idnits 2.17.1 draft-ietf-babel-information-model-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 310 has weird spacing: '...ets-obj rw b...' == Line 380 has weird spacing: '...address rw b...' == Line 412 has weird spacing: '...ats-obj ro b...' == Line 413 has weird spacing: '...ors-obj ro ba...' == Line 695 has weird spacing: '...eys-obj rw ...' == (1 more instance...) -- The document date (October 9, 2019) is 1633 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0-9a-fA-F' is mentioned on line 576, but not defined == Outdated reference: A later version (-20) exists of draft-ietf-babel-rfc6126bis-14 == Outdated reference: A later version (-10) exists of draft-ietf-babel-dtls-09 == Outdated reference: A later version (-12) exists of draft-ietf-babel-hmac-10 Summary: 0 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel routing protocol B. Stark 3 Internet-Draft AT&T 4 Intended status: Informational M. Jethanandani 5 Expires: April 11, 2020 VMware 6 October 9, 2019 8 Babel Information Model 9 draft-ietf-babel-information-model-10 11 Abstract 13 This Babel Information Model provides structured data elements for a 14 Babel implementation reporting its current state and may allow 15 limited configuration of some such data elements. This information 16 model can be used as a basis for creating data models under various 17 data modeling regimes. 19 Status of This Memo 21 This Internet-Draft is submitted in full conformance with the 22 provisions of BCP 78 and BCP 79. 24 Internet-Drafts are working documents of the Internet Engineering 25 Task Force (IETF). Note that other groups may also distribute 26 working documents as Internet-Drafts. The list of current Internet- 27 Drafts is at https://datatracker.ietf.org/drafts/current/. 29 Internet-Drafts are draft documents valid for a maximum of six months 30 and may be updated, replaced, or obsoleted by other documents at any 31 time. It is inappropriate to use Internet-Drafts as reference 32 material or to cite them other than as "work in progress." 34 This Internet-Draft will expire on April 11, 2020. 36 Copyright Notice 38 Copyright (c) 2019 IETF Trust and the persons identified as the 39 document authors. All rights reserved. 41 This document is subject to BCP 78 and the IETF Trust's Legal 42 Provisions Relating to IETF Documents 43 (https://trustee.ietf.org/license-info) in effect on the date of 44 publication of this document. Please review these documents 45 carefully, as they describe your rights and restrictions with respect 46 to this document. Code Components extracted from this document must 47 include Simplified BSD License text as described in Section 4.e of 48 the Trust Legal Provisions and are provided without warranty as 49 described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 58 3.1. Definition of babel-information-obj . . . . . . . . . . . 7 59 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 8 60 3.3. Definition of babel-interfaces-obj . . . . . . . . . . . 9 61 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 11 62 3.5. Definition of babel-neighbors-obj . . . . . . . . . . . . 12 63 3.6. Definition of babel-routes-obj . . . . . . . . . . . . . 14 64 3.7. Definition of babel-mac-key-sets-obj . . . . . . . . . . 15 65 3.8. Definition of babel-mac-keys-obj . . . . . . . . . . . . 16 66 3.9. Definition of babel-dtls-cert-sets-obj . . . . . . . . . 17 67 3.10. Definition of babel-dtls-certs-obj . . . . . . . . . . . 17 68 4. Extending the Information Model . . . . . . . . . . . . . . . 18 69 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 71 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 73 8.1. Normative References . . . . . . . . . . . . . . . . . . 19 74 8.2. Informative References . . . . . . . . . . . . . . . . . 20 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 77 1. Introduction 79 Babel is a loop-avoiding distance-vector routing protocol defined in 80 [I-D.ietf-babel-rfc6126bis]. [I-D.ietf-babel-hmac] defines a 81 security mechanism that allows Babel packets to be cryptographically 82 authenticated, and [I-D.ietf-babel-dtls] defines a security mechanism 83 that allows Babel packets to be encrypted. This document describes 84 an information model for Babel (including implementations using one 85 or both of these security mechanisms) that can be used to create 86 management protocol data models (such as a NETCONF [RFC6241] YANG 87 [RFC7950] data model. 89 Due to the simplicity of the Babel protocol, most of the information 90 model is focused on reporting Babel protocol operational state, and 91 very little of that is considered mandatory to implement for an 92 implementation claiming compliance with this information model. Some 93 parameters may be configurable. However, it is up to the Babel 94 implementation whether to allow any of these to be configured within 95 its implementation. Where the implementation does not allow 96 configuration of these parameters, it MAY still choose to expose them 97 as read-only. 99 The Information Model is presented using a hierarchical structure. 