idnits 2.17.1 draft-ietf-babel-information-model-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 319 has weird spacing: '...set-obj rw b...' == Line 395 has weird spacing: '...address rw b...' == Line 426 has weird spacing: '...ats-obj ro b...' == Line 427 has weird spacing: '...bor-obj ro b...' == Line 536 has weird spacing: '... uint ro b...' == (11 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (26 January 2021) is 1184 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0-9a-fA-F' is mentioned on line 595, but not defined Summary: 0 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel routing protocol B.H. Stark 3 Internet-Draft AT&T 4 Intended status: Informational M.J. Jethanandani 5 Expires: 30 July 2021 VMware 6 26 January 2021 8 Babel Information Model 9 draft-ietf-babel-information-model-12 11 Abstract 13 This Babel Information Model provides structured data elements for a 14 Babel implementation reporting its current state and may allow 15 limited configuration of some such data elements. This information 16 model can be used as a basis for creating data models under various 17 data modeling regimes. This information model only includes 18 parameters and parameter values useful for managing Babel over IPv6. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on 30 July 2021. 37 Copyright Notice 39 Copyright (c) 2021 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 44 license-info) in effect on the date of publication of this document. 45 Please review these documents carefully, as they describe your rights 46 and restrictions with respect to this document. Code Components 47 extracted from this document must include Simplified BSD License text 48 as described in Section 4.e of the Trust Legal Provisions and are 49 provided without warranty as described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 58 3.1. Definition of babel-information-obj . . . . . . . . . . . 7 59 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 9 60 3.3. Definition of babel-interface-obj . . . . . . . . . . . . 9 61 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 12 62 3.5. Definition of babel-neighbor-obj . . . . . . . . . . . . 13 63 3.6. Definition of babel-route-obj . . . . . . . . . . . . . . 14 64 3.7. Definition of babel-mac-key-set-obj . . . . . . . . . . . 16 65 3.8. Definition of babel-mac-key-obj . . . . . . . . . . . . . 16 66 3.9. Definition of babel-dtls-cert-set-obj . . . . . . . . . . 18 67 3.10. Definition of babel-dtls-cert-obj . . . . . . . . . . . . 18 68 4. Extending the Information Model . . . . . . . . . . . . . . . 19 69 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 71 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 73 8.1. Normative References . . . . . . . . . . . . . . . . . . 20 74 8.2. Informative References . . . . . . . . . . . . . . . . . 22 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 77 1. Introduction 79 Babel is a loop-avoiding distance-vector routing protocol defined in 80 [I-D.ietf-babel-rfc6126bis]. [I-D.ietf-babel-hmac] defines a 81 security mechanism that allows Babel packets to be cryptographically 82 authenticated, and [I-D.ietf-babel-dtls] defines a security mechanism 83 that allows Babel packets to be both authenticated and encrypted. 84 This document describes an information model for Babel (including 85 implementations using one or both of these security mechanisms) that 86 can be used to create management protocol data models (such as a 87 NETCONF [RFC6241] YANG [RFC7950] data model). 89 Due to the simplicity of the Babel protocol, most of the information 90 model is focused on reporting Babel protocol operational state, and 91 very little of that is considered mandatory to implement for an 92 implementation claiming compliance with this information model. Some 93 parameters may be configurable. However, it is up to the Babel 94 implementation whether to allow any of these to be configured within 95 its implementation. Where the implementation does not allow 96 configuration of these parameters, it MAY still choose to expose them 97 as read-only. 99 The Information Model is presented using a hierarchical structure. 100 This does not preclude a data model based on this Information Model 101 from using a referential or other structure. 103 This information model only includes parameters and parameter values 104 useful for managing Babel over IPv6. This model has no parameters or 105 values specific to operating Babel over IPv4, even though 106 [I-D.ietf-babel-rfc6126bis] does define a multicast group for sending 107 and listening to multicast announcements on IPv4. There is less 108 likelihood of breakage due to inconsistent configuration and 109 increased implementation simplicity if Babel is operated always and 110 only over IPv6. Running Babel over IPv6 requires IPv6 at the link 111 layer and does not need advertised prefixes, router advertisements or 112 DHCPv6 to be present in the network. Link-local IPv6 is widely 113 supported among devices where Babel is expected to be used. Note 114 that Babel over IPv6 can be used for configuration of both IPv4 and 115 IPv6 routes. 