-
Notifications
You must be signed in to change notification settings - Fork 5
/
draft-ietf-lpwan-overview.xml
2461 lines (1962 loc) · 96.9 KB
/
draft-ietf-lpwan-overview.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY I-D.farrell-lpwan-lora-overview SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.farrell-lpwan-lora-overview">
<!ENTITY I-D.minaburo-lpwan-gap-analysis SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.minaburo-lpwan-gap-analysis">
<!ENTITY I-D.zuniga-lpwan-sigfox-system-description SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.zuniga-lpwan-sigfox-system-description">
<!ENTITY I-D.ratilainen-lpwan-nb-iot SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ratilainen-lpwan-nb-iot">
<!ENTITY I-D.garcia-dime-diameter-lorawan SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.garcia-dime-diameter-lorawan">
<!ENTITY I-D.garcia-radext-radius-lorawan SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.garcia-radext-radius-lorawan">
<!ENTITY I-D.hong-6lo-use-cases SYSTEM "http://xml.resource.org/public/rfc/bibxml3/reference.I-D.hong-6lo-use-cases">
]>
<!--
TODO: Add some neutral use-case where there're real details available, if I can find one.
-->
<?rfc toc="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes" ?>
<rfc category="info" ipr="trust200902" docName="draft-ietf-lpwan-overview-10">
<front>
<title abbrev="Low Power Wide Area Networking Overview">
LPWAN Overview
</title>
<author role="editor" fullname="Stephen Farrell" initials="S." surname="Farrell">
<organization>Trinity College Dublin</organization>
<address>
<postal>
<street></street>
<city>Dublin</city>
<region></region>
<code>2</code>
<country>Ireland</country>
</postal>
<phone>+353-1-896-2354</phone>
<email>stephen.farrell@cs.tcd.ie</email>
</address>
</author>
<date/>
<area>Internet Area</area>
<workgroup>lpwan</workgroup>
<keyword>Draft</keyword>
<abstract>
<t>Low Power Wide Area Networks (LPWAN) are wireless technologies
with
characteristics such as large coverage areas, low bandwidth, possibly
very small packet and
application layer data sizes and long battery life operation.
This memo is an
informational overview of the set of LPWAN technologies being
considered in the IETF and of the gaps that exist between the
needs of those technologies and the goal of running IP in LPWANs.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>This document provides background material and an overview of
the technologies being considered in the IETF's Low Power Wide-Area
Networking (LPWAN) working group. We also provide a gap analysis
between the needs of these technologies and currently available
IETF specifications.</t>
<!--
</section>
<section anchor="concerns" title="Common Concerns">
<t>[[Editors note: We may want a section like this that describes some cross-cutting
issues, e.g. duty-cycles, some of the ISM band restrictions. This isn't intended
to be a problem statement nor a set of requirements but just to describe some
issues that affect more than one of the LPWAN technologies.
Such a section might be better before or after <xref target="inputs"/>, will
see when text's added there. There
is some text for this in the current "gaps" draft.]]</t>
-->
<!--
<t>[[Maybe add text about the common/different goals, eg. NB-IoT has
"improved indoor coverage" which is different, all have "low power
consumption." If so, that'd start to look like <xref target="table-goals"/>.
It may make more sense to eliminate rows of this table that are all
"Y" entries and just say those are common goals in text or another
table.]] </t>
<texttable anchor="table-goals" title="Stated goals of LPWAN Technologies">
<ttcol align='left'>Goal</ttcol>
<ttcol align='center'>LoRa</ttcol>
<ttcol align='center'>NB-IoT</ttcol>
<ttcol align='center'>SIGFOX</ttcol>
<ttcol align='center'>WI-SUN</ttcol>
<c>Improved indoor coverage</c>
<c>-</c>
<c>Y</c>
<c>-</c>
<c>-</c>
<c>Massive number of low-throughput devices</c>
<c>Y</c>
<c>Y</c>
<c>Y</c>
<c>-</c>
<c>Low delay sensitivity</c>
<c>Y</c>
<c>Y</c>
<c>Y</c>
<c>-</c>
<c>Ultra-Low device cost</c>
<c>Y</c>
<c>Y</c>
<c>Y</c>
<c>-</c>
<c>Low device power consumption</c>
<c>Y</c>
<c>Y</c>
<c>Y</c>
<c>-</c>
</texttable>
-->
<t>Most technologies in this space aim for similar goals of supporting
large numbers of very low-cost, low-throughput devices with
very-low power consumption, so that even battery-powered devices can be
deployed for years. LPWAN devices also tend to be constrained in their
use of bandwidth, for example with limited frequencies being allowed to
be used within limited duty-cycles (usually expressed as a percentage
of time per-hour that the device is allowed to transmit.)
And as the name implies, coverage of large areas is also a
common goal. So, by and large, the different technologies aim for deployment
in very similar circumstances.</t>
<!--
There are some differences however, e.g.,
the Narrowband IoT specifications <xref target="nbiot"/> also aim for
increased indoor coverage.
