Moulay Ismail University of Meknes

Morocco +212670832236 n.benamar@est.umi.ac.ma

EURECOM

Sophia-Antipolis 06904 France +33493008134 Jerome.Haerri@eurecom.fr

Sangmyung University

31, Sangmyeongdae-gil, Dongnam-gu 31066 Cheonan Republic of Korea jonghyouk@smu.ac.kr

YoGoKo

1137A Avenue des Champs-Blancs CESON-SEVIGNE 35510 France thierry.ernst@yogoko.fr

Internet IPWAVE Working Group IPv6 over 802.11p OCB IPv6 over 802.11-OCB This document provides methods and settings for using IPv6 to communicate among nodes within range of one another over a single IEEE 802.11-OCB link. Support for these methods and settings require minimal changes to existing stacks. This document also describes limitations associated with using these methods. Optimizations and usage of IPv6 over more complex scenarios are not covered in this specification and are a subject for future work.

Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at .

Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents () in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

• .  Introduction
• .  Terminology
• .  Communication Scenarios Where IEEE 802.11-OCB Links Are Used
• .  IPv6 over 802.11-OCB
  • .  Maximum Transmission Unit (MTU)
  • .  Frame Format
  • .  Link-Local Addresses
  • .  Stateless Autoconfiguration
  • .  Address Mapping
    • .  Address Mapping -- Unicast
    • .  Address Mapping -- Multicast
  • .  Subnet Structure
• .  Security Considerations
  • .  Privacy Considerations
    • .  Privacy Risks of Meaningful Information in Interface IDs
  • .  MAC Address and Interface ID Generation
  • .  Pseudonymization Impact on Confidentiality and Trust
• .  IANA Considerations
• .  References
  • .  Normative References
  • .  Informative References
• .  802.11p
• .  Aspects Introduced by OCB Mode to 802.11
• .  Changes Needed on an 802.11a Software Driver to Become an 802.11-OCB Driver
• .  Protocol Layering
• .  Design Considerations
• .  IEEE 802.11 Messages Transmitted in OCB Mode
• .  Examples of Packet Formats
  • .  Capture in Monitor Mode
  • .  Capture in Normal Mode
• .  Extra Terminology
• .  Neighbor Discovery (ND) Potential Issues in Wireless Links
• Acknowledgements
• Contributors
• Authors' Addresses

Introduction This document provides a baseline for using IPv6 to communicate among nodes in range of one another over a single IEEE 802.11-OCB link (a.k.a., 802.11p; see Appendices , , and ) with minimal changes to existing stacks. Moreover, the document identifies the limitations of such usage. Concretely, the document describes the layering of IPv6 networking on top of the IEEE Std 802.11 MAC layer or an IEEE Std 802.3 MAC layer with a frame translation underneath. The resulting stack is derived from IPv6 over Ethernet but operates over 802.11-OCB to provide at least P2P (point-to-point) connectivity using IPv6 Neighbor Discovery (ND) and link-local addresses. The IPv6 network layer operates on 802.11-OCB in the same manner as operating on the Ethernet with the following exceptions:

• Exceptions due to the different operation of the IPv6 network layer on 802.11 compared to the Ethernet. The operation of IP on Ethernet is described in and .
• Exceptions due to the OCB nature of 802.11-OCB compared to 802.11. This has impacts on security, privacy, subnet structure, and movement detection. Security and privacy recommendations are discussed in Sections and . The subnet structure is described in . The movement detection on OCB links is not described in this document. Likewise, ND extensions and IP Wireless Access in Vehicular Environments (IPWAVE) optimizations for vehicular communications are not in scope of this document. The expectation is that further specifications will be edited to cover more complex vehicular networking scenarios.

The reader may refer to for an overview of problems related to running IPv6 over 802.11-OCB. It is out of scope of this document to reiterate those problems.

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here. The document makes uses of the following terms:

IP-OBU (Internet Protocol On-Board Unit):

An IP-OBU denotes a computer situated in a vehicle such as a car, bicycle, or similar. It has at least one IP interface that runs in mode OCB of 802.11 and has an "OBU" transceiver. See the definition of the term "OBU" in .

IP-RSU (IP Roadside Unit):

An IP-RSU is situated along the road. It has at least two distinct IP-enabled interfaces. The wireless PHY/MAC layer of at least one of its IP-enabled interfaces is configured to operate in 802.11-OCB mode. An IP-RSU communicates with the IP-OBU over an 802.11 wireless link operating in OCB mode. An IP-RSU is similar to an Access Network Router (ANR), defined in , and a Wireless Termination Point (WTP), defined in .

OCB (outside the context of a Basic Service Set - BSS):

This is a mode of operation in which a station (STA) is not a member of a BSS and does not utilize IEEE Std 802.11 authentication, association, or data confidentiality.

802.11-OCB:

This refers to the mode specified in IEEE Std 802.11-2016 when the MIB attribute dot11OCBActivited is 'true'.

Communication Scenarios Where IEEE 802.11-OCB Links Are Used IEEE 802.11-OCB networks are used for vehicular communications as 'Wireless Access in Vehicular Environments'. In particular, we refer the reader to , which lists some scenarios and requirements for IP in Intelligent Transportation Systems (ITS). The link model is the following: STA --- 802.11-OCB --- STA. In vehicular networks, STAs can be IP-RSUs and/or IP-OBUs. All links are assumed to be P2P, and multiple links can be on one radio interface. While 802.11-OCB is clearly specified and a legacy IPv6 stack can operate on such links, the use of the operating environment (vehicular networks) brings in new perspectives.

IPv6 over 802.11-OCB

Maximum Transmission Unit (MTU) The default MTU for IP packets on 802.11-OCB is inherited from and, as such, is 1500 octets. As noted in , every link on the Internet must have a minimum MTU of 1280 octets and must follow the other recommendations, especially with regard to fragmentation.

Frame Format IP packets MUST be transmitted over 802.11-OCB media as QoS data frames whose format is specified in an IEEE 802.11 spec . The IPv6 packet transmitted on 802.11-OCB is immediately preceded by a Logical Link Control (LLC) header and an 802.11 header. In the LLC header and in accordance with EtherType Protocol Discrimination (EPD; see ), the value of the Type field MUST be set to 0x86DD (IPv6). The mapping to the 802.11 data service SHOULD use a 'priority' value of 1 (QoS with a 'Background' user priority), reserving higher priority values for safety-critical and time-sensitive traffic, including the ones listed in . To simplify the Application Programming Interface (API) between the operating system and the 802.11-OCB media, device drivers MAY implement IPv6 over Ethernet as per and then a frame translation from 802.3 to 802.11 in order to minimize the code changes.

