]> UPC

C/Esteve Terradas, 7 Castelldefels 08860 Spain carles.gomez@upc.edu

UPC

C/Jordi Girona, 1-3 Barcelona 08034 Spain anna.calveras@upc.edu

INT CoRE Working Group The Bundle Protocol (BP) was designed to enable end-to-end communication in challenged networks. The Constrained Application Protocol (CoAP), which was designed for constrained-node networks, may be a suitable application-layer protocol for the scenarios where BP is used. This document specifies how CoAP is carried over BP.

The Delay-Tolerant Networking (DTN) architecture has been designed to enable communication in challenged networks, which are characterized by long delays, intermittent connectivity, and high error rates, among other constraints . DTN was mainly intended for deep space communication (e.g., to enable an Interplanetary Internet). However, it is also applicable to enable communication on Earth in environments exhibiting relatively similar features, such as sensor networks or temporarily disconnected areas. The Bundle Protocol (BP) is the fundamental component of DTN. BP is a message-oriented protocol that operates as a store-carry-forward overlay atop the transport-layer protocols of a number of constituent networks . The protocol data unit of BP is called a bundle. Application-layer functionality runs atop BP. The Constrained Application Protocol (CoAP) is an application-layer protocol that was specifically designed for constrained-node networks , which are typical in Internet of Things (IoT) scenarios. Such environments are often characterized by significantly constrained node and network features, including low computational capacity, limited energy availability (which often leads to the use of duty-cycled links), low bandwidth, high latency, and high loss rates. Accordingly, CoAP offers several features, which are also suitable for DTN, including lightweight operation, asynchronous message exchanges, and a significant degree of flexibility, based on RESTful principles. The present document specifies how CoAP is carried over BP.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP14 , , when, and only when, they appear in all capitals, as shown here.

The reader is expected to be familiar with the terms and concepts defined by the DTN main specifications (e.g., , , and ), and the CoAP main specifications (e.g., , , , , and ).

Figure 1 illustrates the protocol stack model for CoAP over BP. (Note: this figure is the same as Figure 1 of RFC 9171, except for the indication of CoAP's location in the protocol stack model.) In this model, CoAP entities exchange application-layer messages carried by BP over an end-to-end path composed of a number of constituent networks.

>>>>>>>>>v-+ +->>>>>>>>>>v-+ +-^---------+ | BP v | | ^ BP v | | ^ BP v | | ^ BP | +---------v-+ +-^---------v-+ +-^---------v-+ +-^---------+ | T1 v | + ^ T1/T2 v | + ^ T2/T3 v | | ^ T3 | +---------v-+ +-^---------v-+ +-^---------v + +-^---------+ | N1 v | | ^ N1/N2 v | | ^ N2/N3 v | | ^ N3 | +---------v-+ +-^---------v + +-^---------v-+ +-^---------+ | >>>>>>>>^ >>>>>>>>>>^ >>>>>>>>^ | +-----------+ +-------------+ +-------------+ +-----------+ | | | | |<---- A network ---->| |<---- A network ---->| | | | | ]]>

The CoAP base specification was produced assuming UDP as the underlying transport-layer protocol [RFC 7252]. Like UDP, BP is a message-oriented protocol. Furthermore, BP does not provide bundle retransmission. Therefore, when CoAP is used over BP, the same messaging model defined for CoAP in RFC 7252 is used, and the CoAP signaling messages defined in RFC 8323 (which are intended for use over reliable transports) MUST NOT be used. Figure 2 shows the two-sublayer structure of CoAP, when used over BP.

CoAP follows a client/server model, whereby a client may request an action on a resource on a server. Upon receipt of a request, the server sends a response, including a response code, which may also include a resource representation. Requests and responses are encapsulated in messages. CoAP defines four message types: Confirmable (CON), Non-confirmable (NON), Acknowledgment (ACK), and Reset (RST). CON messages elicit ACKs, whereas NON messages do not. For CON messages, CoAP uses stop-and-wait retransmission with exponential back-off. A RST message is sent by a CoAP endpoint that has received a message but is unable to process it. When CoAP is used over BP, a source bundle node MAY set the "request reporting of bundle delivery" flag in the bundle's status report request field of a bundle that encapsulates a CoAP CON message. Upon receipt of a bundle that carries a CoAP CON message with the "request reporting of bundle delivery" flag set, the receiver MAY opt to only send the corresponding bundle delivery status report and omit sending a bundle encapsulating a CoAP ACK message, if and only if it is not possible to transmit a piggybacked response (e.g., because the response is not ready at the moment, or because the CON message does not elicit a response). In that case, if the CoAP CON message sender receives the status report sent in response to its bundle-encapsulated CON message, it MUST assume that the status report serves as CoAP ACK for the CON message. (Note: the assumption is that the status report size is shorter than the size of a bundle encapsulating a CoAP ACK message that does not carry a payload. To be further confirmed.)