-->
<t>What mainly distinguishes LPWANs from other constrained networks
is that in LPWANs the balancing act related to power consumption/battery life, cost and
bandwidth tends to prioritise doing better with respect to power and cost and we
are more willing to live with extremely low bandwidth and
constrained duty-cycles when making the various trade-offs required, in
order to get the multiple-kilometre radio links implied by the "wide
area" aspect of the LPWAN term.</t>
<t> Existing pilot deployments have shown huge potential and created much
industrial interest in these technologies. As of today,
essentially no LPWAN end-devices (other than for Wi-SUN) have IP capabilities.
Connecting LPWANs to the Internet would provide significant benefits to these
networks in terms of interoperability, application deployment, and management,
among others. The goal of the IETF LPWAN working group is to, where necessary, adapt
IETF-defined protocols,
addressing schemes and naming to this particular constrained environment.
</t>
<t>This document is largely the work of the
people listed in <xref target="contribs"/>. </t>
<!-- <t>Discussion of this
document should take place on the lp-wan@ietf.org list.</t>
-->
</section>
<section anchor="inputs" title="LPWAN Technologies">
<t>This section provides an overview of the set of LPWAN technologies
that are being considered in the LPWAN working group. The text for
each was mainly contributed by proponents of each technology.</t>
<t>Note that this text is not intended to be normative in any sense, but
simply to help the reader in finding the relevant layer 2 specifications
and in understanding how those integrate with IETF-defined technologies.
Similarly, there is no attempt here to set out the pros and cons of the
relevant technologies.
</t>
<t>Note that some of the technology-specific drafts referenced
below may have been updated since publication of this document.</t>
<!--
<t>[[Ed: the goal here is 2-3 pages per technology. If
there's much more needed then we could add appendices I guess depending
on what text the WG find useful to include.]]</t>
-->
<section anchor="lora" title="LoRaWAN">
<!--
<t>Text here is largely from <xref target="I-D.farrell-lpwan-lora-overview"/>
</t>
-->
<section anchor="lora-docs" title="Provenance and Documents">
<!--
<t> LoRaWAN is a wireless technology for long-range low-power
low-data-rate applications developed by the LoRa Alliance, a membership
consortium. <eref target="https://www.lora-alliance.org/"/> This draft is
based on version 1.0.2 <xref target="LoRaSpec"/> of the LoRa specification.
Version 1.0, which has also seen some deployment, is available at
<xref target="LoRaSpec1.0"/>.</t>
-->
<t>LoRaWAN is an ISM-based wireless technology for long-range low-power
low-data-rate applications developed by the LoRa Alliance, a membership
consortium. <eref target="https://www.lora-alliance.org/"/> This draft is
based on version 1.0.2 <xref target="LoRaSpec"/> of the LoRa specification.
That specification is publicly available and has already seen several
deployments across the globe.</t>
</section>
<section anchor="lora-chars" title="Characteristics">
<t>
LoRaWAN aims to support end-devices operating on a single battery for an
extended period of time (e.g., 10 years or more), extended coverage through
155 dB maximum coupling loss, and reliable and efficient file download (as
needed for remote software/firmware upgrade).
</t>
<t> LoRaWAN networks are typically organized in a star-of-stars topology in
which gateways relay messages between end-devices and a central "network
server" in the backend. Gateways are connected to the network server via IP
links while end-devices use single-hop LoRaWAN communication that can be
received at one or more gateways. Communication is generally
bi-directional; uplink communication from end-devices to the network
server is favored in terms of overall bandwidth availability. </t>
<t><xref target="lora-arch"/> shows the entities involved in a
LoRaWAN network. </t>
<figure anchor="lora-arch" title="LoRaWAN architecture" >
<artwork><![CDATA[
+----------+
|End-device| * * *
+----------+ * +---------+
* | Gateway +---+
+----------+ * +---------+ | +---------+
|End-device| * * * +---+ Network +--- Application
+----------+ * | | Server |
* +---------+ | +---------+
+----------+ * | Gateway +---+
|End-device| * * * * +---------+
+----------+
Key: * LoRaWAN Radio
+---+ IP connectivity
]]></artwork>
</figure>
<t><list style="symbols">
<t>End-device: a LoRa client device, sometimes called a mote. Communicates with gateways.</t>
<t>Gateway: a radio on the infrastructure-side, sometimes called a concentrator or base-station.
Communicates with end-devices and, via IP, with a network server. </t>
<t>Network Server: The Network Server (NS) terminates the LoRaWAN MAC layer
for the end-devices connected to the network. It is the center of the star
topology.