100 This does not preclude a data model based on this Information Model 101 from using a referential or other structure. 103 1.1. Requirements Language 105 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 106 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 107 document are to be interpreted as described in [RFC2119] and updated 108 by [RFC8174]. 110 1.2. Notation 112 This document uses a programming language-like notation to define the 113 properties of the objects of the information model. An optional 114 property is enclosed by square brackets, [ ], and a list property is 115 indicated by two numbers in angle brackets, , where m indicates 116 the minimal number of list elements, and n indicates the maximum 117 number of list elements. The symbol * for n means there are no 118 defined limits on the number of list elements. Each parameter and 119 object includes an indication of "ro" or "rw". "ro" means the 120 parameter or object is read-only. "rw" means it is read-write. For 121 an object, read-write means instances of the object can be created or 122 deleted. If an implementation is allowed to choose to implement a 123 "rw" parameter as read-only, this is noted in the parameter 124 description. 126 The object definitions use base types that are defined as follows: 128 binary A binary string (sequence of octets). 130 boolean A type representing a Boolean (true or false) value. 132 counter A non-negative integer that monotonically increases. 133 Counters may have discontinuities and they are not 134 expected to persist across restarts. 136 datetime A type representing a date and time using the Gregorian 137 calendar. The datetime format MUST conform to RFC 3339 138 [RFC3339]. 140 ip-address A type representing an IP address. This type supports 141 both IPv4 and IPv6 addresses. 143 operation A type representing a remote procedure call or other 144 action that can be used to manipulate data elements or 145 system behaviors. 147 reference A type representing a reference to another information or 148 data model element or to some other device resource. 150 string A type representing a human-readable string consisting of 151 a (possibly restricted) subset of Unicode and ISO/IEC 152 10646 [ISO.10646] characters. 154 uint A type representing an unsigned integer number. This 155 information model does not define a precision. 157 2. Overview 159 The Information Model is hierarchically structured as follows: 161 +-- babel-information 162 +-- babel-implementation-version 163 +-- babel-enable 164 +-- router-id 165 +-- self-seqno 166 +-- babel-metric-comp-algorithms 167 +-- babel-security-supported 168 +-- babel-mac-algorithms 169 +-- babel-dtls-cert-types 170 +-- babel-stats-enable 171 +-- babel-stats-reset 172 +-- babel-constants 173 | +-- babel-udp-port 174 | +-- babel-mcast-group 175 +-- babel-interfaces 176 | +-- babel-interface-reference 177 | +-- babel-interface-enable 178 | +-- babel-interface-metric-algorithm 179 | +-- babel-interface-split-horizon 180 | +-- babel-mcast-hello-seqno 181 | +-- babel-mcast-hello-interval 182 | +-- babel-update-interval 183 | +-- babel-mac-enable 184 | +-- babel-if-mac-key-sets 185 | +-- babel-mac-verify 186 | +-- babel-dtls-enable 187 | +-- babel-if-dtls-cert-sets 188 | +-- babel-dtls-cached-info 189 | +-- babel-dtls-cert-prefer 190 | +-- babel-packet-log-enable 191 | +-- babel-packet-log 192 | +-- babel-if-stats 193 | | +-- babel-sent-mcast-hello 194 | | +-- babel-sent-mcast-update 195 | | +-- babel-sent-ucast-hello 196 | | +-- babel-sent-ucast-update 197 | | +-- babel-sent-IHU 198 | | +-- babel-received-packets 199 | +-- babel-neighbors 200 | | +-- babel-neighbor-address 201 | | +-- babel-hello-mcast-history 202 | | +-- babel-hello-ucast-history 203 | | +-- babel-txcost 204 | | +-- babel-exp-mcast-hello-seqno 205 | | +-- babel-exp-ucast-hello-seqno 206 | | +-- babel-ucast-hello-seqno 207 | | +-- babel-ucast-hello-interval 208 | | +-- babel-rxcost 209 | | +-- babel-cost 210 +-- babel-routes 211 | +-- babel-route-prefix 212 | +-- babel-route-prefix-length 213 | +-- babel-route-router-id 214 | +-- babel-route-neighbor 215 | +-- babel-route-received-metric 216 | +-- babel-route-calculated-metric 217 | +-- babel-route-seqno 218 | +-- babel-route-next-hop 219 | +-- babel-route-feasible 220 | +-- babel-route-selected 221 +-- babel-mac-key-sets 222 | +-- babel-mac-default-apply 223 | +-- babel-mac-keys 224 | | +-- babel-mac-key-name 225 | | +-- babel-mac-key-use-sign 226 | | +-- babel-mac-key-use-verify 227 | | +-- babel-mac-key-value 228 | | +-- babel-mac-key-algorithm 229 | | +-- babel-mac-key-test 230 +-- babel-dtls-cert-sets 231 | +-- babel-dtls-default-apply 232 | +-- babel-dtls-certs 233 | | +-- babel-cert-name 234 | | +-- babel-cert-value 235 | | +-- babel-cert-type 236 | | +-- babel-cert-private-key 237 | | +-- babel-cert-test 239 Most parameters are read-only. Following is a descriptive list of 240 the parameters that are not required to be read-only: 242 o enable/disable Babel 244 o create/delete Babel MAC Key sets 246 o create/delete Babel DTLS Certificate sets 248 o enable/disable