Link-Local Addresses There are several types of IPv6 addresses that may be assigned to an 802.11-OCB interface. Among these types of addresses, only the IPv6 link-local addresses can be formed using an EUI-64 identifier, particularly during transition time (the period of time before an interface starts using an address different from the LL one). If the IPv6 link-local address is formed using an EUI-64 identifier, then the mechanism for forming that address is the same mechanism as that used to form an IPv6 link-local address on Ethernet links. Moreover, regardless of whether the interface identifier is derived from the EUI-64 identifier, its length is 64 bits, as is the case for the Ethernet .

Stateless Autoconfiguration The steps a host takes in deciding how to autoconfigure its interfaces in IPv6 are described in . This section describes the formation of Interface Identifiers for 'Global' or 'Unique Local' IPv6 addresses. Interface Identifiers for 'link-local' IPv6 addresses are discussed in . The RECOMMENDED method for forming stable Interface Identifiers (IIDs) is described in . The method of forming IIDs described in MAY be used during transition time, particularly for IPv6 link-local addresses. Regardless of the method used to form the IID, its length is 64 bits, similarly to IPv6 over Ethernet . The bits in the IID have no specific meaning, and the identifier should be treated as an opaque value. The bits 'Universal' and 'Group' in the identifier of an 802.11-OCB interface, which is an IEEE link-layer address, are significant. The details of this significance are described in . Semantically opaque IIDs, instead of meaningful IIDs derived from a valid and meaningful MAC address (), help avoid certain privacy risks (see the risks mentioned in ). If semantically opaque IIDs are needed, they may be generated using the method for generating semantically opaque IIDs with IPv6 Stateless Address Autoconfiguration given in . Typically, an opaque IID is formed starting from identifiers different from the MAC addresses and from cryptographically strong material. Thus, privacy-sensitive information is absent from Interface IDs because it is impossible to calculate back the initial value from which the Interface ID was first generated. Some applications that use IPv6 packets on 802.11-OCB links (among other link types) may benefit from IPv6 addresses whose IIDs don't change too often. It is RECOMMENDED to use the mechanisms described in to permit the use of stable IIDs that do not change within one subnet prefix. A possible source for the Net_Iface parameter is a virtual interface name or logical interface name that is decided by a local administrator.

Address Mapping Unicast and multicast address mapping MUST follow the procedures specified for Ethernet interfaces described in Sections and of .

Address Mapping -- Unicast This document is scoped for Address Resolution (AR) and Duplicate Address Detection (DAD) per .

Address Mapping -- Multicast The multicast address mapping is performed according to the method specified in . The meaning of the value "33-33" mentioned there is defined in . Transmitting IPv6 packets to multicast destinations over 802.11 links proved to have some performance issues . These issues may be exacerbated in OCB mode. Future improvement to this specification should consider solutions for these problems.

Subnet Structure When vehicles are in close range, a subnet may be formed over 802.11-OCB interfaces (not by their in-vehicle interfaces). A Prefix List conceptual data structure () is maintained for each 802.11-OCB interface. The IPv6 Neighbor Discovery protocol (ND) requires reflexive properties (bidirectional connectivity), which is generally, though not always, the case for P2P OCB links. IPv6 ND also requires transitive properties for DAD and AR, so an IPv6 subnet can be mapped on an OCB network only if all nodes in the network share a single physical broadcast domain. The extension to IPv6 ND operating on a subnet that covers multiple OCB links and does not fully overlap (i.e., non-broadcast multi-access (NBMA)) is not in scope of this document. Finally, IPv6 ND requires permanent connectivity of all nodes in the subnet to defend their addresses -- in other words, very stable network conditions. The structure of this subnet is ephemeral in that it is strongly influenced by the mobility of vehicles: the hidden terminal effects appear, and the 802.11 networks in OCB mode may be considered ad hoc networks with an addressing model, as described in . On the other hand, the structure of the internal subnets in each vehicle is relatively stable. As recommended in , when the timing requirements are very strict (e.g., fast-drive-through IP-RSU coverage), no on-link subnet prefix should be configured on an 802.11-OCB interface. In such cases, the exclusive use of IPv6 link-local addresses is RECOMMENDED. Additionally, even if the timing requirements are not very strict (e.g., the moving subnet formed by two following vehicles is stable, a fixed IP-RSU is absent), the subnet is disconnected from the Internet (i.e., a default route is absent), and the addressing peers are equally qualified (that is, it is impossible to determine whether some vehicle owns and distributes addresses to others), the use of link-local addresses is RECOMMENDED. The baseline ND protocol MUST be supported over 802.11-OCB links. Transmitting ND packets may prove to have some performance issues, as mentioned in and . These issues may be exacerbated in OCB mode. Solutions for these problems should consider the OCB mode of operation. Future solutions to OCB should consider solutions for avoiding broadcast. The best of current knowledge indicates the kinds of issues that may arise with ND in OCB mode; they are described in . Protocols like Mobile IPv6 and DNAv6 , which depend on timely movement detection, might need additional tuning work to handle the lack of link-layer notifications during handover. This topic is left for further study.

Security Considerations Any security mechanism at the IP layer or above that may be implemented for the general case of IPv6 may also be implemented for IPv6 operating over 802.11-OCB. The OCB operation does not use existing 802.11 link-layer security mechanisms. There is no encryption applied below the network layer running on 802.11-OCB. At the application layer, the IEEE 1609.2 document provides security services for certain applications to use; application-layer mechanisms are out of scope of this document. On the other hand, a security mechanism provided at the networking layer, such as IPsec , may provide data security protection to a wider range of applications. 802.11-OCB does not provide any cryptographic protection because it operates outside the context of a BSS (no Association Request/Response or Challenge messages). Therefore, an attacker can sniff or inject traffic while within range of a vehicle or IP-RSU (by setting an interface card's frequency to the proper range). Also, an attacker may not adhere to the legal limits for radio power and can use a very sensitive directional antenna; if attackers wish to attack a given exchange, they do not necessarily need to be in close physical proximity. Hence, such a link is less protected than commonly used links (a wired link or the aforementioned 802.11 links with link-layer security). Therefore, any node can join a subnet and directly communicate with any nodes on the subset, including potentially impersonating another node. This design allows for a number of threats outlined in . While not widely deployed, SEND is a solution that can address spoof-based attack vectors.