</t>
<t>Join Server: The Join Server (JS) is a server on the Internet
side of an NS that processes join requests from an end-devices.</t>
<t>Uplink message: refers to communications from an end-device to a network
server or application via one or more gateways. </t>
<t>Downlink message: refers to communications from a network server or
application via one gateway to a single end-device or a group of end-devices
(considering multicasting). </t>
<t>Application: refers to application layer code both on the end-device
and running "behind" the network server. For LoRaWAN, there will generally
only be one application running on most end-devices. Interfaces between
the network server and application are not further described here.</t>
<!--
this isn't really useful here
<t>
Classes A, B and C define different device capabilities and modes
of operation for end-devices. End-devices can transmit uplink
messages at any time in any mode of operation (so long as e.g., ISM band
restrictions are honoured). An end-device in Class
A can only receive downlink messages at predetermined timeslots after
each uplink message transmission. Class B allows the end-device to
receive downlink messages at periodically scheduled timeslots. Class C
allows receipt of downlink messages at anytime. Class selection is
based on the end-devices' application use case and its power supply.
(While Classes B and C are not further described here, readers may have seen
those terms elsewhere so we include them for clarity.)
</t>
-->
</list></t>
<t>In LoRaWAN networks, end-device transmissions may be received at multiple
gateways, so during nominal operation a network server may see multiple
instances of the same uplink message from an end-device.</t>
<t>
The LoRaWAN network infrastructure manages the data rate and RF output power
for each end-device individually by means of an adaptive data rate (ADR)
scheme. End-devices may transmit on any channel allowed by local regulation at
any time. </t>
<t>LoRaWAN radios make use of industrial, scientific and medical (ISM)
bands, for example, 433MHz and 868MHz within the European Union and 915MHz in
the Americas.</t>
<t>The end-device changes channel in a pseudo-random fashion for every
transmission to help make the system more robust to interference and/or to
conform to local regulations.</t>
<!--
<t>As with other LPWAN radio technologies, LoRaWAN end-devices respect the
frequency, power and maximum transmit duty cycle requirements for the sub-band
imposed by local regulators. In most cases, this means an end-device is only
transmitting for 1% of the time, as specified by ISM band regulations. And in
some cases the LoRaWAN specification calls for end-devices to transmit less
often than is called for by the ISM band regulations in order to avoid
congestion. </t>
-->
<t>
<xref target="lora-trans"/> below shows that after a transmission slot a Class A device
turns on its receiver for two short receive windows that are offset from
the end of the transmission window.
<!--
The frequencies and data rate chosen
for the first of these receive windows depends on those used for the transmit window.
The frequency and data-rate for the second receive window are configurable.
If a downlink message preamble is detected during a receive window, then
the end-device keeps the radio on in order to receive the frame.
</t>
<t>
-->
End-devices can only transmit a subsequent uplink frame after the end
of the associated receive windows. When a device joins a LoRaWAN
network, there are similar timeouts on parts of that process.
</t>
<figure anchor="lora-trans" title="LoRaWAN Class A transmission and reception window">
<artwork>
|----------------------------| |--------| |--------|
| Tx | | Rx | | Rx |
|----------------------------| |--------| |--------|
|---------|
Rx delay 1
|------------------------|
Rx delay 2
</artwork>
</figure>
<t>Given the different regional requirements the detailed specification for the
LoRaWAN physical layer (taking up more than 30 pages of
the specification) is not reproduced here. Instead
and mainly to illustrate the kinds of issue encountered, in
<xref target="lora-ism868"/> we present some of the default settings for one
ISM band (without fully explaining those here) and in <xref target="lora-minmax"/>
we describe maxima and
minima for some parameters of interest to those defining ways to use IETF
protocols over the LoRaWAN MAC layer.</t>
<texttable anchor="lora-ism868" title="Default settings for EU 868MHz band">
<ttcol align='center'>Parameters</ttcol>
<ttcol align='center'>Default Value</ttcol>
<c> Rx delay 1 </c>
<c> 1 s </c>
<c> Rx delay 2 </c>
<c> 2 s (must be RECEIVE_DELAY1 + 1s) </c>
<c> join delay 1 </c>
<c> 5 s </c>
<c> join delay 2 </c>
<c> 6 s </c>
<c>868MHz Default channels</c>
<c>3 (868.1,868.2,868.3),
data rate: 0.3-50kbps</c>
</texttable>
<texttable anchor="lora-minmax" title="Minima and Maxima for various LoRaWAN Parameters">
<ttcol align='left'>Parameter/Notes</ttcol>
<ttcol align='center'>Min</ttcol>
<ttcol align='center'>Max</ttcol>
<c>Duty Cycle: some but not all ISM bands impose a limit in terms of how often an
end-device can transmit. In some cases LoRaWAN is more restrictive in an attempt to
avoid congestion.</c>
<c>1%</c>
<c>no-limit</c>
<c>EU 868MHz band data rate/frame-size</c>
<c>250 bits/s : 59 octets</c>
<c>50000 bits/s : 250 octets</c>
<c>US 915MHz band data rate/frame-size</c>
<c>980 bits/s : 19 octets </c>
<c>21900 bits/s : 250 octets </c>
</texttable>
<t>Note that in the case of the smallest frame size (19 octets),
8 octets are required for LoRa MAC layer headers leaving only
11 octets for payload (including MAC layer options). However, those
settings do not apply for the join procedure - end-devices are
required to use a channel and data rate that can send the 23-byte Join-request
message for the join procedure.</t>
<t>Uplink and downlink higher layer data is carried in a MACPayload. There
is a concept of "ports" (an optional 8-bit value) to handle different
applications on an end-device. Port zero is reserved for LoRaWAN specific
messaging, such as the configuration of the end device's network parameters
(available channels, data rates, ADR parameters, RX1/2 delay, etc.).</t>
<!--
<t>The header also distinguishes the uplink/downlink
directions and whether or not an acknowledgement ("confirmation") is required
from the peer.</t>
<t>All payloads are encrypted
and ciphertexts are protected with a cryptographic
Message Integrity Check (MIC)
- see <xref target="sec-cons"/> for details.</t>
-->
<t>In addition to carrying higher layer PDUs
there are Join-Request and Join-Response (aka Join-Accept) messages for handling
network access. And so-called "MAC commands" (see below) up to 15 bytes long can be
piggybacked in an options field ("FOpts").</t>
<!--
<t>LoRaWAN end-devices can choose various different data rates from a menu
of available rates (dependent on the frequencies in use). It is however,
recommended that end-devices set the Adaptive Data Rate ("ADR") bit
in the MAC layer which is a signal that the network should control the
data rate (via MAC commands to the end-device).
