following conditions are met:
o The CoAP Proxy MUST be explicitly configured (whitelist) to allow
proxied IP multicast requests by a specific client(s).
o The proxy SHOULD return individual (unicast) CoAP responses to the
client (i.e., not aggregated). The exception case here occurs
when a (future) standardized aggregation format is being used.
o It MUST be known to the person/entity doing the configuration of
the proxy, or otherwise verified in some way, that the client
configured in the whitelist supports receiving multiple responses
to a proxied unicast CoAP request.
2.10. Exceptions
CoAP group communication using IP multicast offers improved network
efficiency and latency among other benefits. However, group
communication may not always be implementable in a given network.
The primary reason for this will be that IP multicast is not (fully)
supported in the network.
For example, if only RPL [RFC6550] is used in a network with its
optional multicast support disabled, there will be no IP multicast
routing at all. The only multicast that works in this case is link-
local IPv6 multicast. This implies that any CoAP group communication
request will be delivered to nodes on the local link only, regardless
of the scope value used in the IPv6 destination address.
Rahman & Dijk Experimental [Page 21]
^L
RFC 7390 Group Communication for CoAP October 2014
CoAP Observe [OBSERVE-CoAP] is a feature for a client to "observe"
resources (i.e., to retrieve a representation of a resource and keep
this representation updated by the server over a period of time).
CoAP Observe does not support a group communication mode. CoAP
Observe only supports a unicast mode of operation.
3. Use Cases and Corresponding Protocol Flows
3.1. Introduction
The use of CoAP group communication is shown in the context of the
following two use cases and corresponding protocol flows:
o Discovery of RD [CoRE-RD]: discovering the local CoAP RD, which
contains links to resources stored on other CoAP servers
[RFC6690].
o Lighting Control: synchronous operation of a group of
IPv6-connected lights (e.g., 6LoWPAN [RFC4944] lights).
3.2. Network Configuration
To illustrate the use cases, we define two IPv6 network
configurations. Both are based on the topology as shown in Figure 1.
The two configurations using this topology are as follows:
1. Subnets are 6LoWPAN networks; the routers Rtr-1 and Rtr-2 are
6LoWPAN Border Routers (6LBRs) [RFC6775].
2. Subnets are Ethernet links; the routers Rtr-1 and Rtr-2 are
multicast-capable Ethernet routers.
Both configurations are further specified by the following:
o A large room (Room-A) with three lights (Light-1, Light-2, Light-
3) controlled by a light switch (Light Switch). The devices are
organized into two subnets. In reality, there could be more
lights (up to several hundreds) but, for clarity, only three are
shown.
o Light-1 and the light switch are connected to a router (Rtr-1).
o Light-2 and Light-3 are connected to another router (Rtr-2).
Rahman & Dijk Experimental [Page 22]
^L
RFC 7390 Group Communication for CoAP October 2014
o The routers are connected to an IPv6 network backbone (Network
Backbone) that is also multicast enabled. In the general case,
this means the network backbone and Rtr-1/Rtr-2 support a PIM-
based multicast routing protocol and Multicast Listener Discovery
(MLD) for forming groups.
o A CoAP RD is connected to the network backbone.
o The DNS server (DNS Server) is optional. If the server is there
(connected to the network backbone), then certain DNS-based
features are available (e.g., DNS resolution of the hostname to
the IP multicast address). If the DNS server is not there, then
different provisioning of the network is required (e.g., IP
multicast addresses are hard-coded into devices, or manually
configured, or obtained via a service discovery method).
o A controller (CoAP client) is connected to the backbone, which is
able to control various building functions including lighting.
Rahman & Dijk Experimental [Page 23]
^L
RFC 7390 Group Communication for CoAP October 2014
################################################
# ********************** Room-A #
# ** Subnet-1 ** # Network
# * ** # Backbone
# * +----------+ * # |
# * | Light |-------+ * # |
# * | Switch | | * # |
# * +----------+ +---------+ * # |
# * | Rtr-1 |-----------------------------+
# * +---------+ * # |
# * +----------+ | * # |
# * | Light-1 |--------+ * # |
# * +----------+ * # |
# ** ** # |
# ************************** # |
# # |
# ********************** # +------------+ |
# ** Subnet-2 ** # | DNS Server | |
# * ** # | (Optional) |--+
# * +----------+ * # +------------+ |
# * | Light-2 |-------+ * # |
# * | | | * # |
# * +----------+ +---------+ * # |
# * | Rtr-2 |-----------------------------+
# * +---------+ * # |
# * +----------+ | * # |
# * | Light-3 |--------+ * # |
# * +----------+ * # +------------+ |
# ** ** # | Controller |--+
# ************************** # | Client | |
################################################ +------------+ |
+------------+ |
| CoAP | |
| Resource |-----------------+
| Directory |
+------------+
Figure 1: Network Topology of a Large Room (Room-A)
Rahman & Dijk Experimental [Page 24]
^L
RFC 7390 Group Communication for CoAP October 2014
3.3. Discovery of Resource Directory
The protocol flow for discovery of the CoAP RD for the given network
(of Figure 1) is shown in Figure 2:
o Light-2 is installed and powered on for the first time.
o Light-2 will then search for the local CoAP RD by sending out a
group communication GET request (with the "/.well-known/
core?rt=core.rd" request URI) to the site-local "All CoAP Nodes"
multicast address (ff05:::fd).
o This multicast message will then go to each node in Subnet-2.