Privacy Considerations As with all Ethernet and 802.11 interface identifiers , the identifier of an 802.11-OCB interface may involve privacy, MAC address spoofing, and IP hijacking risks. A vehicle embarking an IP-OBU whose egress interface is 802.11-OCB may expose itself to eavesdropping and subsequent correlation of data. This may reveal data considered private by the vehicle owner; there is a risk of being tracked. In outdoor public environments, where vehicles typically circulate, the privacy risks are greater than in indoor settings. It is highly likely that attacker sniffers are deployed along routes that listen for IEEE frames, including IP packets, of vehicles passing by. For this reason, in 802.11-OCB deployments, there is a strong necessity to use protection tools such as dynamically changing MAC addresses (), semantically opaque Interface Identifiers, and stable Interface Identifiers (). An example of a change policy is to change the MAC address of the OCB interface each time the system boots up. This may help mitigate privacy risks to a certain level. Furthermore, for privacy concerns, recommends using an address-generation scheme rather than generating addresses from a fixed link-layer address. However, there are some specificities related to vehicles. Since roaming is an important characteristic of moving vehicles, the use of the same Link-Local Address over time can indicate the presence of the same vehicle in different places and thus lead to location tracking. Hence, a vehicle should get hints about a change of environment (e.g., engine running, GPS, etc.) and renew the IID in its LLAs.

Privacy Risks of Meaningful Information in Interface IDs The privacy risks of using MAC addresses displayed in Interface Identifiers are important. IPv6 packets can be captured easily on the Internet and on-link on public roads. For this reason, an attacker may realize many attacks on privacy. One such attack on 802.11-OCB is to capture, store, and correlate company ID information present in the MAC addresses of a large number of cars (e.g., listening for Router Advertisements or other IPv6 application data packets, and recording the value of the source address in these packets). Further correlation of this information with other data captured by other means or other visual information (e.g., car color) may constitute privacy risks.

MAC Address and Interface ID Generation In 802.11-OCB networks, the MAC addresses may change during well-defined renumbering events. At the moment the MAC address is changed on an 802.11-OCB interface, all the Interface Identifiers of IPv6 addresses assigned to that interface MUST change. Implementations should use a policy dictating when the MAC address is changed on the 802.11-OCB interface. For more information on the motivation of this policy, please refer to the privacy discussion in . A 'randomized' MAC address has the following characteristics:

• The "Local/Global" bit is set to "locally administered".
• The "Unicast/Multicast" bit is set to "Unicast".
• The 46 remaining bits are set to a random value using a random number generator that meets the requirements of .

To meet the randomization requirements for the 46 remaining bits, a hash function may be used. For example, the hash function defined in may be used with the input of a 256-bit local secret, the 'nominal' MAC address of the interface, and a representation of the date and time of the renumbering event. A randomized Interface ID has the same characteristics of a randomized MAC address except for the length in bits.

Pseudonymization Impact on Confidentiality and Trust Vehicle and drivers privacy relies on pseudonymization mechanisms such as the ones described in . This pseudonymization means that upper-layer protocols and applications SHOULD NOT rely on layer-2 or layer-3 addresses to assume that the other participant can be trusted.

IANA Considerations This document has no IANA actions.