The network can also assert the ADR bit and control data rates at it's
discretion.
The goal is to ensure
minimal on-time for radios whilst increasing throughput and reliability when possible.
Other things being equal, the effect should be that end-devices closer to a
gateway can successfully use higher data rates, whereas end-devices
further from all gateways still receive connectivity though at a lower
data rate.
</t>
<t>Data rate changes can be validated via a scheme of acks from
the network with a fall-back to lower rates in the event that
downlink acks go missing.</t>
<t>There are 16 (or 32) bit frame counters maintained in each direction
that are incremented on each transmission (but not re-transmissions)
that are not re-used for a given key. When the device supports a 32 bit counter, then
only the least significant 16 bits are sent in the MAC header, but
all 32 bits are used in cryptographic operations. (If an end-device
only supports a 16 bit counter internally, then the topmost 16 bits
are set to zero.)</t>
-->
<t>There are a number of MAC commands for
link and device status checking, ADR and duty-cycle negotiation,
managing the RX windows and radio channel settings. For example,
the link check response message allows the network server (in
response to a request from an end-device) to
inform an end-device about the signal attenuation seen most
recently at a gateway, and to also tell the end-device how
many gateways received the corresponding link request MAC
command.</t>
<t>Some MAC commands are initiated by the network server.
For example, one command allows the network server
to ask an end-device to reduce its duty-cycle to only
use a proportion of the maximum allowed in a region.
Another allows the network server to query the
end-device's power status with the response from
the end-device specifying whether it has an external power
source or is battery powered (in which case a relative
battery level is also sent to the network server).</t>
<!--
<t>The network server can also inform an end-device
about channel assignments (mid-point frequencies and data
rates). Of course, these must also remain within the
bands assigned by local regulation.</t>
-->
<!--
<t>A LoRaWAN network has a network identifier ("NwkID"), currently a
seven-bit value. A private network (common for LoRaWAN) can use the value
zero or one. If a network wishes to support "foreign" end-devices then the NwkID needs
to be registered with the LoRA Alliance, in which case the NwkID is the seven
least significant bits of a registered 24-bit NetID. (Note however, that the
methods for "roaming" are defined in the upcoming LoRaWAN 1.1
specification.)</t>
<t>In order to operate nominally on a LoRaWAN network, a device needs a
32-bit device address, which is the concatenation of the NwkID and a
25-bit device-specific network address that is assigned when the
device "joins" the network (see below for the join procedure) or
that is pre-provisioned into the device.</t>
-->
<t>
In order to operate nominally on a LoRaWAN network, a device needs a
32-bit device address, that is assigned when the
device "joins" the network (see below for the join procedure) or that
is pre-provisioned into the device. In case of roaming devices, the device address
is assigned based on the 24-bit network identifier (NetID) that is allocated to the network
by the LoRa Alliance. Non-roaming devices can be assigned device addresses
by the network without relying on a LoRa Alliance-assigned NetID.
</t>
<t>End-devices are assumed to work with one or a quite limited
number of applications,
identified by a 64-bit AppEUI, which is assumed
to be a registered IEEE EUI64 value.
In addition, a device needs to have two symmetric session
keys, one for protecting network artifacts (port=0), the NwkSKey,
and another for protecting application layer traffic, the
AppSKey. Both keys are used for 128-bit AES cryptographic
operations.
So, one option is for an end-device to have all of the above,
plus channel information,
somehow (pre-)provisioned, in which case the end-device can
simply start transmitting. This is achievable in many cases via
out-of-band means given the nature of LoRaWAN networks.
<xref target="table-nominal"/> summarizes these values.