117 1.1. Requirements Language 119 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 120 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 121 "OPTIONAL" in this document are to be interpreted as described in 122 BCP014 [RFC2119] [RFC8174] when, and only when, they appear in all 123 capitals, as shown here. 125 1.2. Notation 127 This document uses a programming language-like notation to define the 128 properties of the objects of the information model. An optional 129 property is enclosed by square brackets, [ ], and a list property is 130 indicated by two numbers in angle brackets, , where m indicates 131 the minimal number of list elements, and n indicates the maximum 132 number of list elements. The symbol * for n means there are no 133 defined limits on the number of list elements. Each parameter and 134 object includes an indication of "ro" or "rw". "ro" means the 135 parameter or object is read-only. "rw" means it is read-write. For 136 an object, read-write means instances of the object can be created or 137 deleted. If an implementation is allowed to choose to implement a 138 "rw" parameter as read-only, this is noted in the parameter 139 description. 141 The object definitions use base types that are defined as follows: 143 binary A binary string (sequence of octets). 145 boolean A type representing a Boolean (true or false) value. 147 datetime A type representing a date and time using the Gregorian 148 calendar. The datetime format MUST conform to RFC 3339 149 [RFC3339] Section 5.6. 151 ip-address A type representing an IP address. This type supports 152 both IPv4 and IPv6 addresses. 154 operation A type representing a remote procedure call or other 155 action that can be used to manipulate data elements or 156 system behaviors. 158 reference A type representing a reference to another information or 159 data model element or to some other device resource. 161 string A type representing a human-readable string consisting of 162 a (possibly restricted) subset of Unicode and ISO/IEC 163 10646 [ISO.10646] characters. 165 uint A type representing an unsigned integer number. This 166 information model does not define a precision. 168 2. Overview 170 The Information Model is hierarchically structured as follows: 172 +-- babel-information 173 +-- babel-implementation-version 174 +-- babel-enable 175 +-- router-id 176 +-- self-seqno 177 +-- babel-metric-comp-algorithms 178 +-- babel-security-supported 179 +-- babel-mac-algorithms 180 +-- babel-dtls-cert-types 181 +-- babel-stats-enable 182 +-- babel-stats-reset 183 +-- babel-constants 184 | +-- babel-udp-port 185 | +-- babel-mcast-group 186 +-- babel-interfaces 187 | +-- babel-interface-reference 188 | +-- babel-interface-enable 189 | +-- babel-interface-metric-algorithm 190 | +-- babel-interface-split-horizon 191 | +-- babel-mcast-hello-seqno 192 | +-- babel-mcast-hello-interval 193 | +-- babel-update-interval 194 | +-- babel-mac-enable 195 | +-- babel-if-mac-key-sets 196 | +-- babel-mac-verify 197 | +-- babel-dtls-enable 198 | +-- babel-if-dtls-cert-sets 199 | +-- babel-dtls-cached-info 200 | +-- babel-dtls-cert-prefer 201 | +-- babel-packet-log-enable 202 | +-- babel-packet-log 203 | +-- babel-if-stats 204 | | +-- babel-sent-mcast-hello 205 | | +-- babel-sent-mcast-update 206 | | +-- babel-sent-ucast-hello 207 | | +-- babel-sent-ucast-update 208 | | +-- babel-sent-IHU 209 | | +-- babel-received-packets 210 | +-- babel-neighbors 211 | +-- babel-neighbor-address 212 | +-- babel-hello-mcast-history 213 | +-- babel-hello-ucast-history 214 | +-- babel-txcost 215 | +-- babel-exp-mcast-hello-seqno 216 | +-- babel-exp-ucast-hello-seqno 217 | +-- babel-ucast-hello-seqno 218 | +-- babel-ucast-hello-interval 219 | +-- babel-rxcost 220 | +-- babel-cost 221 +-- babel-routes 222 | +-- babel-route-prefix 223 | +-- babel-route-prefix-length 224 | +-- babel-route-router-id 225 | +-- babel-route-neighbor 226 | +-- babel-route-received-metric 227 | +-- babel-route-calculated-metric 228 | +-- babel-route-seqno 229 | +-- babel-route-next-hop 230 | +-- babel-route-feasible 231 | +-- babel-route-selected 232 +-- babel-mac-key-sets 233 | +-- babel-mac-default-apply 234 | +-- babel-mac-keys 235 | +-- babel-mac-key-name 236 | +-- babel-mac-key-use-send 237 | +-- babel-mac-key-use-verify 238 | +-- babel-mac-key-value 239 | +-- babel-mac-key-algorithm 240 | +-- babel-mac-key-test 241 +-- babel-dtls-cert-sets 242 +-- babel-dtls-default-apply 243 +-- babel-dtls-certs 244 +-- babel-cert-name 245 +-- babel-cert-value 246 +-- babel-cert-type 247 +-- babel-cert-private-key 249 Most parameters are read-only. Following is a descriptive list of 250 the parameters that are not required to be read-only: 252 * enable/disable Babel 254 * create/delete Babel MAC Key sets 256 * create/delete Babel Certificate sets 258 * enable/disable statistics collection 260 * Constant: UDP port 262 * Constant: IPv6 multicast group 264 * Interface: enable/disable Babel on this interface 266 * Interface: Metric algorithm 268 * Interface: Split horizon 270 * Interface: sets of MAC keys 272 * Interface: verify received MAC packets 274 * Interface: set of certificates for use with DTLS 276 * Interface: use cached info extensions 278 * Interface: preferred order of certificate types 280 * Interface: enable/disable packet log 281 * MAC-keys: create/delete entries 283 * MAC-keys: key used for sent packets 285 * MAC-keys: key used to verify packets 287 * DTLS-certs: create/delete entries 289 The following parameters are required to return no value when read: 291 * MAC key values 293 * DTLS private keys 295 Note that this overview is intended simply to be informative and is 296 not normative. If there is any discrepancy between this overview and 297 the detailed information model definitions in subsequent sections, 298 the error is in this overview. 300 3. The Information Model 302 3.1. Definition of babel-information-obj 304 object { 305 string ro babel-implementation-version; 306 boolean rw babel-enable; 307 binary ro babel-self-router-id; 308 [uint ro babel-self-seqno;] 309 string ro babel-metric-comp-algorithms<1..*>; 310 string ro babel-security-supported<0..*>; 311 [string ro babel-mac-algorithms<1..*>;] 312 [string ro babel-dtls-cert-types<1..*>;] 313 [boolean rw babel-stats-enable;] 314 [operation babel-stats-reset;] 315 babel-constants-obj ro babel-constants; 316 babel-interface-obj ro babel-interfaces<0..*>; 317 babel-route-obj ro babel-routes<0..*>; 318 [babel-mac-key-set-obj rw babel-mac-key-sets<0..*>;] 319 [babel-dtls-cert-set-obj rw babel-dtls-cert-sets<0..*>;] 320 } babel-information-obj; 322 babel-implementation-version: The name and version of this 323 implementation of the Babel protocol. 325 babel-enable: When written, it configures whether the protocol 326 should be enabled (true) or disabled (false). A read from the 327 running or intended datastore indicates the configured 328 administrative value of whether the protocol is enabled (true) or 329 not (false). A read from the operational datastore indicates 330 whether the protocol is actually running (true) or not (i.e., it 331 indicates the operational state of the protocol). A data model 332 that does not replicate parameters for running and operational 333 datastores can implement this as two separate parameters. An 334 implementation MAY choose to expose this parameter as read-only 335 ("ro"). 337 babel-self-router-id: The router-id used by this instance of the 338 Babel protocol to identify itself. [I-D.ietf-babel-rfc6126bis] 339 describes this as an arbitrary string of 8 octets. The router-id 340 value MUST NOT consist of all zeroes or all ones. 342 babel-self-seqno: The current sequence number included in route 343 updates for routes originated by this node. This is a 16-bit 344 unsigned integer. 346 babel-metric-comp-algorithms: List of supported cost computation 347 algorithms. Possible values include "2-out-of-3", and "ETX". "2- 348 out-of-3" is described in [I-D.ietf-babel-rfc6126bis], section 349 A.2.1. "ETX" is described in [I-D.ietf-babel-rfc6126bis], section 350 A.2.2. 352 babel-security-supported: List of supported security mechanisms. 353 Possible values include "MAC" to indicate support of 354 [I-D.ietf-babel-hmac] and "DTLS" to indicate support of 355 [I-D.ietf-babel-dtls]. 357 babel-mac-algorithms: List of supported MAC computation algorithms. 358 Possible values include "HMAC-SHA256", "BLAKE2s-128" to indicate 359 support for algorithms indicated in [I-D.ietf-babel-hmac]. 361 babel-dtls-cert-types: List of supported DTLS certificate types. 362 Possible values include "X.509" and "RawPublicKey" to indicate 363 support for types indicated in [I-D.ietf-babel-dtls]. 365 babel-stats-enable: Indicates whether statistics collection is 366 enabled (true) or disabled (false) on all interfaces. When 367 enabled, existing statistics values are not cleared and will be 368 incremented as new packets are counted. 370 babel-stats-reset: An operation that resets all babel-if-stats 371 parameters to zero. This operation has no input or output 372 parameters. 374 babel-constants: A babel-constants-obj object. 376 babel-interfaces: A set of babel-interface-obj objects. 