Rtr-2 will then forward it into the network backbone where it will
be received by the CoAP RD. All other nodes in Subnet-2 will
ignore the group communication GET request because it is qualified
by the query string "?rt=core.rd" (which indicates it should only
be processed by the endpoint if it contains a resource of type
"core.rd").
o The CoAP RD will then send back a unicast response containing the
requested content, which is a CoRE Link Format representation of a
resource of type "core.rd".
o Note that the flow is shown only for Light-2 for clarity. Similar
flows will happen for Light-1, Light-3, and light switch when they
are first installed.
The CoAP RD may also be discovered by other means such as by assuming
a default location (e.g., on a 6LBR), using DHCP, anycast address,
etc. However, these approaches do not invoke CoAP group
communication so are not further discussed here. (See [CoRE-RD] for
more details.)
For other discovery use cases such as discovering local CoAP servers,
services, or resources, CoAP group communication can be used in a
similar fashion as in the above use case. For example, link-local,
realm-local, admin-local, or site-local scoped discovery can be done
this way.
Rahman & Dijk Experimental [Page 25]
^L
RFC 7390 Group Communication for CoAP October 2014
Light CoAP
Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 RD
| | | | | | |
| | | | | | |
********************************** | | |
* Light-2 is installed * | | |
* and powers on for first time * | | |
********************************** | | |
| | | | | | |
| | | | | | |
| | COAP NON Mcast(GET | |
| | /.well-known/core?rt=core.rd) | |
| |--------->-------------------------------->| |
| | | | | |--------->|
| | | | | | |
| | | | | | |
| | COAP NON (2.05 Content | |
| | </rd>;rt="core.rd";ins="Primary") |<---------|
| |<------------------------------------------| |
| | | | | | |
Figure 2: Resource Directory Discovery via Multicast Request
3.4. Lighting Control
The protocol flow for a building automation lighting control scenario
for the network (Figure 1) is shown in Figure 3. The network is
assumed to be in a 6LoWPAN configuration. Also, it is assumed that
the CoAP servers in each light are configured to suppress CoAP
responses for any IP multicast CoAP requests related to lighting
control. (See Section 2.7 for more details on response suppression
by a server.)
In addition, Figure 4 shows a protocol flow example for the case that
servers do respond to a lighting control IP multicast request with
(unicast) CoAP NON responses. There are two success responses and
one 5.00 error response. In this particular case, the light switch
does not check that all lights in the group received the IP multicast
request by examining the responses. This is because the light switch
is not configured with an exhaustive list of the IP addresses of all
lights belonging to the group. However, based on received error
responses, it could take additional action such as logging a fault or
alerting the user via its LCD display. In case a CoAP message is
delivered multiple times to a light, the subsequent CoAP messages can
be filtered out as duplicates, based on the CoAP Message ID.
Rahman & Dijk Experimental [Page 26]
^L
RFC 7390 Group Communication for CoAP October 2014
Reliability of IP multicast is not guaranteed. Therefore, one or
more lights in the group may not have received the CoAP control
request due to packet loss. In this use case, there is no detection
nor correction of such situations: the application layer expects that
the IP multicast forwarding/routing will be of sufficient quality to
provide on average a very high probability of packet delivery to all
CoAP endpoints in an IP multicast group. An example protocol to
accomplish this using randomized retransmission is the MPL forwarding
protocol for LLNs [MCAST-MPL].
We assume the following steps have already occurred before the
illustrated flows:
1) Startup phase: 6LoWPANs are formed. IPv6 addresses are assigned
to all devices. The CoAP network is formed.
2) Network configuration (application independent): 6LBRs are
configured with IP multicast addresses, or address blocks, to
filter out or to pass through to/from the 6LoWPAN.
3a) Commissioning phase (application related): The IP multicast
address of the group (Room-A-Lights) has been configured in all
the lights and in the light switch.
3b) As an alternative to the previous step, when a DNS server is
available, the light switch and/or the lights have been
configured with a group hostname that each node resolves to the
above IP multicast address of the group.
Note for the Commissioning phase: the switch's 6LoWPAN/CoAP software
stack supports sending unicast, multicast, or proxied unicast CoAP
requests, including processing of the multiple responses that may be
generated by an IP multicast CoAP request.
Rahman & Dijk Experimental [Page 27]
^L
RFC 7390 Group Communication for CoAP October 2014
Light Network
Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone
| | | | | | |
| | | | | | |
| | *********************** | |
| | * User flips on * | |
| | * light switch to * | |
| | * turn on all the * | |
| | * lights in Room-A * | |
| | *********************** | |
| | | | | | |
| | | | | | |
| | | COAP NON Mcast(PUT, | |
| | | Payload=lights ON) | |
|<-------------------------------+--------->| | |
ON | | | |-------------------->|
| | | | | |<---------|
| |<---------|<-------------------------------| |
| ON ON | | | |
^ ^ ^ | | | |
*********************** | | | |
* Lights in Room-A * | | | |
* turn on (nearly * | | | |
* simultaneously) * | | | |
*********************** | | | |
| | | | | | |
Figure 3: Light Switch Sends Multicast Control Message
Rahman & Dijk Experimental [Page 28]
^L
RFC 7390 Group Communication for CoAP October 2014
Light Network
Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone
| | | | | | |
| COAP NON (2.04 Changed) | | | |
|------------------------------->| | | |
| | | | | | |
| | | | | | |
| COAP NON (2.04 Changed) | | |
| |------------------------------------------>| |
| | | | | |--------->|
| | | | |<--------------------|
| | | |<---------| | |
| | | | | | |
| | COAP NON (5.00 Internal Server Error) |
| | |------------------------------->| |
| | | | | |--------->|
| | | | |<--------------------|
| | | |<---------| | |
| | | | | | |
Figure 4: Lights (Optionally) Respond to Multicast CoAP Request
Another, but similar, lighting control use case is shown in Figure 5.