</t>
<texttable anchor="table-nominal" title="Values required for nominal operation">
<ttcol align='left'>Value</ttcol>
<ttcol align='left'>Description</ttcol>
<c>DevAddr</c> <c>DevAddr (32-bits) = device-specific network address generated from the NetID</c>
<c>AppEUI </c> <c> IEEE EUI64 corresponding to the join server for an application</c>
<c>NwkSKey </c> <c> 128-bit network session key used with AES-CMAC</c>
<c>AppSKey </c> <c> 128-bit application session key used with AES-CTR</c>
<c>AppKey </c> <c> 128-bit application session key used with AES-ECB</c>
</texttable>
<t>As an alternative, end-devices can use the LoRaWAN
join procedure with a join server behind the NS in order to setup some
of these values and dynamically gain access to the network.
To use the join procedure, an end-device must still
know the AppEUI, and
in addition,
a different (long-term) symmetric key that
is bound to the AppEUI - this is the application key (AppKey),
and is distinct from the application session key (AppSKey). The
AppKey is required to be specific to the device, that is,
each end-device should have a different AppKey value. And
finally, the end-device also needs a long-term identifier for
itself, syntactically also an EUI-64, and known as the
device EUI or DevEUI. <xref target="table-join"/> summarizes
these values.</t>
<texttable anchor="table-join" title="Values required for join procedure">
<ttcol align='left'>Value</ttcol>
<ttcol align='left'>Description</ttcol>
<c>DevEUI </c> <c> IEEE EUI64 naming the device</c>
<c>AppEUI </c> <c> IEEE EUI64 naming the application</c>
<c>AppKey </c> <c> 128-bit long term application key for use with AES</c>
</texttable>
<t>The join procedure involves a special exchange where
the end-device asserts the AppEUI and DevEUI (integrity
protected with the long-term AppKey, but not encrypted) in a Join-request
uplink message. This
is then routed to the network server which interacts with
an entity that knows that AppKey to verify the Join-request.
All going well, a Join-accept downlink message is returned
from the network server to the end-device that specifies the 24-bit NetID, 32-bit
DevAddr
and channel information and from which the AppSKey and
NwkSKey can be derived based on knowledge of the AppKey.
This provides the end-device with all the values listed
in <xref target="table-nominal"/>.</t>
<!--
<t>There is some special handling related to which channels
to use and for multiple transmissions for the join-request which
is intended to ensure a successful join in as many cases as
possible. Join-request and Join-accept messages also include
some random values (nonces) to both provide some replay
protection and to help ensure the session keys are unique
per run of the join procedure. If a Join-request fails validation, then no Join-accept
message (indeed no message at all) is returned to the end-device.
For example, if an end-device is factory-reset then it should end up in a
state in which it can re-do the join procedure. </t>
<t>In this section we describe the use of cryptography in LoRaWAN.
This section is not intended as a
full specification but to be sufficient so
that future IETF specifications can encompass the required
security considerations. The emphasis is on describing the
externally visible characteristics of LoRaWAN.</t>
-->
<t>All payloads are encrypted and have data integrity.
MAC commands, when sent as a payload (port zero), are therefore
protected. MAC commands piggy-backed as frame options ("FOpts") are
however sent in clear.
Any MAC commands sent as frame options and not
only as payload, are visible to a passive
attacker but are not malleable for an active attacker
due to the use of the Message Integrity Check (MIC)
described below.</t>
<t>For LoRaWAN version 1.0.x, the NWkSkey session key is used
to provide data integrity between the end-device and the network
server. The AppSKey is used to provide data confidentiality between
the end-device and network server, or to the application "behind"
the network server, depending on the implementation of the
network. </t>
<t>All MAC layer messages have an outer 32-bit MIC
calculated using AES-CMAC calculated over the ciphertext payload and other
headers and using the NwkSkey. Payloads are encrypted using AES-128, with a
counter-mode derived from IEEE 802.15.4 using the AppSKey. Gateways are not
expected to be provided with the AppSKey or NwkSKey, all of the
infrastructure-side cryptography happens in (or "behind") the network server.
When session keys are derived from the AppKey as a result of the join procedure
the Join-accept message payload is specially handled.</t>
<t>The long-term AppKey is directly used to protect the Join-accept message
content, but the function used is not an AES-encrypt operation, but rather an
AES-decrypt operation. The justification is that this means that the end-device
only needs to implement the AES-encrypt operation. (The counter mode variant
used for payload decryption means the end-device doesn't need an AES-decrypt
primitive.)</t>
<t>The Join-accept plaintext is always less than 16 bytes long, so
electronic code book (ECB) mode is used for protecting Join-accept
messages. The Join-accept contains an AppNonce (a
24 bit value) that is recovered on the end-device along
with the other Join-accept content (e.g. DevAddr) using
the AES-encrypt operation.