statistics collection 250 o Constant: UDP port 252 o Constant: IPv6 multicast group 254 o Interface: Metric algorithm 256 o Interface: Split horizon 258 o Interface: enable/disable Babel on this interface 260 o Interface: sets of MAC keys 262 o Interface: MAC algorithm 264 o Interface: verify received MAC packets 266 o Interface: set of DTLS certificates 268 o Interface: use cached info extensions 270 o Interface: preferred order of certificate types 272 o Interface: enable/disable packet log 274 o MAC-keys: create/delete entries 276 o MAC-keys: key used to sign packets 278 o MAC-keys: key used to verify packets 280 o DTLS-certs: create/delete entries 282 The following parameters are required to return no value when read: 284 o MAC key values 286 o DTLS certificate values 287 Note that this overview is intended simply to be informative and is 288 not normative. If there is any discrepancy between this overview and 289 the detailed information model definitions in subsequent sections, 290 the error is in this overview. 292 3. The Information Model 294 3.1. Definition of babel-information-obj 296 object { 297 string ro babel-implementation-version; 298 boolean rw babel-enable; 299 binary ro babel-self-router-id; 300 [uint ro babel-self-seqno;] 301 string ro babel-metric-comp-algorithms<1..*>; 302 string ro babel-security-supported<0..*>; 303 [string ro babel-mac-algorithms<1..*>;] 304 [string ro babel-dtls-cert-types<1..*>;] 305 [boolean rw babel-stats-enable;] 306 [operation babel-stats-reset;] 307 babel-constants-obj ro babel-constants; 308 babel-interfaces-obj ro babel-interfaces<0..*>; 309 babel-routes-obj ro babel-routes<0..*>; 310 [babel-mac-key-sets-obj rw babel-mac-key-sets<0..*>;] 311 [babel-dtls-cert-sets-obj rw babel-dtls-cert-sets<0..*>;] 312 } babel-information-obj; 314 babel-implementation-version: The name and version of this 315 implementation of the Babel protocol. 317 babel-enable: When written, it configures whether the protocol 318 should be enabled (true) or disabled (false). A read from the 319 running or intended datastore indicates the configured 320 administrative value of whether the protocol is enabled (true) or 321 not (false). A read from the operational datastore indicates 322 whether the protocol is actually running (true) or not (i.e., it 323 indicates the operational state of the protocol). A data model 324 that does not replicate parameters for running and operational 325 datastores can implement this as two separate parameters. An 326 implementation MAY choose to expose this parameter as read-only 327 ("ro"). 329 babel-self-router-id: The router-id used by this instance of the 330 Babel protocol to identify itself. [I-D.ietf-babel-rfc6126bis] 331 describes this as an arbitrary string of 8 octets. The router-id 332 value MUST NOT consist of all zeroes or all ones. 334 babel-self-seqno: The current sequence number included in route 335 updates for routes originated by this node. This is a 16-bit 336 unsigned integer. 338 babel-metric-comp-algorithms: List of supported cost computation 339 algorithms. Possible values include "2-out-of-3", and "ETX". "2- 340 out-of-3" is described in [I-D.ietf-babel-rfc6126bis], section 341 A.2.1. "ETX" is described in [I-D.ietf-babel-rfc6126bis], section 342 A.2.2. 344 babel-security-supported: List of supported security mechanisms. 345 Possible values include "MAC" and "DTLS". 347 babel-mac-algorithms: List of supported MAC computation algorithms. 348 Possible values include "HMAC-SHA256", "BLAKE2s". 350 babel-dtls-cert-types: List of supported DTLS certificate types. 351 Possible values include "X.509" and "RawPublicKey". 353 babel-stats-enable: Indicates whether statistics collection is 354 enabled (true) or disabled (false) on all interfaces. 356 babel-stats-reset: An operation that resets all babel-if-stats 357 parameters to zero. This operation has no input or output 358 parameters. 360 babel-constants: A babel-constants-obj object. 362 babel-interfaces: A set of babel-interface-obj objects. 364 babel-routes: A set of babel-route-obj objects. Contains the routes 365 known to this node. 367 babel-mac-key-sets: A babel-mac-key-sets-obj object. If this object 368 is implemented, it provides access to parameters related to the 369 MAC security mechanism. An implementation MAY choose to expose 370 this object as read-only ("ro"). 372 babel-dtls-cert-sets: A babel-dtls-cert-sets-obj object. If this 373 object is implemented, it provides access to parameters related to 374 the DTLS security mechanism. An implementation MAY choose to 375 expose this object as read-only ("ro"). 377 3.2. Definition of babel-constants-obj 378 object { 379 uint rw babel-udp-port; 380 [ip-address rw babel-mcast-group;] 381 } babel-constants-obj; 383 babel-udp-port: UDP port for sending and listening for Babel 384 packets. Default is 6696. An implementation MAY choose to expose 385 this parameter as read-only ("ro"). This is a 16-bit unsigned 386 integer. 388 babel-mcast-group: Multicast group for sending and listening to 389 multicast announcements on IPv6. Default is ff02::1:6. An 390 implementation MAY choose to expose this parameter as read-only 391 ("ro"). 