In this case, a controller connected to the network backbone sends a
CoAP group communication request to turn on all lights in Room-A.
Every light sends back a CoAP response to the controller after being
turned on.
Rahman & Dijk Experimental [Page 29]
^L
RFC 7390 Group Communication for CoAP October 2014
Network
Light-1 Light-2 Light-3 Rtr-1 Rtr-2 Backbone Controller
| | | | | | |
| | | | | COAP NON Mcast(PUT,
| | | | | Payload=lights ON)
| | | | | |<-------|
| | | |<----------<---------| |
|<--------------------------------| | | |
ON | | | | | |
| |<----------<---------------------| | |
| ON ON | | | |
^ ^ ^ | | | |
*********************** | | | |
* Lights in Room-A * | | | |
* turn on (nearly * | | | |
* simultaneously) * | | | |
*********************** | | | |
| | | | | | |
| | | | | | |
| COAP NON (2.04 Changed) | | | |
|-------------------------------->| | | |
| | | |-------------------->| |
| | COAP NON (2.04 Changed) | |------->|
| |-------------------------------->| | |
| | | | |--------->| |
| | | COAP NON (2.04 Changed) |------->|
| | |--------------------->| | |
| | | | |--------->| |
| | | | | |------->|
| | | | | | |
Figure 5: Controller on Backbone Sends Multicast Control Message
3.5. Lighting Control in MLD-Enabled Network
The use case in the previous section can also apply in networks where
nodes support the MLD protocol [RFC3810]. The lights then take on
the role of MLDv2 listener, and the routers (Rtr-1 and Rtr-2) are
MLDv2 routers. In the Ethernet-based network configuration, MLD may
be available on all involved network interfaces. Use of MLD in the
6LoWPAN-based configuration is also possible but requires MLD support
in all nodes in the 6LoWPAN. In current 6LoWPAN implementations, MLD
is, however, not supported.
The resulting protocol flow is shown in Figure 6. This flow is
executed after the commissioning phase, as soon as lights are
configured with a group address to listen to. The (unicast) MLD
Rahman & Dijk Experimental [Page 30]
^L
RFC 7390 Group Communication for CoAP October 2014
Reports may require periodic refresh activity as specified by the MLD
protocol. In the figure, 'LL' denotes link-local communication.
After the shown sequence of MLD Report messages has been executed,
both Rtr-1 and Rtr-2 are automatically configured to forward IP
multicast traffic destined to Room-A-Lights onto their connected
subnet. Hence, no manual network configuration of routers, as
previously indicated in Section 3.4, step 2, is needed anymore.
Light Network
Light-1 Light-2 Light-3 Switch Rtr-1 Rtr-2 Backbone
| | | | | | |
| | | | | | |
| | | | | | |
| MLD Report: Join | | | | |
| Group (Room-A-Lights) | | | |
|---LL------------------------------------->| | |
| | | | |MLD Report: Join |
| | | | |Group (Room-A-Lights)|
| | | | |---LL---->----LL---->|
| | | | | | |
| | MLD Report: Join | | | |
| | Group (Room-A-Lights) | | |
| |---LL------------------------------------->| |
| | | | | | |
| | | MLD Report: Join | | |
| | | Group (Room-A-Lights) | |
| | |---LL-------------------------->| |
| | | | | | |
| | | | |MLD Report: Join |
| | | | |Group (Room-A-Lights)|
| | | | |<--LL-----+---LL---->|
| | | | | | |
| | | | | | |
Figure 6: Joining Lighting Groups Using MLD
3.6. Commissioning the Network Based on Resource Directory
This section outlines how devices in the lighting use case (both
switches and lights) can be commissioned, making use of the RD
[CoRE-RD] and its group configuration feature.
Once the RD is discovered, the Switches and lights need to be
discovered and their groups need to be defined. For the
commissioning of these devices, a commissioning tool can be used that
Rahman & Dijk Experimental [Page 31]
^L
RFC 7390 Group Communication for CoAP October 2014
defines the entries in the RD. The commissioning tool has the
authority to change the contents of the RD and the light/switch
nodes. DTLS-based unicast security is used by the commissioning tool
to modify operational data in RD, switches, and lights.
In our particular use case, a group of three lights is defined with
one IP multicast address and hostname:
"Room-A-Lights.floor1.west.bldg6.example.com"
The commissioning tool has a list of the three lights and the
associated IP multicast address. For each light in the list, the
tool learns the IP address of the light and instructs the RD with
three (unicast) POST commands to store the endpoints associated with
the three lights as prescribed by the RD specification [CoRE-RD].