References Normative References IEEE This RFC specifies a standard method of encapsulating the Internet Protocol (IP) datagrams and Address Resolution Protocol (ARP) requests and replies on IEEE 802 Networks to allow compatible and interoperable implementations. This RFC specifies a protocol standard for the Internet community. In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document specifies the frame format for transmission of IPv6 packets and the method of forming IPv6 link-local addresses and statelessly autoconfigured addresses on Ethernet networks. It also specifies the content of the Source/Target Link-layer Address option used in Router Solicitation, Router Advertisement, Neighbor Solicitation, Neighbor Advertisement and Redirect messages when those messages are transmitted on an Ethernet. [STANDARDS-TRACK] Security systems are built on strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space. Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This document points out many pitfalls in using poor entropy sources or traditional pseudo-random number generation techniques for generating such quantities. It recommends the use of truly random hardware techniques and shows that the existing hardware on many systems can be used for this purpose. It provides suggestions to ameliorate the problem when a hardware solution is not available, and it gives examples of how large such quantities need to be for some applications. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. This document describes an optional extension to Router Advertisement messages for communicating default router preferences and more-specific routes from routers to hosts. This improves the ability of hosts to pick an appropriate router, especially when the host is multi-homed and the routers are on different links. The preference values and specific routes advertised to hosts require administrative configuration; they are not automatically derived from routing tables. [STANDARDS-TRACK] This document defines an IPv6 unicast address format that is globally unique and is intended for local communications, usually inside of a site. These addresses are not expected to be routable on the global Internet. [STANDARDS-TRACK] This specification defines the addressing architecture of the IP Version 6 (IPv6) protocol. The document includes the IPv6 addressing model, text representations of IPv6 addresses, definition of IPv6 unicast addresses, anycast addresses, and multicast addresses, and an IPv6 node's required addresses. This document obsoletes RFC 3513, "IP Version 6 Addressing Architecture". [STANDARDS-TRACK] This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer. This document obsoletes RFC 2401 (November 1998). [STANDARDS-TRACK] This document specifies the Neighbor Discovery protocol for IP Version 6. IPv6 nodes on the same link use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors. [STANDARDS-TRACK] This document specifies the steps a host takes in deciding how to autoconfigure its interfaces in IP version 6. The autoconfiguration process includes generating a link-local address, generating global addresses via stateless address autoconfiguration, and the Duplicate Address Detection procedure to verify the uniqueness of the addresses on a link. [STANDARDS-TRACK] This specification defines the Control And Provisioning of Wireless Access Points (CAPWAP) Protocol, meeting the objectives defined by the CAPWAP Working Group in RFC 4564. The CAPWAP protocol is designed to be flexible, allowing it to be used for a variety of wireless technologies. This document describes the base CAPWAP protocol, while separate binding extensions will enable its use with additional wireless technologies. [STANDARDS-TRACK] Detecting Network Attachment allows hosts to assess if its existing addressing or routing configuration is valid for a newly connected network. This document provides simple procedures for Detecting Network Attachment in IPv6 hosts, and procedures for routers to support such services. [STANDARDS-TRACK] This document specifies Mobile IPv6, a protocol that allows nodes to remain reachable while moving around in the IPv6 Internet. Each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, a mobile node is also associated with a care-of address, which provides information about the mobile node's current location. IPv6 packets addressed to a mobile node's home address are transparently routed to its care-of address. The protocol enables IPv6 nodes to cache the binding of a mobile node's home address with its care-of address, and to then send any packets destined for the mobile node directly to it at this care-of address. To support this operation, Mobile IPv6 defines a new IPv6 protocol and a new destination option. All IPv6 nodes, whether mobile or stationary, can communicate with mobile nodes. This document obsoletes RFC 3775. [STANDARDS-TRACK] Some IETF protocols make use of Ethernet frame formats and IEEE 802 parameters. This document discusses several uses of such parameters in IETF protocols, specifies IANA considerations for assignment of points under the IANA OUI (Organizationally Unique Identifier), and provides some values for use in documentation. This document obsoletes RFC 5342. The IPv6 addressing architecture includes a unicast interface identifier that is used in the creation of many IPv6 addresses. Interface identifiers are formed by a variety of methods. This document clarifies that the bits in an interface identifier have no meaning and that the entire identifier should be treated as an opaque value. In particular, RFC 4291 defines a method by which the Universal and Group bits of an IEEE link-layer address are mapped into an IPv6 unicast interface identifier. This document clarifies that those two bits are significant only in the process of deriving interface identifiers from an IEEE link-layer address, and it updates RFC 4291 accordingly. This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that an IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses (e.g., IEEE LAN Media Access Control (MAC) addresses), such that the benefits of stable addresses can be achieved without sacrificing the security and privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique-local prefixes (and their corresponding addresses). This document changes the recommended default Interface Identifier (IID) generation scheme for cases where Stateless Address Autoconfiguration (SLAAC) is used to generate a stable IPv6 address. It recommends using the mechanism specified in RFC 7217 in such cases, and recommends against embedding stable link-layer addresses in IPv6 IIDs. It formally updates RFC 2464, RFC 2467, RFC 2470, RFC 2491, RFC 2492, RFC 2497, RFC 2590, RFC 3146, RFC 3572, RFC 4291, RFC 4338, RFC 4391, RFC 5072, and RFC 5121. This document does not change any existing recommendations concerning the use of temporary addresses as specified in RFC 4941. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. This document specifies version 6 of the Internet Protocol (IPv6). It obsoletes RFC 2460. Informative References e-CFR Title 47, Part 90 - PRIVATE LAND MOBILE RADIO SERVICES e-CFR Title 47, CFR 90.7 - Definitions e-CFR Title 47, CFR 95 - PERSONAL RADIO SERVICES IEEE IEEE IEEE IEEE IEEE IEEE IEEE Well-known issues with multicast have prevented the deployment of multicast in 802.11 (wifi) and other local-area wireless environments. This document describes the problems of known limitations with wireless (primarily 802.11) Layer-2 multicast. Also described are certain multicast enhancement features that have been specified by the IETF, and by IEEE 802, for wireless media, as well as some operational choices that can be taken to improve the performance of the network. Finally, some recommendations are provided about the usage and combination of these features and operational choices. Work in Progress This document discusses the problem statement and use cases of IP- based vehicular networking for Intelligent Transportation Systems (ITS). The main scenarios of vehicular communications are vehicle- to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to- everything (V2X) communications. First, this document explains use cases using V2V, V2I, and V2X networking. Next, it makes a problem statement about key aspects in IP-based vehicular networking, such as IPv6 Neighbor Discovery, Mobility Management, and Security & Privacy. For each key aspect, this document specifies requirements in IP-based vehicular networking, and suggests the direction of solutions satisfying those requirements. Work in Progress There is a need for common definitions of terminology in the work to be done around IP mobility. This document defines terms for mobility related terminology. The document originated out of work done in the Seamoby Working Group but has broader applicability for terminology used in IETF-wide discourse on technology for mobility and IP networks. Other working groups dealing with mobility may want to take advantage of this terminology. This memo provides information for the Internet community. This document describes the Network Mobility (NEMO) Basic Support protocol that enables Mobile Networks to attach to different points in the Internet. The protocol is an extension of Mobile IPv6 and allows session continuity for every node in the Mobile Network as the network moves. It also allows every node in the Mobile Network to be reachable while moving around. The Mobile Router, which connects the network to the Internet, runs the NEMO Basic Support protocol with its Home Agent. The protocol is designed so that network mobility is transparent to the nodes inside the Mobile Network. [STANDARDS-TRACK] IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers, and to maintain reachability information about the paths to active neighbors. If not secured, NDP is vulnerable to various attacks. This document specifies security mechanisms for NDP. Unlike those in the original NDP specifications, these mechanisms do not use IPsec. [STANDARDS-TRACK] This document describes a method for binding a public signature key to an IPv6 address in the Secure Neighbor Discovery (SEND) protocol. Cryptographically Generated Addresses (CGA) are IPv6 addresses for which the interface identifier is generated by computing a cryptographic one-way hash function from a public key and auxiliary parameters. The binding between the public key and the address can be verified by re-computing the hash value and by comparing the hash with the interface identifier. Messages sent from an IPv6 address can be protected by attaching the public key and auxiliary parameters and by signing the message with the corresponding private key. The protection works without a certification authority or any security infrastructure. [STANDARDS-TRACK] This document describes a model for configuring IP addresses and subnet prefixes on the interfaces of routers which connect to links with undetermined connectivity properties. This document is not an Internet Standards Track specification; it is published for informational purposes. The Source Address Validation Improvement (SAVI) effort aims to complement ingress filtering with finer-grained, standardized IP source address validation. This document describes threats enabled by IP source address spoofing both in the global and finer-grained context, describes currently available solutions and challenges, and provides a starting point analysis for finer-grained (host granularity) anti-spoofing work. This document discusses privacy and security considerations for several IPv6 address generation mechanisms, both standardized and non-standardized. It evaluates how different mechanisms mitigate different threats and the trade-offs that implementors, developers, and users face in choosing different addresses or address generation mechanisms. This document discusses how a number of privacy threats apply to technologies designed for IPv6 over various link-layer protocols, and it provides advice to protocol designers on how to address such threats in adaptation-layer specifications for IPv6 over such links. This specification updates RFC 6775 -- the Low-Power Wireless Personal Area Network (6LoWPAN) Neighbor Discovery specification -- to clarify the role of the protocol as a registration technique and simplify the registration operation in 6LoWPAN routers, as well as to provide enhancements to the registration capabilities and mobility detection for different network topologies, including the Routing Registrars performing routing for host routes and/or proxy Neighbor Discovery in a low-power network. National Institute of Standards and Technology

802.11p The term "802.11p" is an earlier definition. The behavior of "802.11p" networks is rolled in . In that document, the term "802.11p" disappears. Instead, each 802.11p feature is conditioned by the IEEE Management Information Base (MIB) attribute "OCBActivated" . Whenever OCBActivated is set to "true", the IEEE Std 802.11-OCB state is activated. For example, an 802.11 STAtion operating outside the context of a BSS has the OCBActivated flag set. Such a station, when it has the flag set, uses a BSS identifier equal to ff:ff:ff:ff:ff:ff.