393 3.3. Definition of babel-interfaces-obj 395 object { 396 reference ro babel-interface-reference; 397 [boolean rw babel-interface-enable;] 398 string rw babel-interface-metric-algorithm; 399 [boolean rw babel-interface-split-horizon;] 400 [uint ro babel-mcast-hello-seqno;] 401 [uint ro babel-mcast-hello-interval;] 402 [uint ro babel-update-interval;] 403 [boolean rw babel-mac-enable;] 404 [reference rw babel-if-mac-key-sets<0..*>;] 405 [boolean rw babel-mac-verify;] 406 [boolean rw babel-dtls-enable;] 407 [reference rw babel-if-dtls-cert-sets<0..*>;] 408 [boolean rw babel-dtls-cached-info;] 409 [string rw babel-dtls-cert-prefer<0..*>;] 410 [boolean rw babel-packet-log-enable;] 411 [reference ro babel-packet-log;] 412 [babel-if-stats-obj ro babel-if-stats;] 413 babel-neighbors-obj ro babel-neighbors<0..*>; 414 } babel-interfaces-obj; 416 babel-interface-reference: Reference to an interface object that can 417 be used to send and receive IPv6 packets, as defined by the data 418 model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax 419 will be specific to the data model. If there is no set of 420 interface objects available, this should be a string that 421 indicates the interface name used by the underlying operating 422 system. 424 babel-interface-enable: When written, it configures whether the 425 protocol should be enabled (true) or disabled (false) on this 426 interface. A read from the running or intended datastore 427 indicates the configured administrative value of whether the 428 protocol is enabled (true) or not (false). A read from the 429 operational datastore indicates whether the protocol is actually 430 running (true) or not (i.e., it indicates the operational state of 431 the protocol). A data model that does not replicate parameters 432 for running and operational datastores can implement this as two 433 separate parameters. An implementation MAY choose to expose this 434 parameter as read-only ("ro"). 436 babel-interface-metric-algorithm: Indicates the metric computation 437 algorithm used on this interface. The value MUST be one of those 438 listed in the babel-information-obj babel-metric-comp-algorithms 439 parameter. An implementation MAY choose to expose this parameter 440 as read-only ("ro"). 442 babel-interface-split-horizon: Indicates whether or not the split 443 horizon optimization is used when calculating metrics on this 444 interface. A value of true indicates split horizon optimization 445 is used. Split horizon optimization is described in 446 [I-D.ietf-babel-rfc6126bis], section 3.7.4. An implementation MAY 447 choose to expose this parameter as read-only ("ro"). 449 babel-mcast-hello-seqno: The current sequence number in use for 450 multicast Hellos sent on this interface. This is a 16-bit 451 unsigned integer. 453 babel-mcast-hello-interval: The current interval in use for 454 multicast Hellos sent on this interface. Units are centiseconds. 455 This is a 16-bit unsigned integer. 457 babel-update-interval: The current interval in use for all updates 458 (multicast and unicast) sent on this interface. Units are 459 centiseconds. This is a 16-bit unsigned integer. 461 babel-mac-enable: Indicates whether the MAC security mechanism is 462 enabled (true) or disabled (false). An implementation MAY choose 463 to expose this parameter as read-only ("ro"). 465 babel-if-mac-keys-sets: List of references to the babel-mac entries 466 that apply to this interface. When an interface instance is 467 created, all babel-mac-key-sets instances with babel-mac-default- 468 apply "true" will be included in this list. An implementation MAY 469 choose to expose this parameter as read-only ("ro"). 471 babel-mac-verify A Boolean flag indicating whether MAC hashes in 472 incoming Babel packets are required to be present and are 473 verified. If this parameter is "true", incoming packets are 474 required to have a valid MAC hash. An implementation MAY choose 475 to expose this parameter as read-only ("ro"). 477 babel-dtls-enable: Indicates whether the DTLS security mechanism is 478 enabled (true) or disabled (false). An implementation MAY choose 479 to expose this parameter as read-only ("ro"). 481 babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- 482 sets entries that apply to this interface. When an interface 483 instance is created, all babel-dtls-cert-sets instances with 484 babel-dtls-default-apply "true" will be included in this list. An 485 implementation MAY choose to expose this parameter as read-only 486 ("ro"). 488 babel-dtls-cached-info: Indicates whether the cached_info extension 489 is included in ClientHello and ServerHello packets. The extension 490 is included if the value is "true". An implementation MAY choose 491 to expose this parameter as read-only ("ro"). 