Once the Join-accept payload is available to
the end-device the session keys are derived from the
AppKey, AppNonce and other values, again using an
ECB mode AES-encrypt operation, with
the plaintext input being a maximum of 16 octets.</t>
</section>
</section>
<section anchor="nbiot" title="Narrowband IoT (NB-IoT)">
<!--
<t>Text here is largely from <xref target="I-D.ratilainen-lpwan-nb-iot"/></t>
-->
<section anchor="nbiot-docs" title="Provenance and Documents">
<t>Narrowband Internet of Things (NB-IoT) is developed and standardized
by 3GPP. The standardization of NB-IoT was finalized with 3GPP Release 13 in
June 2016, and further enhancements for NB-IoT are specified in 3GPP Release
14 in 2017, for example in the form of multicast support. Further
features and improvements will be developed in the following releases, but
NB-IoT has been ready to be deployed since 2016, and is rather simple to
deploy especially in the existing LTE networks with a software upgrade in the
operator’s base stations. For more information of what has been specified for
NB-IoT, 3GPP specification 36.300 <xref target="TGPP36300"></xref> provides an
overview and overall description of the E-UTRAN radio interface protocol
architecture, while specifications 36.321 <xref target="TGPP36321"></xref>,
36.322 <xref target="TGPP36322"></xref>, 36.323 <xref
target="TGPP36323"></xref> and 36.331 <xref target="TGPP36331"></xref> give
more detailed description of MAC, Radio Link Control (RLC),
Packet Data Convergence
Protocol (PDCP) and Radio Resource Control (RRC) protocol layers,
respectively. Note that the description below assumes familiarity with
numerous 3GPP terms.</t>
<t>For a general overview of NB-IoT, see <xref target="nbiot-ov"/>.</t>
</section>
<section anchor="nbiot-chars" title="Characteristics">
<t>
Specific targets for NB-IoT include: Less than US$5 module cost, extended
coverage of 164 dB maximum coupling loss, battery life of over 10 years, ~55000
devices per cell and uplink reporting latency of less than 10 seconds.</t>
<t>NB-IoT supports Half Duplex FDD operation mode with 60 kbps peak rate in
uplink and 30 kbps peak rate in downlink, and a maximum transmission unit
(MTU) size of 1600 bytes limited by PDCP layer (see Figure 4 for the protocol
structure), which is the highest layer in the user plane, as explained later.
Any packet size up to the said MTU size can be passed to the NB-IoT stack from
higher layers, segmentation of the packet is performed in the RLC layer, which
can segment the data to transmission blocks with size as small as 16 bits. As
the name suggests, NB-IoT uses narrowbands with bandwidth of 180 kHz in
both downlink and uplink. The multiple access scheme used in the downlink is
OFDMA with 15 kHz sub-carrier spacing. In uplink, SC-FDMA single tone with
either 15kHz or 3.75 kHz tone spacing is used, or optionally multi-tone SC-
FDMA can be used with 15 kHz tone spacing. </t>
<t>NB-IoT can be deployed in three ways. In-band deployment means that the
narrowband is deployed inside the LTE band and radio resources are flexibly
shared between NB-IoT and normal LTE carrier. In Guard-band deployment the
narrowband uses the unused resource blocks between two adjacent LTE carriers.
Standalone deployment is also supported, where the narrowband can be located
alone in dedicated spectrum, which makes it possible for example to reframe a
GSM carrier at 850/900 MHz for NB-IoT. All three deployment modes are used in
licensed frequency bands. The maximum transmission power is either 20 or 23
dBm for uplink transmissions, while for downlink transmission the eNodeB may
use higher transmission power, up to 46 dBm depending on the deployment.</t>
<t>A maximum coupling loss (MCL) target for NB-IoT coverage enhancements
defined by 3GPP is 164 dB. With this MCL, the performance of NB-IoT in
downlink varies between 200 bps and 2-3 kbps, depending on the deployment
mode. Stand-alone operation may achieve the highest data rates, up to few
kbps, while in-band and guard-band operations may reach several hundreds of
bps. NB-IoT may even operate with MCL higher than 170 dB with very low bit
rates.</t>
<t>For signaling optimization, two options are introduced in addition to
legacy LTE RRC connection setup; mandatory Data-over-NAS (Control Plane
optimization, solution 2 in <xref target="TGPP23720"></xref>) and optional RRC
Suspend/Resume (User Plane optimization, solution 18 in <xref
target="TGPP23720"></xref>). In the control plane optimization the data is
sent over Non-Access Stratum, directly to/from Mobility Management Entity
(MME) (see Figure 3 for the network architecture) in the core network to the
User Equipment (UE) without interaction from the base station. This means there are no Access
Stratum security or header compression provided by the PDCP layer in the
eNodeB, as the Access Stratum is bypassed, and only limited RRC procedures.