Aspects Introduced by OCB Mode to 802.11 In IEEE 802.11-OCB mode, all nodes in the wireless range can directly communicate with each other without involving authentication or association procedures. In OCB mode, the manner in which channels are selected and used is simplified compared to when in BSS mode. Contrary to BSS mode, at the link layer, it is necessary to statically set the same channel number (or frequency) on two stations that need to communicate with each other (in BSS mode, this channel set operation is performed automatically during 'scanning'). The manner in which stations set their channel number in OCB mode is not specified in this document. Stations STA1 and STA2 can exchange IP packets only if they are set to the same channel. At the IP layer, they then discover each other by using the IPv6 Neighbor Discovery protocol. The allocation of a particular channel for a particular use is defined statically in standards authored by ETSI in Europe, the FCC in the United States of America, and similar organizations in South Korea, Japan, and other parts of the world. Briefly, the IEEE 802.11-OCB mode has the following properties:

• The use by each node of a 'wildcard' BSS identifier (BSSID) (i.e., each bit of the BSSID is set to 1).
• No IEEE 802.11 beacon frames are transmitted.
• No authentication is required in order to be able to communicate.
• No association is needed in order to be able to communicate.
• No encryption is provided in order to be able to communicate.
• Flag dot11OCBActivated is set to "true".

All the nodes in the radio communication range (IP-OBU and IP-RSU) receive all the messages transmitted (IP-OBU and IP-RSU) within the radio communication range. The MAC CDMA function resolves any eventual conflict(s). The message exchange diagram in illustrates a comparison between traditional 802.11 and 802.11 in OCB mode. The 'Data' messages can be IP packets such as HTTP or others. Other 802.11 management and control frames (non-IP) may be transmitted, as specified in the 802.11 standard. The names of these messages as currently specified by the 802.11 standard are listed in .

Difference between Messages Exchanged on 802.11 (Left) and 802.11-OCB (Right) STA AP STA1 STA2 | | | | |<------ Beacon -------| |<------ Data -------->| | | | | |---- Probe Req. ----->| |<------ Data -------->| |<--- Probe Res. ------| | | | | |<------ Data -------->| |---- Auth Req. ------>| | | |<--- Auth Res. -------| |<------ Data -------->| | | | | |---- Asso Req. ------>| |<------ Data -------->| |<--- Asso Res. -------| | | | | |<------ Data -------->| |<------ Data -------->| | | |<------ Data -------->| |<------ Data -------->| (i) 802.11 Infrastructure mode (ii) 802.11-OCB mode

The 802.11-OCB interface was specified in , Amendment 6: Wireless Access in Vehicular Environments, as an amendment to . Since then, this amendment has been integrated into and . In , anything qualified specifically as "OCBActivated" or "outside the context of a basic service" that is set to be "true" actually refers to OCB aspects introduced to 802.11. In order to delineate the aspects introduced by 802.11-OCB to 802.11, we refer to the earlier . The amendment is concerned with vehicular communications, where the wireless link is similar to that of Wireless LAN (using a PHY layer specified by 802.11a/b/g/n) but needs to cope with the high mobility factor inherent in scenarios of communications between moving vehicles and between vehicles and fixed infrastructure deployed along roads. While 'p' is a letter identifying the Amendment, just like 'a', 'b', 'g', and 'n' are, 'p' is concerned more with MAC modifications and is slightly concerned with PHY modifications; the others are mainly about PHY modifications. It is possible in practice to combine a 'p' MAC with an 'a' PHY by operating outside the context of a BSS with Orthogonal Frequency Division Multiplexing (OFDM) at 5.4 GHz and 5.9 GHz. The 802.11-OCB links are specified to be as compatible as possible with the behavior of 802.11a/b/g/n and future generation IEEE WLAN links. From the IP perspective, an 802.11-OCB MAC layer offers practically the same interface to IP as 802.11a/b/g/n and 802.3. A packet sent by an IP-OBU may be received by one or multiple IP-RSUs. The link-layer resolution is performed by using the IPv6 Neighbor Discovery protocol. To support this similarity statement (IPv6 is layered on top of LLC on top of 802.11-OCB in the same way that IPv6 is layered on top of LLC on top of 802.11a/b/g/n (for WLAN) or on top of LLC on top of 802.3 (for Ethernet)), it is useful to analyze the differences between the 802.11-OCB and 802.11 specifications. During this analysis, we note that whereas 802.11-OCB lists relatively complex and numerous changes to the MAC layer (and very few to the PHY layer), there are only a few characteristics that may be important for an implementation transmitting IPv6 packets on 802.11-OCB links. The most important 802.11-OCB aspect that influences the IPv6 functioning is the OCB characteristic; an additional, less direct influence is the maximum bandwidth afforded by the PHY modulation/demodulation methods and channel access specified by 802.11-OCB. The maximum bandwidth theoretically possible in 802.11-OCB is 54 Mbit/s (when using, for example, the following parameters: a 20 MHz channel; modulation of 64-QAM; a coding rate R of 3/4). With regard to IP over 802.11-OCB, in practice, a commonly observed figure is 12 Mbit/s; this bandwidth allows the operation of a wide range of protocols relying on IPv6.