Finally, the commissioning tool defines the group in the RD to
contain these three endpoints. Also the commissioning tool writes
the IP multicast address in the light endpoints with, for example,
the (unicast) POST command discussed in Section 2.6.2.2.
The light switch can discover the group in RD and thus learn the IP
multicast address of the group. The light switch will use this
address to send CoAP group communication requests to the members of
the group. When the message arrives, the lights should recognize the
IP multicast address and accept the message.
4. Deployment Guidelines
This section provides guidelines on how IP multicast-based CoAP group
communication can be deployed in various network configurations.
4.1. Target Network Topologies
CoAP group communication can be deployed in various network
topologies. First, the target network may be a traditional IP
network, or an LLN such as a 6LoWPAN network, or consist of mixed
traditional/constrained network segments. Second, it may be a single
subnet only or a multi-subnet, e.g., multiple 6LoWPAN networks joined
by a single backbone LAN. Third, a wireless network segment may have
all its nodes reachable in a single IP hop (fully connected), or it
may require multiple IP hops for some pairs of nodes to reach each
other.
Each topology may pose different requirements on the configuration of
routers and protocol(s), in order to enable efficient CoAP group
communication. To enable all the above target network topologies, an
implementation of CoAP group communication needs to allow the
following:
Rahman & Dijk Experimental [Page 32]
^L
RFC 7390 Group Communication for CoAP October 2014
1. Routing/forwarding of IP multicast packets over multiple hops.
2. Routing/forwarding of IP multicast packets over subnet boundaries
between traditional and constrained (e.g., LLN) networks.
The remainder of this section discusses solutions to enable both
features.
4.2. Networks Using the MLD Protocol
CoAP nodes that are IP hosts (i.e., not IP routers) are generally
unaware of the specific IP multicast routing/forwarding protocol
being used. When such a host needs to join a specific (CoAP)
multicast group, it requires a way to signal to IP multicast routers
which IP multicast traffic it wants to receive.
The MLD protocol [RFC3810] (see Appendix A of this document) is the
standard IPv6 method to achieve this; therefore, this approach should
be used on traditional IP networks. CoAP server nodes would then act
in the role of MLD Multicast Address Listener.
The guidelines from [RFC6636] on the tuning of MLD for mobile and
wireless networks may be useful when implementing MLD in LLNs.
However, on LLNs and 6LoWPAN networks, the use of MLD may not be
feasible at all due to constraints on code size, memory, or network
capacity.
4.3. Networks Using RPL Multicast without MLD
It is assumed in this section that the MLD protocol is not
implemented in a network, for example, due to resource constraints.
The RPL routing protocol (see Section 12 of [RFC6550]) defines the
advertisement of IP multicast destinations using Destination
Advertisement Object (DAO) messages and routing of multicast IPv6
packets based on this. It requires the RPL mode of operation to be 3
(Storing mode with multicast support).
Hence, RPL DAO can be used by CoAP nodes that are RPL routers, or are
RPL Leaf Nodes, to advertise IP multicast group membership to parent
routers. Then, RPL is used to route IP multicast CoAP requests over
multiple hops to the correct CoAP servers.
The same DAO mechanism can be used to convey IP multicast group
membership information to an edge router (e.g., 6LBR), in case the
edge router is also the root of the RPL Destination-Oriented Directed
Acyclic Graph (DODAG). This is useful because the edge router then
learns which IP multicast traffic it needs to pass through from the
backbone network into the LLN subnet. In 6LoWPAN networks, such
Rahman & Dijk Experimental [Page 33]
^L
RFC 7390 Group Communication for CoAP October 2014
selective "filtering" helps to avoid congestion of a 6LoWPAN subnet
by IP multicast traffic from the traditional backbone IP network.
4.4. Networks Using MPL Forwarding without MLD
The MPL forwarding protocol [MCAST-MPL] can be used for propagation
of IPv6 multicast packets to all MPL Forwarders within a predefined
network domain, over multiple hops. MPL is designed to work in LLNs.
In this section, it is again assumed that MLD is not implemented in
the network, for example, due to resource limitations in an LLN.
The purpose of MPL is to let a predefined group of Forwarders
collectively work towards the goal of distributing an IPv6 multicast
packet throughout an MPL Domain. (A Forwarder node may be associated
to multiple MPL Domains at the same time.) So, it would appear that
there is no need for CoAP servers to advertise their multicast group
membership, since any IP multicast packet that enters the MPL Domain
is distributed to all MPL Forwarders without regard to what multicast
addresses the individual nodes are listening to.
However, if an IP multicast request originates just outside the MPL
Domain, the request will not be propagated by MPL. An example of
such a case is the network topology of Figure 1 where the subnets are
6LoWPAN subnets and for each 6LoWPAN subnet, one Realm-Local
([RFC7346]) MPL Domain is defined. The backbone network in this case
is not part of any MPL Domain.
This situation can become a problem in building control use cases,
for example, when the controller client needs to send a single IP
multicast request to the group Room-A-Lights. By default, the
request would be blocked by Rtr-1 and by Rtr-2 and not enter the
Realm-Local MPL Domains associated to Subnet-1 and Subnet-2. The
reason is that Rtr-1 and Rtr-2 do not have the knowledge that devices
in Subnet-1/2 want to listen for IP packets destined to IP multicast
group Room-A-Lights.