RoHC based header compression may still optionally be provided and terminated
in MME.</t> <t>The RRC Suspend/Resume procedures reduce the signaling overhead
required for UE state transition from RRC Idle to RRC Connected mode compared
to legacy LTE operation in order to have quicker user plane transaction with
the network and return to RRC Idle mode faster.</t>
<t>In order to prolong device battery life, both power-saving mode (PSM) and
extended DRX (eDRX) are available to NB-IoT. With eDRX the RRC Connected mode
DRX cycle is up to 10.24 seconds and in RRC Idle the eDRX cycle can be up to 3
hours. In PSM the device is in a deep sleep state and only wakes up for uplink
reporting, after which there is a window, configured by the network, during
which the device receiver is open for downlink connectivity, of for periodical
“keep-alive” signaling (PSM uses periodic TAU signaling with additional
reception window for downlink reachability).</t>
<t>Since NB-IoT operates in licensed spectrum, it has no channel access
restrictions allowing up to a 100% duty-cycle.</t>
<t>3GPP access security is specified in <xref target="TGPP33203"></xref>.</t>
<figure align="center" anchor="nbiot-diag" title="3GPP network architecture">
<artwork align="left"><![CDATA[
+--+
|UE| \ +------+ +------+
+--+ \ | MME |------| HSS |
\ / +------+ +------+
+--+ \+--------+ / |
|UE| ----| eNodeB |- |
+--+ /+--------+ \ |
/ \ +--------+
/ \| | +------+ Service PDN
+--+ / | S-GW |----| P-GW |---- e.g. Internet
|UE| | | +------+
+--+ +--------+
]]></artwork>
</figure>
<t>Figure 3 shows the 3GPP network architecture, which applies to NB-IoT.
Mobility Management Entity (MME) is responsible for handling the mobility of
the UE. MME tasks include tracking and paging UEs, session management,
choosing the Serving gateway for the UE during initial attachment and
authenticating the user. At MME, the Non-Access Stratum (NAS) signaling from
the UE is terminated.</t>
<t>Serving Gateway (S-GW) routes and forwards the user data packets through
the access network and acts as a mobility anchor for UEs during handover
between base stations known as eNodeBs and also during handovers between
NB-IoT and other 3GPP technologies.</t>
<t>Packet Data Network Gateway (P-GW) works as an interface between 3GPP
network and external networks.</t>
<t>The Home Subscriber Server (HSS) contains user-related and subscription-
related information. It is a database, which performs mobility management,
session establishment support, user authentication and access
authorization.</t>
<t>E-UTRAN consists of components of a single type, eNodeB. eNodeB is a base
station, which controls the UEs in one or several cells.</t>
<t>The 3GPP radio protocol architecture is illustrated in
<xref target="nbiot-stack"></xref>.</t>
<figure align="center" anchor="nbiot-stack" title="3GPP radio protocol architecture for control plane">
<artwork align="left"><![CDATA[
+---------+ +---------+
| NAS |----|-----------------------------|----| NAS |
+---------+ | +---------+---------+ | +---------+
| RRC |----|----| RRC | S1-AP |----|----| S1-AP |
+---------+ | +---------+---------+ | +---------+
| PDCP |----|----| PDCP | SCTP |----|----| SCTP |
+---------+ | +---------+---------+ | +---------+
| RLC |----|----| RLC | IP |----|----| IP |
+---------+ | +---------+---------+ | +---------+
| MAC |----|----| MAC | L2 |----|----| L2 |
+---------+ | +---------+---------+ | +---------+
| PHY |----|----| PHY | PHY |----|----| PHY |
+---------+ +---------+---------+ +---------+
LTE-Uu S1-MME
UE eNodeB MME
]]></artwork>
</figure>
<t>Control plane protocol stack</t> <t>The radio protocol architecture of
NB-IoT (and LTE) is separated into control plane and user plane. The control plane
consists of protocols which control the radio access bearers and the
connection between the UE and the network. The highest layer of control plane
is called Non-Access Stratum (NAS), which conveys the radio signaling between
the UE and the Evolved Packet Core (EPC), passing transparently through the radio network. NAS
responsible for authentication, security control, mobility management and
bearer management.</t>
<t>Access Stratum (AS) is the functional layer below NAS, and in the control
plane it consists of Radio Resource Control protocol (RRC) <xref
target="TGPP36331"></xref>, which handles connection establishment and release
functions, broadcast of system information, radio bearer establishment,
reconfiguration and release. RRC configures the user and control planes
according to the network status. There exists two RRC states, RRC_Idle or
RRC_Connected, and RRC entity controls the switching between these states. In
RRC_Idle, the network knows that the UE is present in the network and the UE
can be reached in case of incoming call/downlink data. In this state, the UE
monitors paging, performs cell measurements and cell selection and acquires
system information. Also the UE can receive broadcast and multicast data, but
it is not expected to transmit or receive unicast data. In RRC_Connected the
UE has a connection to the eNodeB, the network knows the UE location on the
cell level and the UE may receive and transmit unicast data. An RRC connection
is established when the UE is expected to be active in the network, to
transmit or receive data. The RRC connection is released, switching back to
RRC_Idle, when there is no more traffic in order to preserve UE battery life
and radio resources. However, a new feature was introduced for NB-IoT, as
mentioned earlier, which allows data to be transmitted from the MME directly
to the UE transparently to the eNodeB, thus bypassing AS functions.</t>
<t>Packet Data Convergence Protocol's (PDCP) <xref target="TGPP36323"></xref>
main services in control plane are transfer of control plane data, ciphering
and integrity protection. </t>
<t>Radio Link Control protocol (RLC) <xref target="TGPP36322"></xref>
performs transfer of upper layer PDUs and optionally error correction with
Automatic Repeat reQuest (ARQ), concatenation, segmentation, and reassembly of
RLC SDUs, in-sequence delivery of upper layer PDUs, duplicate detection, RLC
SDU discard, RLC-re-establishment and protocol error detection and recovery.