• Operation outside the context of a BSS (OCB): The 802.11-OCB links (previously 802.11p) are operated without a BSS. This means that IEEE 802.11 beacon, Association Request/Response, Authentication Request/Response, and similar frames are not used. The used identifier of BSS (BSSID) always has a hexadecimal value of 0xffffffffffff (48 '1' bits, represented as MAC address ff:ff:ff:ff:ff:ff; otherwise, the 'wildcard' BSSID), as opposed to an arbitrary BSSID value set by an administrator (e.g., 'My-Home-AccessPoint'). The OCB operation -- namely, the lack of beacon-based scanning and lack of authentication -- should be taken into account when the Mobile IPv6 protocol and the protocols for IP layer security are used. The way these protocols adapt to OCB is not described in this document.
• Timing Advertisement: This is a new message defined in 802.11-OCB that does not exist in 802.11a/b/g/n. This message is used by stations to inform other stations about the value of time. It is similar to the time delivered by a Global Navigation Satellite System (GNSS) (e.g., Galileo, GPS, etc.) or by a cellular system. This message is optional for implementation.
• Frequency range: This is a characteristic of the PHY layer; it has almost no impact on the interface between MAC and IP. However, it is worth considering that the frequency range is regulated by a regional authority (ARCEP, ECC/CEPT based on ENs from ETSI, FCC, etc.); as part of the regulation process, specific applications are associated with specific frequency ranges. In the case of 802.11-OCB, the regulator associates a set of frequency ranges or slots within a band to the use of applications of vehicular communications in a band known as "5.9 GHz". The 5.9 GHz band is different from the 2.4 GHz and 5 GHz bands used by Wireless LAN. However, as with Wireless LAN, the operation of 802.11-OCB in 5.9 GHz bands does not require a license in the EU (in the US, the 5.9 GHz is a licensed band of spectrum; for the fixed infrastructure, explicit FCC authorization is required; for an on-board device, a 'licensed-by-rule' concept applies, where rule certification conformity is required). Technical conditions are different from those of the "2.4 GHz" or "5 GHz" bands. The allowed power levels and, implicitly, the maximum allowed distance between vehicles is 33 dBm for 802.11-OCB (in Europe) compared to 20 dBm for Wireless LAN 802.11a/b/g/n; this leads to a maximum distance of approximately 1 km compared to approximately 50 m. Additionally, specific conditions related to congestion avoidance, jamming avoidance, and radar detection are imposed on the use of DSRC (in the US) and on the use of frequencies for Intelligent Transportation Systems (in the EU) compared to Wireless LAN (802.11a/b/g/n).
• 'Half-rate' encoding: As the frequency range, this parameter is related to PHY and thus does not have much impact on the interface between the IP layer and the MAC layer.
• In vehicular communications using 802.11-OCB links, there are strong privacy requirements with respect to addressing. While the 802.11-OCB standard does not specify anything in particular with respect to MAC addresses, in these settings, there is a strong need for a dynamic change of these addresses (as opposed to the non-vehicular settings -- real wall protection -- where fixed MAC addresses do not currently pose privacy risks). This is further described in . A relevant function is described in and .

Changes Needed on an 802.11a Software Driver to Become an 802.11-OCB Driver The 802.11p amendment modifies both the 802.11 stack's physical and MAC layers, but all the induced modifications can be quite easily obtained by modifying an existing 802.11a ad hoc stack. The conditions for 802.11a hardware to be compliant with 802.11-OCB are as follows:

• The PHY entity shall be an OFDM system. It must support the frequency bands on which the regulator recommends the use of ITS communications -- for example, using an IEEE 802.11-OCB layer of 5875 MHz to 5925 MHz in France.
• The OFDM system must provide a "half-clocked" operation using 10 MHz channel spacings.
• The chip transmit spectrum mask must be compliant with the "Transmit spectrum mask" from the IEEE 802.11p amendment (but experimental environments do not require compliance).
• The chip should be able to transmit up to 44.8 dBm when used in the United States and up to 33 dBm in Europe; other regional conditions apply.

Changes needed on the network stack in OCB mode are as follows:

• Physical layer:
  • Orthogonal frequency-division multiple access The chip must use the Orthogonal Frequency Division Multiple Access (OFDMA) encoding mode.
  • The chip must be set to half-mode rate mode (the internal clock frequency is divided by two).
  • The chip must use dedicated channels and should allow the use of higher emission powers. This may require modifications to the local computer file that describes regulatory domains rules if used by the kernel to enforce local specific restrictions. Such modifications to the local computer file must respect the location-specific regulatory rules.
• MAC layer:
  • All management frames (beacons, join, leave, and others) emission and reception must be disabled, except for frames of subtype Action and Timing Advertisement (defined below).
  • No encryption key or method must be used.
  • Packet emission and reception must be performed as in ad hoc mode using the wildcard BSSID (ff:ff:ff:ff:ff:ff).
  • The functions related to joining a BSS (Association Request/Response) and authentication (Authentication Request/Reply, Challenge) are not called.
  • The beacon interval is always set to 0 (zero).
  • Timing Advertisement frames, defined in the amendment, should be supported. The upper layer should be able to trigger such frames emission and retrieve information contained in the received Timing Advertisements.

Protocol Layering A more theoretical and detailed view of layer stacking and interfaces between the IP layer and 802.11-OCB layers is illustrated in . The IP layer operates on top of EtherType Protocol Discrimination (EPD). This discrimination layer is described in . The interface between IPv6 and EPD is the LLC_SAP (Link Layer Control Service Access Point).

EtherType Protocol Discrimination +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IPv6 | +-+-+-+-+-+-{ }+-+-+-+-+-+-+-+ { LLC_SAP } 802.11-OCB +-+-+-+-+-+-{ }+-+-+-+-+-+-+-+ Boundary | EPD | | | | | MLME | | +-+-+-{ MAC_SAP }+-+-+-| MLME_SAP | | MAC Sublayer | | | 802.11-OCB | and ch. coord. | | SME | Services +-+-+-{ PHY_SAP }+-+-+-+-+-+-+-| | | | PLME | | | PHY Layer | PLME_SAP | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Design Considerations The networks defined by 802.11-OCB are in many ways similar to other networks of the 802.11 family. In theory, the transportation of IPv6 over 802.11-OCB could be very similar to the operation of IPv6 over other networks of the 802.11 family. However, the high mobility, strong link asymmetry, and very short connection makes the 802.11-OCB link significantly different from other 802.11 networks. Also, automotive applications have specific requirements for reliability, security, and privacy, which further add to the particularity of the 802.11-OCB link.

IEEE 802.11 Messages Transmitted in OCB Mode At the time of writing, this is the list of IEEE 802.11 messages that may be transmitted in OCB mode, i.e., when dot11OCBActivated is true in a STA:

• The STA may send management frames of subtype Action and, if the STA maintains a TSF Timer, subtype Timing Advertisement.
• The STA may send control frames except those of subtype PS-Poll, CF-End, and CF-End plus CFAck.
• The STA MUST send data frames of subtype QoS Data.