493 babel-dtls-cert-prefer: List of supported certificate types, in 494 order of preference. The values MUST be among those listed in the 495 babel-dtls-cert-types parameter. This list is used to populate 496 the server_certificate_type extension in a Client Hello. Values 497 that are present in at least one instance in the babel-dtls-certs 498 object of a referenced babel-dtls instance and that have a non- 499 empty babel-cert-private-key will be used to populate the 500 client_certificate_type extension in a Client Hello. 502 babel-packet-log-enable: Indicates whether packet logging is enabled 503 (true) or disabled (false) on this interface. 505 babel-packet-log: A reference or url link to a file that contains a 506 timestamped log of packets received and sent on babel-udp-port on 507 this interface. The [libpcap] file format with .pcap file 508 extension SHOULD be supported for packet log files. Logging is 509 enabled / disabled by babel-packet-log-enable. 511 babel-if-stats: Statistics collection object for this interface. 513 babel-neighbors: A set of babel-neighbors-obj objects. 515 3.4. Definition of babel-if-stats-obj 516 object { 517 uint ro babel-sent-mcast-hello; 518 uint ro babel-sent-mcast-update; 519 uint ro babel-sent-ucast-hello; 520 uint ro babel-sent-ucast-update; 521 uint ro babel-sent-IHU; 522 uint ro babel-received-packets; 523 } babel-if-stats-obj; 525 babel-sent-mcast-hello: A count of the number of multicast Hello 526 packets sent on this interface. 528 babel-sent-mcast-update: A count of the number of multicast update 529 packets sent on this interface. 531 babel-sent-ucast-hello: A count of the number of unicast Hello 532 packets sent on this interface. 534 babel-sent-ucast-update: A count of the number of unicast update 535 packets sent on this interface. 537 babel-sent-IHU: A count of the number of IHU packets sent on this 538 interface. 540 babel-received-packets: A count of the number of Babel packets 541 received on this interface. 543 3.5. Definition of babel-neighbors-obj 545 object { 546 ip-address ro babel-neighbor-address; 547 [binary ro babel-hello-mcast-history;] 548 [binary ro babel-hello-ucast-history;] 549 uint ro babel-txcost; 550 uint ro babel-exp-mcast-hello-seqno; 551 uint ro babel-exp-ucast-hello-seqno; 552 [uint ro babel-ucast-hello-seqno;] 553 [uint ro babel-ucast-hello-interval;] 554 [uint ro babel-rxcost;] 555 [uint ro babel-cost;] 556 } babel-neighbors-obj; 558 babel-neighbor-address: IPv4 or IPv6 address the neighbor sends 559 packets from. 561 babel-hello-mcast-history: The multicast Hello history of whether or 562 not the multicast Hello packets prior to babel-exp-mcast-hello- 563 seqno were received. A binary sequence where the most recently 564 received Hello is expressed as a "1" placed in the left-most bit, 565 with prior bits shifted right (and "0" bits placed between prior 566 Hello bits and most recent Hello for any not-received Hellos). 567 This value should be displayed using hex digits ([0-9a-fA-F]). 568 See [I-D.ietf-babel-rfc6126bis], section A.1. 570 babel-hello-ucast-history: The unicast Hello history of whether or 571 not the unicast Hello packets prior to babel-exp-ucast-hello-seqno 572 were received. A binary sequence where the most recently received 573 Hello is expressed as a "1" placed in the left-most bit, with 574 prior bits shifted right (and "0" bits placed between prior Hello 575 bits and most recent Hello for any not-received Hellos). This 576 value should be displayed using hex digits ([0-9a-fA-F]). See 577 [I-D.ietf-babel-rfc6126bis], section A.1. 579 babel-txcost: Transmission cost value from the last IHU packet 580 received from this neighbor, or maximum value to indicate the IHU 581 hold timer for this neighbor has expired. See 582 [I-D.ietf-babel-rfc6126bis], section 3.4.2. This is a 16-bit 583 unsigned integer. 585 babel-exp-mcast-hello-seqno: Expected multicast Hello sequence 586 number of next Hello to be received from this neighbor. If 587 multicast Hello packets are not expected, or processing of 588 multicast packets is not enabled, this MUST be NULL. This is a 589 16-bit unsigned integer; if the data model uses zero (0) to 590 represent NULL values for unsigned integers, the data model MAY 591 use a different data type that allows differentiation between zero 592 (0) and NULL. 594 babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number 595 of next Hello to be received from this neighbor. If unicast Hello 596 packets are not expected, or processing of unicast packets is not 597 enabled, this MUST be NULL. This is a 16-bit unsigned integer; if 598 the data model uses zero (0) to represent NULL values for unsigned 599 integers, the data model MAY use a different data type that allows 600 differentiation between zero (0) and NULL. 602 babel-ucast-hello-seqno: The current sequence number in use for 603 unicast Hellos sent to this neighbor. If unicast Hellos are not 604 being sent, this MUST be NULL. This is a 16-bit unsigned integer; 605 if the data model uses zero (0) to represent NULL values for 606 unsigned integers, the data model MAY use a different data type 607 that allows differentiation between zero (0) and NULL. 609 babel-ucast-hello-interval: The current interval in use for unicast 610 Hellos sent to this neighbor. Units are centiseconds. This is a 611 16-bit unsigned integer. 