The CoAP message format for CoAP over BP (Figure 4) is the same as the CoAP message format defined in RFC 7252 (Figure 3), except for the Message ID size, which is increased to 24 bits for CoAP over BP. The reason for this change is avoiding a severe limitation on the number of messages a sender can send per time unit, considering the latency values in the environments where CoAP over BP may be used, and that, as stated in RFC 7252, "the same Message ID MUST NOT be reused (in communicating with the same endpoint) within the EXCHANGE_LIFETIME". See Appendix B for further details.

In order to transmit a CoAP message over BP, the CoAP message MUST be carried as the block-type-specific data field of the Bundle Payload Block (block type 1) of an encapsulating bundle. The lifetime field of the bundle encapsulating a CON message MUST be set to EXCHANGE_LIFETIME (see Section 6). The lifetime field of the bundle encapsulating a NON message MUST be set to NON_LIFETIME (see Section 6). In some cases, upon receipt of a CoAP message, the receiving endpoint needs to transmit a CoAP message in response to the sender. The Destination EID and Source Node ID fields of the primary bundle block of the bundle encapsulating such a CoAP message sent as a response SHALL be set as follows: Destination EID: The Destination EID SHALL be identical to the Source Node ID of the bundle encapsulating the received CoAP message that produces the response. Source Node ID: The Source Node ID SHALL be identical to the Destination EID of the bundle encapsulating the received CoAP message that produces the response. CoAP messages destined to the same endpoint MAY be aggregated and carried as the payload of a single encapsulating bundle. TO-DO: aggregation, to be discussed.

This section discusses the main CoAP parameters and times that are relevant in the environments where BP may be used. (Note that the complete set of parameters, assumptions, default values, and related times in CoAP can be found in Section 4.8 of RFC 7252.) Most of these CoAP parameters and times are relevant for CON messages. Note that, in some scenarios, the protocols operating below BP may support reliability and congestion control. In that case, using NON messages might suffice to achieve a reasonable degree of reliability. The congestion control considerations for NON message transmission would still apply, though (see Sections 4.7 and 4.8 of RFC 7252). As a congestion control measure, the maximum number of outstanding interactions between a client and a given server is limited to NSTART, which is set to a default value of 1. A greater value for NSTART can be used only when mechanisms that ensure congestion control safety are used [RFC 7252]. The main parameters related with CON messages are indicated next. ACK_TIMEOUT and ACK_RANDOM_FACTOR. These two parameters determine the duration of the initial retransmission timeout, which is set to a randomly chosen value between ACK_TIMEOUT and ACK_TIMEOUT * ACK_RANDOM_FACTOR. The default values for ACK_TIMEOUT and ACK_RANDOM_FACTOR are 2 s and 1.5, respectively. Therefore, the default initial retransmission timeout in CoAP is between 2 and 3 s. For CoAP over BP, ACK_TIMEOUT should be set to a value of at least the expected RTT, which may be of an order of magnitude several times greater than the default one (see Appendix A). ACK_RANDOM_FACTOR needs to be at least equal to or greater than 1.0. The default value of 1.5 is intended to avoid synchronization effects among different senders when RTTs are in the order of seconds. However, the greater latency in delay-tolerant environments may reduce the risk of synchronization effects therein. In such case, a lower ACK_RANDOM_FACTOR may help reduce total message delivery latency when retries are performed. MAX_RETRANSMIT. This parameter defines the maximum number of retries for a given CON message. The default value for this parameter is 4. Since there is an exponential back-off between retransmissions, and considering the delay values in environments where BP is used, it may be suitable to set this parameter to a value lower than the default one (see Appendix A). The following assumptions on the characteristics of the network and the nodes need to be considered: MAX_LATENCY is the maximum time a datagram is expected to take from the start of its transmission to the completion of its reception. In RFC 7252, this value is arbitrarily set to 100 s, which is close to the historic Maximum Segment Lifetime (MSL) of 120 s defined in the TCP specification [RFC9293]. However, such value assumes communication in non-challenged environments. Therefore, in environments where BP is used, MAX_LATENCY may need to be increased by at least 2-3 orders of magnitude. PROCESSING_DELAY is the time since a node receives a CON message until it transmits an ACK in response. In RFC 7252, this value is assumed to be of at most the default ACK_TIMEOUT value of 2 s. For the sake of limiting latency, it is assumed that the same value can be used also in environments where BP is used. A relevant CON message derived time is EXCHANGE_LIFETIME. This time indicates the maximum possible time since a CON message is sent for the first time, until ACK reception (which may potentially occur after several retries). EXCHANGE_LIFETIME includes the following components: the total time since the first transmission attempt of a CON message until the last one (called MAX_TRANSMIT_SPAN in RFC 7252), a MAX_LATENCY for the CON, PROCESSING_DELAY, and a MAX_LATENCY for the ACK. The default value for EXCHANGE_LIFETIME is 247 s. However, in challenged environments (e.g., deep space), and considering the increased values for protocol parameters and network characteristics described above, EXCHANGE_LIFETIME will be at least 2 (and perhaps a greater number of) orders of magnitude greater than the default one (see Appendix A). The main time related with NON messages is NON_LIFETIME. This is the time since a NON message is transmitted until its Message ID can be safely reused. This time is actually equal to MAX_LATENCY, therefore its default value is 100 s. However, as described earlier, in challenged environments (e.g, deep space) it may need to be increased by 2-3 orders of magnitude. Note that CoAP implementations may also need to be adapted if they have been designed to use 8-bit timers to handle CON or NON message lifetimes (e.g., to retire Message IDs) in seconds.