Examples of Packet Formats This section describes an example of an IPv6 packet captured over an IEEE 802.11-OCB link. By way of example, we show that there is no modification in the headers when transmitted over 802.11-OCB networks -- they are transmitted like any other 802.11 and Ethernet packets. We describe an experiment for capturing an IPv6 packet on an 802.11-OCB link. In the topology depicted in , the packet is an IPv6 Router Advertisement. This packet is emitted by a router on its 802.11-OCB interface. The packet is captured on the host using a network protocol analyzer (e.g., Wireshark). The capture is performed in two different modes: direct mode and monitor mode. The topology used during the capture is depicted below. The packet is captured on the host. The host is an IP-OBU containing an 802.11 interface in Peripheral Component Interconnect (PCI) Express format (an Industrial Technology Research Institute (ITRI) product). The kernel runs the ath5k software driver with modifications for OCB mode. The capture tool is Wireshark. The file format for saving and analyzing is .pcap. The packet is generated by the router, which is an IP-RSU (an ITRI product).

Topology for Capturing IP Packets on 802.11-OCB +--------+ +-------+ | | 802.11-OCB Link | | ---| Router |--------------------------------| Host | | | | | +--------+ +-------+

During several capture operations running from a few moments to several hours, no messages relevant to the BSSID contexts were captured (Association Request/Response, Authentication Req/Resp, or beacon). This shows that the operation of 802.11-OCB is outside the context of a BSSID. Overall, the captured message is identical to a capture of an IPv6 packet emitted on an 802.11b interface. The contents are exactly the same.

Capture in Monitor Mode The IPv6 RA packet captured in monitor mode is illustrated below. The Radiotap header provides more flexibility for reporting the characteristics of frames. The Radiotap header is prepended by this particular stack and operating system on the host machine to the RA packet received from the network (the Radiotap header is not present on the air). The implementation-dependent Radiotap header is useful for piggybacking PHY information from the chip's registers as data in a packet that is understandable by userland applications using socket interfaces (the PHY interface can be, for example, power levels, data rate, or the ratio of signal to noise). The packet present on the air is formed by the IEEE 802.11 Data header, Logical Link Control header, IPv6 Base header, and ICMPv6 header.

Radiotap Header v0 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Header Revision| Header Pad | Header Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Present Flags | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data Rate | Pad | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

IEEE 802.11 Data Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type/Subtype and Frame Ctrl | Duration | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Receiver Address... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... Receiver Address | Transmitter Address... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... Transmitter Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | BSS ID... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... BSS ID | Frag Number and Seq Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Logical Link Control Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | DSAP |I| SSAP |C| Control Field | Org. Code... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... Organizational Code | Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

IPv6 Base Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Router Advertisement +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cur Hop Limit |M|O| Reserved | Router Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reachable Time | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Retrans Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+-

The value of the Data Rate field in the Radiotap header is set to 6 Mb/s. This indicates the rate at which this RA was received. The value of the Transmitter Address in the IEEE 802.11 Data header is set to a 48-bit value. The value of the destination address is 33:33:00:00:00:1 (all-nodes multicast address). The value of the BSS ID field is ff:ff:ff:ff:ff:ff, which is recognized by the network protocol analyzer as being "broadcast". The Fragment number and Sequence number fields together are set to 0x90C6. The value of the Organization Code field in the Logical Link Control header is set to 0x0, recognized as "Encapsulated Ethernet". The value of the Type field is 0x86DD (hexadecimal 86DD; otherwise, #86DD), recognized as "IPv6". A Router Advertisement is periodically sent by the router to multicast group address ff02::1. It is ICMP packet type 134. The IPv6 Neighbor Discovery's Router Advertisement message contains an 8-bit field reserved for single-bit flags, as described in . The IPv6 header contains the link-local address of the router (source) configured via the EUI-64 algorithm, and the destination address is set to ff02::1. The Ethernet Type field in the Logical Link Control header is set to 0x86dd, which indicates that the frame transports an IPv6 packet. In the IEEE 802.11 data, the destination address is 33:33:00:00:00:01, which is the corresponding multicast MAC address. The BSS ID is a broadcast address of ff:ff:ff:ff:ff:ff. Due to the short link duration between vehicles and the roadside infrastructure, there is no need in IEEE 802.11-OCB to wait for the completion of association and authentication procedures before exchanging data. IEEE 802.11-OCB enabled nodes use the wildcard BSSID (a value of all 1s) and may start communicating as soon as they arrive on the communication channel.

Capture in Normal Mode The same IPv6 Router Advertisement packet described above (monitor mode) is captured on the host in normal mode and is depicted below.

Ethernet II Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ...Destination | Source... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ...Source | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

IPv6 Base Header +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Router Advertisement +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cur Hop Limit |M|O| Reserved | Router Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reachable Time | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Retrans Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+-

One notices that the Radiotap header, the IEEE 802.11 Data header, and the Logical Link Control headers are not present. On the other hand, a new header named the Ethernet II header is present. The Destination and Source addresses in the Ethernet II header contain the same values as the Receiver Address and Transmitter Address fields present in the IEEE 802.11 Data header in the monitor mode capture. The value of the Type field in the Ethernet II header is 0x86DD (recognized as "IPv6"); this value is the same as the value of the Type field in the Logical Link Control header in the monitor mode capture. The knowledgeable experimenter will no doubt notice the similarity of this Ethernet II header with a capture in normal mode on a pure Ethernet cable interface. A frame translation is inserted on top of a pure IEEE 802.11 MAC layer in order to adapt packets before delivering the payload data to the applications. It adapts 802.11 LLC/MAC headers to Ethernet II headers. Specifically, this adaptation consists of the elimination of the Radiotap, 802.11, and LLC headers and the insertion of the Ethernet II header. In this way, IPv6 runs straight over LLC over the 802.11-OCB MAC layer; this is further confirmed by the use of the unique Type 0x86DD.

Extra Terminology The following terms are defined outside the IETF. They are used to define the main terms in the terminology section ().

DSRC (Dedicated Short Range Communication):

The US Federal Communications Commission (FCC) Dedicated Short Range Communication (DSRC) is defined in the Code of Federal Regulations (CFR) 47, Parts 90 and 95 . This Code is referenced in the definitions below. At the time of the writing of this document, the last update of this Code was dated December 6, 2019.

DSRCS (Dedicated Short-Range Communications Services):

Radio techniques are used to transfer data over short distances between roadside and mobile units, between mobile units, and between portable and mobile units to perform operations related to the improvement of traffic flow, traffic safety, and other intelligent transportation service applications in a variety of environments. DSRCS systems may also transmit status and instructional messages related to the units involved.