613 babel-rxcost: Reception cost calculated for this neighbor. This 614 value is usually derived from the Hello history, which may be 615 combined with other data, such as statistics maintained by the 616 link layer. The rxcost is sent to a neighbor in each IHU. See 617 [I-D.ietf-babel-rfc6126bis], section 3.4.3. This is a 16-bit 618 unsigned integer. 620 babel-cost: The link cost, as computed from the values maintained in 621 the neighbor table: the statistics kept in the neighbor table 622 about the reception of Hellos, and the txcost computed from 623 received IHU packets. This is a 16-bit unsigned integer. 625 3.6. Definition of babel-routes-obj 627 object { 628 ip-address ro babel-route-prefix; 629 uint ro babel-route-prefix-length; 630 binary ro babel-route-router-id; 631 string ro babel-route-neighbor; 632 uint ro babel-route-received-metric; 633 uint ro babel-route-calculated-metric; 634 uint ro babel-route-seqno; 635 ip-address ro babel-route-next-hop; 636 boolean ro babel-route-feasible; 637 boolean ro babel-route-selected; 638 } babel-routes-obj; 640 babel-route-prefix: Prefix (expressed in IP address format) for 641 which this route is advertised. 643 babel-route-prefix-length: Length of the prefix for which this route 644 is advertised. 646 babel-route-router-id: The router-id of the router that originated 647 this route. 649 babel-route-neighbor: Reference to the babel-neighbors entry for the 650 neighbor that advertised this route. 652 babel-route-received-metric: The metric with which this route was 653 advertised by the neighbor, or maximum value to indicate the route 654 was recently retracted and is temporarily unreachable (see 655 Section 3.5.5 of [I-D.ietf-babel-rfc6126bis]). This metric will 656 be NULL if the route was not received from a neighbor but was 657 generated through other means. At least one of babel-route- 658 calculated-metric and babel-route-received-metric MUST be non- 659 NULL. Having both be non-NULL is expected for a route that is 660 received and subsequently advertised. This is a 16-bit unsigned 661 integer; if the data model uses zero (0) to represent NULL values 662 for unsigned integers, the data model MAY use a different data 663 type that allows differentiation between zero (0) and NULL. 665 babel-route-calculated-metric: A calculated metric for this route. 666 How the metric is calculated is implementation-specific. Maximum 667 value indicates the route was recently retracted and is 668 temporarily unreachable (see Section 3.5.5 of 669 [I-D.ietf-babel-rfc6126bis]). At least one of babel-route- 670 calculated-metric and babel-route-received-metric MUST be non- 671 NULL. Having both be non-NULL is expected for a route that is 672 received and subsequently advertised. This is a 16-bit unsigned 673 integer; if the data model uses zero (0) to represent NULL values 674 for unsigned integers, the data model MAY use a different data 675 type that allows differentiation between zero (0) and NULL. 677 babel-route-seqno: The sequence number with which this route was 678 advertised. This is a 16-bit unsigned integer. 680 babel-route-next-hop: The next-hop address of this route. This will 681 be empty if this route has no next-hop address. 683 babel-route-feasible: A Boolean flag indicating whether this route 684 is feasible, as defined in Section 3.5.1 of 685 [I-D.ietf-babel-rfc6126bis]). 687 babel-route-selected: A Boolean flag indicating whether this route 688 is selected (i.e., whether it is currently being used for 689 forwarding and is being advertised). 691 3.7. Definition of babel-mac-key-sets-obj 693 object { 694 boolean rw babel-mac-default-apply; 695 babel-mac-keys-obj rw babel-mac-keys<0..*>; 696 } babel-mac-obj; 698 babel-mac-default-apply: A Boolean flag indicating whether this 699 babel-mac instance is applied to all new babel-interface 700 instances, by default. If "true", this instance is applied to new 701 babel-interfaces instances at the time they are created, by 702 including it in the babel-interface-mac-keys list. If "false", 703 this instance is not applied to new babel-interfaces instances 704 when they are created. An implementation MAY choose to expose 705 this parameter as read-only ("ro"). 707 babel-mac-keys: A set of babel-mac-keys-obj objects. 709 3.8. Definition of babel-mac-keys-obj 711 object { 712 string rw babel-mac-key-name; 713 boolean rw babel-mac-key-use-sign; 714 boolean rw babel-mac-key-use-verify; 715 binary -- babel-mac-key-value; 716 string rw babel-mac-key-algorithm; 717 [operation babel-mac-key-test;] 718 } babel-mac-keys-obj; 720 babel-mac-key-name: A unique name for this MAC key that can be used 721 to identify the key in this object instance, since the key value 722 is not allowed to be read. This value MUST NOT be empty and can 723 only be provided when this instance is created (i.e., it is not 724 subsequently writable). The value MAY be auto-generated if not 725 explicitly supplied when the instance is created. 