To solve the above issue, the following solutions could be applied:
1. Extend the MPL Domain, e.g., in the above example, include the
network backbone to be part of each of the two MPL Domains. Or,
in the above example, create just a single MPL Domain that
includes both 6LoWPAN subnets plus the backbone link, which is
possible since MPL is not tied to a single link-layer technology.
2. Manual configuration of an edge router(s) as an MPL Seed(s) for
specific IP multicast traffic. In the above example, this could
be done through the following three steps: First, configure Rtr-1
and Rtr-2 to act as MLD Address Listeners for the Room-A-Lights
Rahman & Dijk Experimental [Page 34]
^L
RFC 7390 Group Communication for CoAP October 2014
IP multicast group. This step allows any (other) routers on the
backbone to learn that at least one node on the backbone link is
interested in receiving any IP multicast traffic to
Room-A-Lights. Second, configure both routers to "inject" any IP
multicast packets destined to group Room-A-Lights into the
(Realm-Local) MPL Domain that is associated to that router.
Third, configure both routers to propagate any IPv6 multicast
packets originating from within their associated MPL Domain to
the backbone, if at least one node on the backbone has indicated
interest in receiving such IPv6 packets (for which MLD is used on
the backbone).
3. Use an additional protocol/mechanism for injection of IP
multicast traffic from outside an MPL Domain into that MPL
Domain, based on IP multicast group subscriptions of Forwarders
within the MPL Domain. Such a protocol is currently not defined
in [MCAST-MPL].
In conclusion, MPL can be used directly in case all sources of IP
multicast CoAP requests (CoAP clients) and also all the destinations
(CoAP servers) are inside a single MPL Domain. Then, each source
node acts as an MPL Seed. In all other cases, MPL can only be used
with additional protocols and/or configuration on how IP multicast
packets can be injected from outside into an MPL Domain.
4.5. 6LoWPAN Specific Guidelines for the 6LBR
To support multi-subnet scenarios for CoAP group communication, it is
recommended that a 6LBR will act in an MLD router role on the
backbone link. If this is not possible, then the 6LBR should be
configured to act as an MLD Multicast Address Listener (see
Appendix A) on the backbone link.
5. Security Considerations
This section describes the relevant security configuration for CoAP
group communication using IP multicast. The threats to CoAP group
communication are also identified, and various approaches to mitigate
these threats are summarized.
5.1. Security Configuration
As defined in Sections 8.1 and 9.1 of [RFC7252], CoAP group
communication based on IP multicast will do the following:
o Operate in CoAP NoSec (No Security) mode, until a future group
security solution is developed (see also Section 5.3.3).
Rahman & Dijk Experimental [Page 35]
^L
RFC 7390 Group Communication for CoAP October 2014
o Use the "coap" scheme. The "coaps" scheme should only be used
when a future group security solution is developed (see also
Section 5.3.3).
Essentially, the above configuration means that there is currently no
security at the CoAP layer for group communication. Therefore, for
sensitive and mission-critical applications (e.g., health monitoring
systems and alarm monitoring systems), it is currently recommended to
deploy CoAP group communication with an application-layer security
mechanism (e.g., data object security) for improved security.
Application-level security has many desirable properties, including
maintaining security properties while forwarding traffic through
intermediaries (proxies). Application-level security also tends to
more cleanly separate security from the dynamics of group membership
(e.g., the problem of distributing security keys across large groups
with many members that come and go).
Without application-layer security, CoAP group communication should
only be currently deployed in non-critical applications (e.g., read-
only temperature sensors). Only when security solutions at the CoAP
layer are mature enough (see Section 5.3.3) should CoAP group
communication without application-layer security be considered for
sensitive and mission-critical applications.
5.2. Threats
As noted above, there is currently no security at the CoAP layer for
group communication. This is due to the fact that the current DTLS-
based approach for CoAP is exclusively unicast oriented and does not
support group security features such as group key exchange and group
authentication. As a direct consequence of this, CoAP group
communication is vulnerable to all attacks mentioned in Section 11 of
[RFC7252] for IP multicast.
5.3. Threat Mitigation
Section 11 of [RFC7252] identifies various threat mitigation
techniques for CoAP group communication. In addition to those
guidelines, it is recommended that for sensitive data or safety-
critical control, a combination of appropriate link-layer security
and administrative control of IP multicast boundaries should be used.
Some examples are given below.
Rahman & Dijk Experimental [Page 36]
^L
RFC 7390 Group Communication for CoAP October 2014
5.3.1. WiFi Scenario
In a home automation scenario (using WiFi), the WiFi encryption
should be enabled to prevent rogue nodes from joining. The Customer
Premises Equipment (CPE) that enables access to the Internet should
also have its IP multicast filters set so that it enforces multicast
scope boundaries to isolate local multicast groups from the rest of
the Internet (e.g., as per [RFC6092]). In addition, the scope of the
IP multicast should be set to be site-local or smaller scope. For
site-local scope, the CPE will be an appropriate multicast scope
boundary point.