OBU (On-Board Unit):

An On-Board Unit is a DSRCS transceiver that is normally mounted in or on a vehicle or may be a portable unit in some instances. An OBU can be operational while a vehicle or person is either mobile or stationary. The OBUs receive and contend for time to transmit on one or more radio frequency (RF) channels. Except where specifically excluded, OBU operation is permitted wherever vehicle operation or human passage is permitted. The OBUs mounted in vehicles are licensed by rule under part 95 of and communicate with Roadside Units (RSUs) and other OBUs. Portable OBUs are also licensed by rule under part 95 of . OBU operations in the Unlicensed National Information Infrastructure (U-NII) Bands follow the rules in those bands.

RSU (Roadside Unit):

A Roadside Unit is a DSRC transceiver that is mounted along a road or pedestrian passageway. An RSU may also be mounted on a vehicle or may be hand carried, but it may only operate when the vehicle or hand-carried unit is stationary. Perhaps Furthermore, an RSU is restricted to the location where it is licensed to operate. However, portable or handheld RSUs are permitted to operate where they do not interfere with a site-licensed operation. An RSU broadcasts data to OBUs or exchanges data with OBUs in its communications zone. An RSU also provides channel assignments and operating instructions to OBUs in its communications zone when required.

Neighbor Discovery (ND) Potential Issues in Wireless Links IPv6 Neighbor Discovery (IPv6 ND) was designed for point-to-point and transit links, such as Ethernet, with the expectation of cheap and reliable support for multicast from the lower layer. indicates that the operation on shared media and on NBMA networks require additional support, e.g., for AR and DAD, which depend on multicast. An infrastructureless radio network such as OCB shares properties with both shared media and NBMA networks and then adds its own complexity, e.g., from movement and interference that allow only transient and non-transitive reachability between any set of peers. The uniqueness of an address within a scoped domain is a key pillar of IPv6 and is the basis for unicast IP communication. details the DAD method to prevent an address from being duplicated. For a link-local address, the scope is the link, whereas for a globally reachable address, the scope is much larger. The underlying assumption for DAD to operate correctly is that the node that owns an IPv6 address can reach any other node within the scope at the time it claims its address, which is done by sending a Neighbor Solicitation (NS) multicast message, and can hear any future claim for that address by another party within the scope for the duration of the address ownership. In the case of OCB, there is a potentially a need to define a scope that is compatible with DAD. The scope cannot be the set of nodes that a transmitter can reach at a particular time because that set varies all the time and does not meet the DAD requirements for a link-local address that can be used anytime and anywhere. The generic expectation of a reliable multicast is not ensured, and the operation of DAD and AR as specified by cannot be guaranteed. Moreover, multicast transmissions that rely on broadcast are not only unreliable but are also often detrimental to unicast traffic (see ). Early experience indicates that it should be possible to exchange IPv6 packets over OCB while relying on IPv6 ND alone for DAD and AR (Address Resolution) in good conditions. In the absence of a correct DAD operation, a node that relies only on IPv6 ND for AR and DAD over OCB should ensure that the addresses that it uses are unique by means other than DAD. It must be noted that deriving an IPv6 address from a globally unique MAC address has this property but may yield privacy issues. provides a more recent approach to IPv6 ND, in particular DAD. is designed to fit wireless and otherwise constrained networks whereby multicast and/or continuous access to the medium may not be guaranteed. ("Link-Local Addresses and Registration") indicates that the scope of uniqueness for a link-local address is restricted to a pair of nodes that uses it to communicate and provides a method to assert the uniqueness and resolve the link-layer address using a unicast exchange. also enables a router (acting as a 6LR) to own a prefix and act as a registrar (acting as a 6LBR) for addresses within the associated subnet. A peer host (acting as a 6LN) registers an address derived from that prefix and can use it for the lifetime of the registration. The prefix is advertised as not on-link, which means that the 6LN uses the 6LR to relay its packets within the subnet, and participation to the subnet is constrained to the time of reachability to the 6LR. Note that an RSU that provides internet connectivity MAY announce a default router preference , whereas a car that does not provide that connectivity MUST NOT do so. This operation presents similarities to that of an access point, but at Layer 3. This is why is well suited for wireless in general. Support of may be implemented on OCB. OCB nodes that support SHOULD support the 6LN operation in order to act as a host and may support the 6LR and 6LBR operations in order to act as a router and in particular to own a prefix that can be used by hosts that are compliant with for address autoconfiguration and registration.

Acknowledgements The authors would like to thank for initiating this work and for being the lead author up to draft version 43 of this document. The authors would like to thank for reviewing, proofreading, and suggesting modifications for this document. The authors would like to thank for proofreading and suggesting modifications for this document. The authors would like to thank for reviewing the suggesting modifications of this document. The authors would like to thank , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and . Their valuable comments clarified particular issues and generally helped to improve the document. , , and others wrote 802.11-OCB drivers for Linux. For the multicast discussion, the authors would like to thank , , , , , and participants to discussions in network working groups. The authors would like to thank the participants of the Birds-of-a-Feather "Intelligent Transportation Systems" meetings held at IETF in 2016. The human rights protocol considerations review was done by . The work of was supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (NRF-2018R1A4A1025632). The work of was supported by EURECOM industrial members, namely BMW Group, IABG, Monaco Telecom, Orange, SAP and Symantec. This RFC reflects the view of the IPWAVE WG and does not necessarily reflect the official policy or position of EURECOM industrial members.

Contributors and contributed to this document. contributed extensively regarding IPv6 handovers between links running outside the context of a BSS (802.11-OCB links). contributed the idea of the use of IPv6 over 802.11-OCB for the distribution of certificates. , , , and provided significant feedback on the experience of using IP messages over 802.11-OCB in initial trials. contributed extensively to the MTU discussion, offered the ETSI ITS perspective, and reviewed other parts of the document.

Authors' Addresses Moulay Ismail University of Meknes

Morocco +212670832236 n.benamar@est.umi.ac.ma

EURECOM

Sophia-Antipolis 06904 France +33493008134 Jerome.Haerri@eurecom.fr

Sangmyung University

31, Sangmyeongdae-gil, Dongnam-gu 31066 Cheonan Republic of Korea jonghyouk@smu.ac.kr

YoGoKo

1137A Avenue des Champs-Blancs CESON-SEVIGNE 35510 France thierry.ernst@yogoko.fr