727 babel-key-use-sign: Indicates whether this key value is used to sign 728 sent Babel packets. Sent packets are signed using this key if the 729 value is "true". If the value is "false", this key is not used to 730 sign sent Babel packets. An implementation MAY choose to expose 731 this parameter as read-only ("ro"). 733 babel-key-use-verify: Indicates whether this key value is used to 734 verify incoming Babel packets. This key is used to verify 735 incoming packets if the value is "true". If the value is "false", 736 no MAC is computed from this key for comparing with the MAC in an 737 incoming packet. An implementation MAY choose to expose this 738 parameter as read-only ("ro"). 740 babel-key-value: The value of the MAC key. An implementation MUST 741 NOT allow this parameter to be read. This can be done by always 742 providing an empty string when read, or through permissions, or 743 other means. This value MUST be provided when this instance is 744 created, and is not subsequently writable. This value is of a 745 length suitable for the associated babel-mac-key-algorithm. If 746 the algorithm is based on the HMAC construction [RFC2104], the 747 length MUST be between 0 and the block size of the underlying hash 748 inclusive (where "HMAC-SHA256" block size is 64 bytes as described 749 in [RFC4868]). If the algorithm is "BLAKE2s", the length MUST be 750 between 0 and 32 bytes inclusive, as described in [RFC7693]. 752 babel-mac-key-algorithm The name of the MAC algorithm used with this 753 key. The value MUST be the same as one of the enumerations listed 754 in the babel-mac-algorithms parameter. An implementation MAY 755 choose to expose this parameter as read-only ("ro"). 757 babel-mac-test: An operation that allows the MAC key and hash 758 algorithm to be tested to see if they produce an expected outcome. 759 Input to this operation is a binary string. The implementation is 760 expected to create a hash of this string using the babel-mac-key- 761 value and the babel-mac-algorithm. The output of this operation 762 is the resulting hash, as a binary string. 764 3.9. Definition of babel-dtls-cert-sets-obj 766 object { 767 boolean rw babel-dtls-default-apply; 768 babel-dtls-certs-obj rw babel-dtls-certs<0..*>; 769 } babel-dtls-obj; 771 babel-dtls-default-apply: A Boolean flag indicating whether this 772 babel-dtls instance is applied to all new babel-interface 773 instances, by default. If "true", this instance is applied to new 774 babel-interfaces instances at the time they are created, by 775 including it in the babel-interface-dtls-certs list. If "false", 776 this instance is not applied to new babel-interfaces instances 777 when they are created. An implementation MAY choose to expose 778 this parameter as read-only ("ro"). 780 babel-dtls-certs: A set of babel-dtls-keys-obj objects. This 781 contains both certificates for this implementation to present for 782 authentication, and to accept from others. Certificates with a 783 non-empty babel-cert-private-key can be presented by this 784 implementation for authentication. 786 3.10. Definition of babel-dtls-certs-obj 788 object { 789 string rw babel-cert-name; 790 string rw babel-cert-value; 791 string rw babel-cert-type; 792 binary -- babel-cert-private-key; 793 [operation babel-cert-test;] 794 } babel-dtls-certs-obj; 796 babel-cert-name: A unique name for this DTLS certificate that can be 797 used to identify the certificate in this object instance, since 798 the value is too long to be useful for identification. This value 799 MUST NOT be empty and can only be provided when this instance is 800 created (i.e., it is not subsequently writable). The value MAY be 801 auto-generated if not explicitly supplied when the instance is 802 created. 804 babel-cert-value: The DTLS certificate in PEM format [RFC7468]. 805 This value MUST be provided when this instance is created, and is 806 not subsequently writable. 808 babel-cert-type: The name of the certificate type of this object 809 instance. The value MUST be the same as one of the enumerations 810 listed in the babel-dtls-cert-types parameter. This value can 811 only be provided when this instance is created, and is not 812 subsequently writable. 814 babel-cert-private-key: The value of the private key. If this is 815 non-empty, this certificate can be used by this implementation to 816 provide a certificate during DTLS handshaking. An implementation 817 MUST NOT allow this parameter to be read. This can be done by 818 always providing an empty string when read, or through 819 permissions, or other means. This value can only be provided when 820 this instance is created, and is not subsequently writable. 822 babel-cert-test: An operation that allows a hash of the provided 823 input string to be created using the certificate public key and 824 the SHA-256 hash algorithm. Input to this operation is a binary 825 string. The output of this operation is the resulting hash, as a 826 binary string. 