The CoAP Observe Option allows a server to send notifications carrying a representation of the current state of a resource to interested clients called observers [RFC7641]. The latter need to initially register at a specific server that they are interested in being notified whenever the resource state changes. Observe generally provides significant performance benefits, since, after the registration, the client does not have to send a request to receive a notification. This feature is particularly beneficial in environments where end-to-end latency is high, and energy and bandwidth resources may be constrained. As per the Observe specification, when the time between the two last notifications received by a CoAP client is greater than 128 seconds, it can be concluded that the last one received is also the latest sent by the server. The duration of 128 seconds was chosen as a number greater than the default MAX_LATENCY value of the base CoAP specification. When CoAP is used over BP, the duration of 128 seconds may be insufficient in many scenarios. In such cases, the duration needs to be chosen as a value greater than the MAX_LATENCY of the scenario (see Appendix A). When CoAP is used over BP, determining whether a notification was sent by the server later than another notification SHOULD be performed based on the creation timestamps of the corresponding bundles encapsulating the two notifications. If the creation timestamp of a bundle is not available at the application layer, the time between the reception times of the two notifications MAY be used instead. Since the duration of 128 seconds mentioned above may be insufficient in many scenarios, in such cases, the duration needs to be chosen as a value greater than the MAX_LATENCY of the scenario (see Appendix A).

CoAP supports functionality that allows carrying large payloads by means of block-wise transfers [RFC7959], [RFC9177]. BP also supports fragmentation and reassembly functionality. RFC 7959 states, in the context of fragmentation and reassembly functionality being available at several protocol stack layers, that "the fragmentation/reassembly process burdens the lower layers with conversation state that is better managed in the application layer". However, an implicit assumption in RFC 7959 is that details on the data unit sizes that can be carried over the different links of an end-to-end path are known in advance by the sender. When CoAP is used over BP, CoAP block-wise transfers MAY be used if the source knows in advance the duration and type of expected contacts (e.g., scheduled or predicted) between the BP nodes that will forward the bundles from the source bundle node to the destination bundle node. This does not preclude the use of BP fragmentation and reassembly when deemed necessary. There exist two CoAP specifications that allow to perform block-wise transfers: [RFC7959] and [RFC9177]. As per RFC 7959, a CoAP endpoint can only ask for (or send) the next block after the previous block has been transferred. Furthermore, RFC 7959 recommends the use of CON messages. Therefore, communication follows a stop-and-wait pattern, which is not suitable for environments with long delays. RFC 9177 is particularly suitable for DTN environments, as it enables block-wise transfers using NON messages. Thus, blocks can be transmitted serially without having to wait for a response or next request from the remote CoAP peer. Recovery of multiple missing blocks (which can be reported at once in a single CoAP message) is also supported.