</t>
<t>Medium Access Control protocol (MAC) <xref target="TGPP36321"></xref>
provides mapping between logical channels and transport channels, multiplexing
of MAC SDUs, scheduling information reporting, error correction with HARQ,
priority handling and transport format selection. </t>
<t>Physical layer <xref target="TGPP36201"></xref> provides data transport
services to higher layers. These include error detection and indication to
higher layers, FEC encoding, HARQ soft-combining, rate matching and mapping of
the transport channels onto physical channels, power weighting and modulation
of physical channels, frequency and time synchronization and radio
characteristics measurements.</t>
<t>User plane is responsible for
transferring the user data through the Access Stratum. It interfaces with IP
and the highest layer of user plane is PDCP, which in user plane performs
header compression using Robust Header Compression (RoHC), transfer of user
plane data between eNodeB and UE, ciphering and integrity protection. Similar
to control plane, lower layers in user plane include RLC, MAC and physical
layer performing the same tasks as in control plane.</t>
</section>
</section>
<section anchor="sigfox" title="SIGFOX">
<!--
<t>Text here is largely from <xref target="I-D.zuniga-lpwan-sigfox-system-description"/>,
which may have been updated since this was published.</t>
-->
<section anchor="sigfox-docs" title="Provenance and Documents">
<t> The SIGFOX LPWAN is in line with the terminology and specifications being
defined by ETSI <xref target="etsi_unb" />. As of today, SIGFOX's
network has been fully deployed in
12 countries, with ongoing deployments on 26 other countries, giving in total
a geography of 2 million square kilometers, containing 512 million people. </t>
</section>
<section anchor="sigfox-chars" title="Characteristics">
<t>SIGFOX LPWAN autonomous battery-operated devices send only a few bytes per
day, week or month, in principle allowing them to remain on a single battery
for up to 10-15 years. Hence, the system is designed as to allow devices to last
several years, sometimes even buried underground. </t>
<t>Since the radio protocol is connection-less and optimized for uplink communications,
the capacity of a SIGFOX base station depends on the number of messages generated by
devices, and not on the actual number of devices. Likewise, the battery life of devices
depends on the number of messages generated by the device. Depending on the use case, devices can vary from
sending less than one message per device per day, to dozens of messages per device per day.</t>
<t>The coverage of the cell depends on the link budget and on the type of
deployment (urban, rural, etc.). The radio interface is compliant with the following regulations:</t>
<t><list style="hanging">
<t>Spectrum allocation in the USA <xref target="fcc_ref" /></t>
<t>Spectrum allocation in Europe <xref target="etsi_ref" /></t>
<t>Spectrum allocation in Japan <xref target="arib_ref" /></t>
</list></t>
<t>The SIGFOX radio interface is also compliant with the local
regulations of the following countries: Australia, Brazil, Canada, Kenya,
Lebanon, Mauritius, Mexico, New Zealand, Oman, Peru, Singapore, South Africa,
South Korea, and Thailand.</t>
<t> The radio interface is based on Ultra Narrow Band (UNB) communications,
which allow an increased transmission range by spending a limited amount of
energy at the device. Moreover, UNB allows a large number of devices to coexist
in a given cell without significantly increasing the spectrum interference.
</t>
<t>Both uplink and downlink are supported, although the system is optimized
for uplink communications. Due to spectrum optimizations, different uplink and
downlink frames and time synchronization methods are needed.</t>
<t>The main radio characteristics of the UNB uplink transmission are:</t>
<t><list style="symbols">
<t>Channelization mask: 100 Hz / 600 Hz (depending on the region)</t>
<t>Uplink baud rate: 100 baud / 600 baud (depending on the region)</t>
<t>Modulation scheme: DBPSK</t>
<t>Uplink transmission power: compliant with local regulation</t>
<t>Link budget: 155 dB (or better)</t>
<t>Central frequency accuracy: not relevant, provided there is no significant
frequency drift within an uplink packet transmission</t>
</list></t>
<t>For example, in Europe the UNB uplink frequency band is limited to 868.00 to 868.60 MHz,
with a maximum output power of 25 mW and a duty cycle of 1%. </t>
<t>The format of the uplink frame is the following:</t>
<figure anchor="fig:ul_frame" title="Uplink Frame Format">
<artwork><![CDATA[
+--------+--------+--------+------------------+-------------+-----+
|Preamble| Frame | Dev ID | Payload |Msg Auth Code| FCS |
| | Sync | | | | |
+--------+--------+--------+------------------+-------------+-----+
]]>
</artwork>
</figure>