828 4. Extending the Information Model 830 Implementations MAY extend this information model with other 831 parameters or objects. For example, an implementation MAY choose to 832 expose Babel route filtering rules by adding a route filtering object 833 with parameters appropriate to how route filtering is done in that 834 implementation. The precise means used to extend the information 835 model would be specific to the data model the implementation uses to 836 expose this information. 838 5. Security Considerations 840 This document defines a set of information model objects and 841 parameters that may be exposed to be visible from other devices, and 842 some of which may be configured. Securing access to and ensuring the 843 integrity of this data is in scope of and the responsibility of any 844 data model derived from this information model. Specifically, any 845 YANG [RFC7950] data model is expected to define security exposure of 846 the various parameters, and a [TR-181] data model will be secured by 847 the mechanisms defined for the management protocol used to transport 848 it. 850 Misconfiguration (whether unintentional or malicious) can prevent 851 reachability or cause poor network performance (increased latency, 852 jitter, etc.). The information in this model discloses network 853 topology, which can be used to mount subsequent attacks on traffic 854 traversing the network. 856 This information model defines objects that can allow credentials 857 (for this device, for trusted devices, and for trusted certificate 858 authorities) to be added and deleted. Public keys may be exposed 859 through this model. This model requires that private keys never be 860 exposed. The Babel security mechanisms that make use of these 861 credentials (e.g., [I-D.ietf-babel-dtls], [I-D.ietf-babel-hmac]) 862 identify what credentials can be used with those mechanisms. 864 MAC keys are allowed to be as short as zero-length. This is useful 865 for testing. Network operators are advised to follow current best 866 practices for key length and generation of keys related to the MAC 867 algorithm associated with the key. Short (and zero-length) keys and 868 keys that make use of only alphanumeric characters are highly 869 susceptible to brute force attacks. 871 6. IANA Considerations 873 This document has no IANA actions. 875 7. Acknowledgements 877 Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Acee 878 Lindem, and Carsten Bormann have been very helpful in refining this 879 information model. 881 The language in the Notation section was mostly taken from [RFC8193]. 883 8. References 885 8.1. Normative References 887 [I-D.ietf-babel-rfc6126bis] 888 Chroboczek, J. and D. Schinazi, "The Babel Routing 889 Protocol", draft-ietf-babel-rfc6126bis-14 (work in 890 progress), August 2019. 892 [libpcap] Wireshark, "Libpcap File Format", 2015, 893 . 896 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 897 Requirement Levels", BCP 14, RFC 2119, 898 DOI 10.17487/RFC2119, March 1997, 899 . 901 [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, 902 PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, 903 April 2015, . 905 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 906 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 907 May 2017, . 909 8.2. Informative References 911 [I-D.ietf-babel-dtls] 912 Decimo, A., Schinazi, D., and J. Chroboczek, "Babel 913 Routing Protocol over Datagram Transport Layer Security", 914 draft-ietf-babel-dtls-09 (work in progress), August 2019. 916 [I-D.ietf-babel-hmac] 917 Do, C., Kolodziejak, W., and J. Chroboczek, "MAC 918 authentication for the Babel routing protocol", draft- 919 ietf-babel-hmac-10 (work in progress), August 2019. 921 [ISO.10646] 922 International Organization for Standardization, 923 "Information Technology - Universal Multiple-Octet Coded 924 Character Set (UCS)", ISO Standard 10646:2014, 2014. 926 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 927 Hashing for Message Authentication", RFC 2104, 928 DOI 10.17487/RFC2104, February 1997, 929 . 931 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 932 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 933 . 935 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 936 384, and HMAC-SHA-512 with IPsec", RFC 4868, 937 DOI 10.17487/RFC4868, May 2007, 938 . 940 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 941 and A. Bierman, Ed., "Network Configuration Protocol 942 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 943 . 945 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 946 Cryptographic Hash and Message Authentication Code (MAC)", 947 RFC 7693, DOI 10.17487/RFC7693, November 2015, 948 . 950 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 951 RFC 7950, DOI 10.17487/RFC7950, August 2016, 952 . 954 [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. 955 Schoenwaelder, "Information Model for Large-Scale 956 Measurement Platforms (LMAPs)", RFC 8193, 957 DOI 10.17487/RFC8193, August 2017, 958 . 960 [TR-181] Broadband Forum, "Device Data Model", 961 . 963 Authors' Addresses 965 Barbara Stark 966 AT&T 967 Atlanta, GA 968 US 970 Email: barbara.stark@att.com 972 Mahesh Jethanandani 973 VMware 974 California 975 US 977 Email: mjethanandani@gmail.com