The following new parameters are defined by RFC 9177, for use with NON messages and the Q-Block1 and Q-Block2 options: MAX_PAYLOADS, NON_TIMEOUT, NON_TIMEOUT_RANDOM, NON_RECEIVE_TIMEOUT, NON_MAX_RETRANSMIT, NON_PROBING_WAIT, and NON_PARTIAL_TIMEOUT. MAX_PAYLOADS indicates the number of consecutive blocks an endpoint can transmit without eliciting a message from the other endpoint. The default value defined for this parameter is 10, which is in line with the initial window size currently defined for TCP [RFC6928]. TO-DO: MAX_PAYLOADS for deep space? NON_TIMEOUT is the minimum time between sending two consecutive sets of MAX_PAYLOADS blocks that correspond to the same body. The actual time between sending two consecutive sets of MAX_PAYLOADS blocks is called NON_TIMEOUT_RANDOM, which is calculated as NON_TIMEOUT * ACK_RANDOM_FACTOR. In RFC 9177, NON_TIMEOUT is defined as having the same value as ACK_TIMEOUT. ACK_RANDOM_FACTOR is set to 1.5, following RFC 7252. As a result, by default, NON_TIMEOUT_RANDOM is equal to a randomly chosen value between 2 and 3 s. The NON_TIMEOUT_RANDOM inactivity interval described above is introduced to avoid causing congestion due to the transmission of MAX_PAYLOADS itself. As discussed previously, in challenged networks, ACK_TIMEOUT should be set to a value greater than default. When CoAP is used in deep space, NON_TIMEOUT, and thus NON_TIMEOUT_RANDOM, need to be adjusted considering the characteristics of the end-to-end path, independent of ACK_TIMEOUT. NON_RECEIVE_TIMEOUT is the initial time that a receiver will wait for a missing block within MAX_PAYLOADS before requesting retransmission for the first time. Every time the missing payload is re-requested, the time to wait value doubles. NON_RECEIVE_TIMEOUT has a default value of 2*NON_TIMEOUT. As described earlier, in challenged networks, NON_TIMEOUT needs to be adjusted considering the characteristics of the end-to-end path. NON_MAX_RETRANSMIT is the maximum number of times a request for the retransmission of missing payloads can occur without a response from the remote peer. By default, NON_MAX_RETRANSMIT has the same value as MAX_RETRANSMIT (Section 4.8 of [RFC7252]). Accordingly, when CoAP is used in deep space, the same considerations regarding MAX_RETRANSMIT in Section 5 apply to NON_MAX_RETRANSMIT as well. That is, when CoAP is used in space, while the default value for this parameter is 4, it may be suitable to set this parameter to a value lower than the default one.

The URI scheme for CoAP over BP is "coap" as per the recommendation of Section 6 of [draft-ietf-core-transport-indication]. The "coap" scheme is defined in Section 6 of [RFC7252]. When the endpoint ID of the target resource is based on the "dtn" scheme, the authority component of the URI is formed as the reg-name of the endpoint ID, followed by .dtn.arpa. When the endpoint ID of the target resource is based on the "ipn" scheme, the authority component of the URI is formed as the node-nbr, followed by the nbr-delim (".") and the service-nbr of the endpoint ID, followed by .ipn.arpa. User information and port are always absent with the URI scheme used in CoAP over BP. For example, under the rules of Section 6 of [RFC7252], the URI of a request for the discovery resource of a CoAP over BP entity with endpoint ID dtn://JupiterSensor would be: coap://JupiterSensor.dtn.arpa/.well-known/core Similarly, the URI of a request for the discovery resource of a CoAP over BP entity with endpoint ID ipn:81.2 would be: coap://81.2.ipn.arpa/.well-known/core TO-DO: request a Well-known Service Number for CoAP in the ipn URI Scheme Well-known Service Numbers for BPv7 registry [draft-ietf-dtn-ipn-update].

The base CoAP specification defines a binding to Datagram Transport Layer Security (DTLS) [RFC7252][RFC9147]. There are four possible DTLS security modes: NoSec, PreSharedKey, RawPublicKey, and Certificate. The NoSec and RawPublicKey modes are mandatory to implement. Subsequently, Object Security for Constrained RESTful Environments (OSCORE) was specified [RFC8613]. OSCORE is a CoAP option that allows to protect an application-layer data payload end-to-end, even in the presence of untrusted proxies in the path between two endpoints. OSCORE is used to secure CoAP group communication [draft-ietf-core-groupcomm-bis]. In OSCORE, the communicating endpoints require a shared security context. An interesting aspect of OSCORE for the environments where BP is used is that, if the materials used to establish such context are pre-shared, there is no initial handshake prior to actual communication, thus avoiding a significant latency penalty. In contrast, DTLS does require an initial handshake. For this reason, the use of DTLS to secure CoAP over BP is generally NOT RECOMMENDED, possible exceptions being environments where the latency penalty is considered acceptable. On the other hand, Bundle Protocol Security (BPSec) [RFC 9172] provides security services for BP bundles, allowing to protect (with integrity and/or confidentiality) one or more blocks of a bundle. When CoAP is carried over BP, the CoAP message will be carried as the block-type-specific data field of the Bundle Payload Block (block type 1) of an encapsulating bundle. If OSCORE is used to protect CoAP, only the CoAP message payload and some of the CoAP message header fields are protected. Currently, all CoAP message fields that are protected are provided with confidentiality and integrity protection. In order to offer protection against replay attacks, OSCORE uses by default an anti-replay window, with a window size of 32 [RFC 8613]. If a greater window size is deemed necessary (e.g., due to high latency in an intended scenario), that window size needs to be known by both sender and receiver at the moment of security context establishment. Note that BP provides additional protection against replay attacks, since a bundle includes a creation timestamp and a lifetime field. If the bundle is replayed outside of its lifetime, the bundle will be discarded and the replay attack will fail (see Section 8.2.4 of RFC 9172). TO-DO: security requirements of CoAP requests and responses over BP.