5.3.2. 6LoWPAN Scenario
In a building automation scenario, a particular room may have a
single 6LoWPAN network with a single edge router (6LBR). Nodes on
the subnet can use link-layer encryption to prevent rogue nodes from
joining. The 6LBR can be configured so that it blocks any incoming
(6LoWPAN-bound) IP multicast traffic. Another example topology could
be a multi-subnet 6LoWPAN in a large conference room. In this case,
the backbone can implement port authentication (IEEE 802.1X) to
ensure only authorized devices can join the Ethernet backbone. The
access router to this secured network segment can also be configured
to block incoming IP multicast traffic.
5.3.3. Future Evolution
In the future, to further mitigate the threats, security enhancements
need to be developed at the IETF for group communications. This will
allow introduction of a secure mode of CoAP group communication and
use of the "coaps" scheme for that purpose.
At the time of writing this specification, there are various
approaches being considered for security enhancements for group
communications. Specifically, a lot of the current effort at the
IETF is geared towards developing DTLS-based group communication.
This is primarily motivated by the fact that unicast CoAP security is
DTLS based (Section 9.1 of [RFC7252]. For example, [MCAST-SECURITY]
proposes DTLS-based IP multicast security. However, it is too early
to conclude if this is the best approach. Alternatively,
[IPSEC-PAYLOAD] proposes IPsec-based IP multicast security. This
approach also needs further investigation and validation.
Rahman & Dijk Experimental [Page 37]
^L
RFC 7390 Group Communication for CoAP October 2014
5.4. Monitoring Considerations
5.4.1. General Monitoring
CoAP group communication is meant to be used to control a set of
related devices (e.g., simultaneously turn on all the lights in a
room). This intrinsically exposes the group to some unique
monitoring risks that solitary devices (i.e., devices not in a group)
are not as vulnerable to. For example, assume an attacker is able to
physically see a set of lights turn on in a room. Then the attacker
can correlate a CoAP group communication message to that easily
observable coordinated group action even if the contents of the
message are encrypted by a future security solution (see
Section 5.3.3). This will give the attacker side-channel information
to plan further attacks (e.g., by determining the members of the
group, then some network topology information may be deduced).
One mitigation to group communication monitoring risks that should be
explored in the future is methods to decorrelate coordinated group
actions. For example, if a CoAP group communication GET is sent to
all the alarm sensors in a house, then their (unicast) responses
should be as decorrelated as possible. This will introduce greater
entropy into the system and will make it harder for an attacker to
monitor and gather side-channel information.
5.4.2. Pervasive Monitoring
A key additional threat consideration for group communication is
pointed to by [RFC7258], which warns of the dangers of pervasive
monitoring. CoAP group communication solutions that are built on top
of IP multicast need to pay particular heed to these dangers. This
is because IP multicast is easier to intercept (e.g., and to secretly
record) compared to unicast traffic. Also, CoAP traffic is meant for
the Internet of Things. This means that CoAP traffic (once future
security solutions are developed as in Section 5.3.3) may be used for
the control and monitoring of critical infrastructure (e.g., lights,
alarms, etc.) that may be prime targets for attack.
For example, an attacker may attempt to record all the CoAP traffic
going over the smart grid (i.e., networked electrical utility) of a
country and try to determine critical nodes for further attacks. For
example, the source node (controller) sends out the CoAP group
communication messages. CoAP multicast traffic is inherently more
vulnerable (compared to a unicast packet) as the same packet may be
replicated over many links, so there is a much higher probability of
it getting captured by a pervasive monitoring system.
Rahman & Dijk Experimental [Page 38]
^L
RFC 7390 Group Communication for CoAP October 2014
One useful mitigation to pervasive monitoring is to restrict the
scope of the IP multicast to the minimal scope that fulfills the
application need. Thus, for example, site-local IP multicast scope
is always preferred over global scope IP multicast if this fulfills
the application needs. This approach has the added advantage that it
coincides with the guidelines for minimizing congestion control (see
Section 2.8).
In the future, even if all the CoAP multicast traffic is encrypted,
an attacker may still attempt to capture the traffic and perform an
off-line attack, though of course having the multicast traffic
protected is always desirable as it significantly raises the cost to
an attacker (e.g., to break the encryption) versus unprotected
multicast traffic.
6. IANA Considerations
6.1. New 'core.gp' Resource Type
This memo registers a new Resource Type (rt=) Link Target Attribute,
'core.gp', in the "Resource Type (rt=) Link Target Attribute Values"
subregistry under the "Constrained RESTful Environments (CoRE)
Parameters" registry.
Attribute Value: core.gp
Description: Group Configuration resource. This resource is used to
query/manage the group membership of a CoAP server.
Reference: See Section 2.6.2.
6.2. New 'coap-group+json' Internet Media Type
This memo registers a new Internet media type for the CoAP Group
Configuration resource called 'application/coap-group+json'.
Type name: application
Subtype name: coap-group+json
Required parameters: None
Optional parameters: None
Encoding considerations: 8-bit UTF-8.
JSON to be represented using UTF-8, which is 8-bit compatible (and
most efficient for resource constrained implementations).
Rahman & Dijk Experimental [Page 39]
^L
RFC 7390 Group Communication for CoAP October 2014
Security considerations:
Denial-of-Service attacks could be performed by constantly
(re-)setting the Group Configuration resource of a CoAP endpoint to
different values. This will cause the endpoint to register (or
deregister) from the related IP multicast group. To prevent this, it
is recommended that a form of authorization (making use of unicast
DTLS-secured CoAP) be used such that only authorized controllers are
allowed by an endpoint to configure its group membership.