IANA is asked to create two new reserved domain names in the .arpa name space as described in [rfc6761]: the suffixes .dtn.arpa and .ipn.arpa. The expectation for application software is that no DNS resolution is attempted; instead, the prefix is processed into an endpoint ID, and any operation on that endpoint ID is pointed to the BP node(s) registered in that endpoint ID.

The Domain Reservation Considerations from Section 5 of [RFC6761] for both domain names (.dtn.arpa and .ipn.arpa) are: * Users: users are not expected to recognize those names as special. * Application Software: application software is expected to pass those names on to their CoAP over BP implementation. CoAP over BP implementations are expected to recognize those names as BP endpoint IDs and MUST NOT pass them on to DNS-based resolvers (unless the name resolution API happens to explicitly support resolution into endpoint ID, see below). * Name resolution APIs and libraries: name resolution APIs and libraries MAY indicate that .dtn.arpa and .ipn.arpa names resolve to the endpoint ID encoded inside them (but no details for this are specified in known resolution APIs or libraries). Otherwise, they SHOULD report them as NXDOMAIN. * Caching DNS Servers: caching DNS servers MAY recognize the special domains and report them as NXDOMAIN. Otherwise, they will cache the .arpa DNS servers' responses. * Authoritative DNS Servers: authoritative DNS servers MAY recognize the special domains and report them as NXDOMAIN. * DNS Server Operators: No impact on DNS server operators is expected. * DNS Registries/Registrars: Any changes to .dtn.arpa or .ipn.arpa require updates to this document and the corresponding process through IANA.

IANA is requested to assign a Well-known Service Number for CoAP in the ipn URI Scheme Well-known Service Numbers for BPv7 registry [draft-ietf-dtn-ipn-update].

TO-DO

Carles Gomez and Anna Calveras have been funded in part by the Spanish Government through project PID2019-106808RA-I00, and by Secretaria d'Universitats i Recerca del Departament d'Empresa i Coneixement de la Generalitat de Catalunya 2021 through grant SGR 00330.

S.M. Davidovich, J. Whittington

Figure 5 shows the Round-Trip Time (RTT) between two endpoints on (or close to) different celestial bodies of the Solar System, for the maximum distances between such endpoints , and in an idealized scenario where communication latency only comprises a propagation delay component. (Note that message storing until the next connectivity opportunity may significantly increase total communication latency.) The RTT also provides a lower bound on (and an approximation of) the ACK_TIMEOUT values required to avoid spurious retransmission timer expiration. Figure 6 provides approximate EXCHANGE_LIFETIME values that would stem from the use of ACK_TIMEOUT values such as those shown in Figure 5, for MAX_RETRANSMIT=1. (Note that the values provided in Figure 5 are also approximately equal to EXCHANGE_LIFETIME, for MAX_RETRANSMIT=0, under the conditions considered.) For the sake of comparison, Figure 7 also provides the hypothetical, approximate EXCHANGE_LIFETIME values that would correspond to MAX_RETRANSMIT= 1, but with a retransmission scheme using a constant RTO value for message retries. Finally, Figure 8 provides the one-way delay for communication between endpoints on (or close to) different celestial bodies of the Solar System, for the maximum distances between such endpoints, and assuming an idealized scenario where communication latency only comprises a propagation delay component. The values in this figure correspond approximately to MAX_LATENCY in the described scenarios.

With default settings [RFC 7252], and a 16-bit message ID size, CoAP supports the transmission of up to 265 messages/s between a sender and its destination endpoint. If CoAP is used in scenarios involving much greater latencies (e.g., deep space), the greater EXCHANGE_LIFETIME would significantly limit the CoAP message rate. Figure 9 provides the maximum possible message rates for message ID sizes of 16 and 24 bits, and a range of EXCHANGE_LIFETIME values.