Interoperability considerations: None
Published specification: RFC 7390
Applications that use this media type:
CoAP client and server implementations that wish to set/read the
Group Configuration resource via the 'application/coap-group+json'
payload as described in Section 2.6.2.
Fragment identifier considerations: N/A
Additional Information:
Deprecated alias names for this type: None
Magic number(s): None
File extension(s): *.json
Macintosh file type code(s): TEXT
Person and email address to contact for further information:
Esko Dijk ("Esko.Dijk@Philips.com")
Intended usage: COMMON
Restrictions on usage: None
Author: CoRE WG
Change controller: IETF
Provisional registration? (standards tree only): N/A
Rahman & Dijk Experimental [Page 40]
^L
RFC 7390 Group Communication for CoAP October 2014
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
February 2000, <http://www.rfc-editor.org/info/rfc2782>.
[RFC3376] Cain, B., Deering, S., Kouvelas, I., Fenner, B., and A.
Thyagarajan, "Internet Group Management Protocol, Version
3", RFC 3376, October 2002,
<http://www.rfc-editor.org/info/rfc3376>.
[RFC3433] Bierman, A., Romascanu, D., and K. Norseth, "Entity Sensor
Management Information Base", RFC 3433, December 2002,
<http://www.rfc-editor.org/info/rfc3433>.
[RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei,
"Advanced Sockets Application Program Interface (API) for
IPv6", RFC 3542, May 2003,
<http://www.rfc-editor.org/info/rfc3542>.
[RFC3810] Vida, R. and L. Costa, "Multicast Listener Discovery
Version 2 (MLDv2) for IPv6", RFC 3810, June 2004,
<http://www.rfc-editor.org/info/rfc3810>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005,
<http://www.rfc-editor.org/info/rfc3986>.
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006,
<http://www.rfc-editor.org/info/rfc4291>.
[RFC4601] Fenner, B., Handley, M., Holbrook, H., and I. Kouvelas,
"Protocol Independent Multicast - Sparse Mode (PIM-SM):
Protocol Specification (Revised)", RFC 4601, August 2006,
<http://www.rfc-editor.org/info/rfc4601>.
Rahman & Dijk Experimental [Page 41]
^L
RFC 7390 Group Communication for CoAP October 2014
[RFC4919] Kushalnagar, N., Montenegro, G., and C. Schumacher, "IPv6
over Low-Power Wireless Personal Area Networks (6LoWPANs):
Overview, Assumptions, Problem Statement, and Goals", RFC
4919, August 2007,
<http://www.rfc-editor.org/info/rfc4919>.
[RFC4944] Montenegro, G., Kushalnagar, N., Hui, J., and D. Culler,
"Transmission of IPv6 Packets over IEEE 802.15.4
Networks", RFC 4944, September 2007,
<http://www.rfc-editor.org/info/rfc4944>.
[RFC5110] Savola, P., "Overview of the Internet Multicast Routing
Architecture", RFC 5110, January 2008,
<http://www.rfc-editor.org/info/rfc5110>.
[RFC5771] Cotton, M., Vegoda, L., and D. Meyer, "IANA Guidelines for
IPv4 Multicast Address Assignments", BCP 51, RFC 5771,
March 2010, <http://www.rfc-editor.org/info/rfc5771>.
[RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
Address Text Representation", RFC 5952, August 2010,
<http://www.rfc-editor.org/info/rfc5952>.
[RFC6092] Woodyatt, J., "Recommended Simple Security Capabilities in
Customer Premises Equipment (CPE) for Providing
Residential IPv6 Internet Service", RFC 6092, January
2011, <http://www.rfc-editor.org/info/rfc6092>.
[RFC6550] Winter, T., Thubert, P., Brandt, A., Hui, J., Kelsey, R.,
Levis, P., Pister, K., Struik, R., Vasseur, JP., and R.
Alexander, "RPL: IPv6 Routing Protocol for Low-Power and
Lossy Networks", RFC 6550, March 2012,
<http://www.rfc-editor.org/info/rfc6550>.
[RFC6636] Asaeda, H., Liu, H., and Q. Wu, "Tuning the Behavior of
the Internet Group Management Protocol (IGMP) and
Multicast Listener Discovery (MLD) for Routers in Mobile
and Wireless Networks", RFC 6636, May 2012,
<http://www.rfc-editor.org/info/rfc6636>.
[RFC6690] Shelby, Z., "Constrained RESTful Environments (CoRE) Link
Format", RFC 6690, August 2012,
<http://www.rfc-editor.org/info/rfc6690>.
[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service
Discovery", RFC 6763, February 2013,
<http://www.rfc-editor.org/info/rfc6763>.
Rahman & Dijk Experimental [Page 42]
^L
RFC 7390 Group Communication for CoAP October 2014
[RFC6775] Shelby, Z., Chakrabarti, S., Nordmark, E., and C. Bormann,
"Neighbor Discovery Optimization for IPv6 over Low-Power
Wireless Personal Area Networks (6LoWPANs)", RFC 6775,
November 2012, <http://www.rfc-editor.org/info/rfc6775>.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, March 2014,
<http://www.rfc-editor.org/info/rfc7159>.
[RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
(HTTP/1.1): Message Syntax and Routing", RFC 7230, June
2014, <http://www.rfc-editor.org/info/rfc7230>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252, June 2014,
<http://www.rfc-editor.org/info/rfc7252>.
[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an
Attack", BCP 188, RFC 7258, May 2014,
<http://www.rfc-editor.org/info/rfc7258>.
[RFC7320] Nottingham, M., "URI Design and Ownership", BCP 190, RFC
7320, July 2014, <http://www.rfc-editor.org/info/rfc7320>.
7.2. Informative References
[RFC1033] Lottor, M., "Domain administrators operations guide", RFC
1033, November 1987,
<http://www.rfc-editor.org/info/rfc1033>.
[RFC4605] Fenner, B., He, H., Haberman, B., and H. Sandick,
"Internet Group Management Protocol (IGMP) / Multicast
Listener Discovery (MLD)-Based Multicast Forwarding
("IGMP/MLD Proxying")", RFC 4605, August 2006,
<http://www.rfc-editor.org/info/rfc4605>.
[RFC5740] Adamson, B., Bormann, C., Handley, M., and J. Macker,
"NACK-Oriented Reliable Multicast (NORM) Transport
Protocol", RFC 5740, November 2009,
<http://www.rfc-editor.org/info/rfc5740>.
[RFC7346] Droms, R., "IPv6 Multicast Address Scopes", RFC 7346,
August 2014, <http://www.rfc-editor.org/info/rfc7346>.
[BLOCKWISE-CoAP]
Bormann, C. and Z. Shelby, "Blockwise transfers in CoAP",
Work in Progress, draft-ietf-core-block-15, July 2014.
Rahman & Dijk Experimental [Page 43]
^L
RFC 7390 Group Communication for CoAP October 2014
[CoRE-RD] Shelby, Z., Bormann, C., and S. Krco, "CoRE Resource
Directory", Work in Progress, draft-ietf-core-resource-
directory-01, December 2013.
[OBSERVE-CoAP]
Hartke, K., "Observing Resources in CoAP", Work in
Progress, draft-ietf-core-observe-14, June 2014.
[MCAST-MPL]
Hui, J. and R. Kelsey, "Multicast Protocol for Low power
and Lossy Networks (MPL)", Work in Progress, draft-ietf-
roll-trickle-mcast-09, April 2014.
[MCAST-SECURITY]
Keoh, S., Kumar, S., Garcia-Morchon, O., Dijk, E., and A.
Rahman, "DTLS-based Multicast Security in Constrained
Environments", Work in Progress, draft-keoh-dice-
multicast-security-08, July 2014.
[IPSEC-PAYLOAD]
Migault, D. and C. Bormann, "IPsec/ESP for Application
Payload", Work in Progress, draft-mglt-dice-ipsec-for-
application-payload-00, July 2014.
Rahman & Dijk Experimental [Page 44]
^L
RFC 7390 Group Communication for CoAP October 2014
Appendix A. Multicast Listener Discovery (MLD)
In order to extend the scope of IP multicast beyond link-local scope,
an IP multicast routing or forwarding protocol has to be active in
routers on an LLN. To achieve efficient IP multicast routing (i.e.,
avoid always flooding IP multicast packets), routers have to learn
which hosts need to receive packets addressed to specific IP
multicast destinations.
The MLD protocol [RFC3810] (or its IPv4 equivalent, IGMP [RFC3376])
is today the method of choice used by a (IP multicast-enabled) router
to discover the presence of IP multicast listeners on directly
attached links, and to discover which IP multicast addresses are of
interest to those listening nodes. MLD was specifically designed to
cope with fairly dynamic situations in which IP multicast listeners
may join and leave at any time.
Optimal tuning of the parameters of MLD/IGMP for routers for mobile
and wireless networks is discussed in [RFC6636]. These guidelines
may be useful when implementing MLD in LLNs.
Acknowledgements
Thanks to Jari Arkko, Peter Bigot, Anders Brandt, Ben Campbell,
Angelo Castellani, Alissa Cooper, Spencer Dawkins, Badis Djamaa,
Adrian Farrel, Stephen Farrell, Thomas Fossati, Brian Haberman,
Bjoern Hoehrmann, Matthias Kovatsch, Guang Lu, Salvatore Loreto,
Kerry Lynn, Andrew McGregor, Kathleen Moriarty, Pete Resnick, Dale
Seed, Zach Shelby, Martin Stiemerling, Peter van der Stok, Gengyu
Wei, and Juan Carlos Zuniga for their helpful comments and
discussions that have helped shape this document.
Special thanks to Carsten Bormann and Barry Leiba for their extensive
and thoughtful Chair and AD reviews of the document. Their reviews
helped to immeasurably improve the document quality.
Rahman & Dijk Experimental [Page 45]
^L
RFC 7390 Group Communication for CoAP October 2014
Authors' Addresses
Akbar Rahman (editor)
InterDigital Communications, LLC
1000 Sherbrooke Street West
Montreal, Quebec H3A 3G4
Canada
EMail: Akbar.Rahman@InterDigital.com
Esko Dijk (editor)
Philips Research
High Tech Campus 34
Eindhoven 5656AE
Netherlands
EMail: esko.dijk@philips.com
Rahman & Dijk Experimental [Page 46]
^L
|