378 babel-routes: A set of babel-route-obj objects. Contains the routes 379 known to this node. 381 babel-mac-key-sets: A set of babel-mac-key-set-obj objects. If this 382 object is implemented, it provides access to parameters related to 383 the MAC security mechanism. An implementation MAY choose to 384 expose this object as read-only ("ro"). 386 babel-dtls-cert-sets: A set of babel-dtls-cert-set-obj objects. If 387 this object is implemented, it provides access to parameters 388 related to the DTLS security mechanism. An implementation MAY 389 choose to expose this object as read-only ("ro"). 391 3.2. Definition of babel-constants-obj 393 object { 394 uint rw babel-udp-port; 395 [ip-address rw babel-mcast-group;] 396 } babel-constants-obj; 398 babel-udp-port: UDP port for sending and listening for Babel 399 packets. Default is 6696. An implementation MAY choose to expose 400 this parameter as read-only ("ro"). This is a 16-bit unsigned 401 integer. 403 babel-mcast-group: Multicast group for sending and listening to 404 multicast announcements on IPv6. Default is ff02::1:6. An 405 implementation MAY choose to expose this parameter as read-only 406 ("ro"). 408 3.3. Definition of babel-interface-obj 409 object { 410 reference ro babel-interface-reference; 411 [boolean rw babel-interface-enable;] 412 string rw babel-interface-metric-algorithm; 413 [boolean rw babel-interface-split-horizon;] 414 [uint ro babel-mcast-hello-seqno;] 415 [uint ro babel-mcast-hello-interval;] 416 [uint ro babel-update-interval;] 417 [boolean rw babel-mac-enable;] 418 [reference rw babel-if-mac-key-sets<0..*>;] 419 [boolean rw babel-mac-verify;] 420 [boolean rw babel-dtls-enable;] 421 [reference rw babel-if-dtls-cert-sets<0..*>;] 422 [boolean rw babel-dtls-cached-info;] 423 [string rw babel-dtls-cert-prefer<0..*>;] 424 [boolean rw babel-packet-log-enable;] 425 [reference ro babel-packet-log;] 426 [babel-if-stats-obj ro babel-if-stats;] 427 babel-neighbor-obj ro babel-neighbors<0..*>; 428 } babel-interface-obj; 430 babel-interface-reference: Reference to an interface object that can 431 be used to send and receive IPv6 packets, as defined by the data 432 model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax 433 will be specific to the data model. If there is no set of 434 interface objects available, this should be a string that 435 indicates the interface name used by the underlying operating 436 system. 438 babel-interface-enable: When written, it configures whether the 439 protocol should be enabled (true) or disabled (false) on this 440 interface. A read from the running or intended datastore 441 indicates the configured administrative value of whether the 442 protocol is enabled (true) or not (false). A read from the 443 operational datastore indicates whether the protocol is actually 444 running (true) or not (i.e., it indicates the operational state of 445 the protocol). A data model that does not replicate parameters 446 for running and operational datastores can implement this as two 447 separate parameters. An implementation MAY choose to expose this 448 parameter as read-only ("ro"). 450 babel-interface-metric-algorithm: Indicates the metric computation 451 algorithm used on this interface. The value MUST be one of those 452 listed in the babel-information-obj babel-metric-comp-algorithms 453 parameter. An implementation MAY choose to expose this parameter 454 as read-only ("ro"). 456 babel-interface-split-horizon: Indicates whether or not the split 457 horizon optimization is used when calculating metrics on this 458 interface. A value of true indicates split horizon optimization 459 is used. Split horizon optimization is described in 460 [I-D.ietf-babel-rfc6126bis], section 3.7.4. An implementation MAY 461 choose to expose this parameter as read-only ("ro"). 463 babel-mcast-hello-seqno: The current sequence number in use for 464 multicast Hellos sent on this interface. This is a 16-bit 465 unsigned integer. 467 babel-mcast-hello-interval: The current interval in use for 468 multicast Hellos sent on this interface. Units are centiseconds. 469 This is a 16-bit unsigned integer. 471 babel-update-interval: The current interval in use for all updates 472 (multicast and unicast) sent on this interface. Units are 473 centiseconds. This is a 16-bit unsigned integer. 475 babel-mac-enable: Indicates whether the MAC security mechanism is 476 enabled (true) or disabled (false). An implementation MAY choose 477 to expose this parameter as read-only ("ro"). 479 babel-if-mac-keys-sets: List of references to the babel-mac entries 480 that apply to this interface. When an interface instance is 481 created, all babel-mac-key-sets instances with babel-mac-default- 482 apply "true" will be included in this list. An implementation MAY 483 choose to expose this parameter as read-only ("ro"). 485 babel-mac-verify A Boolean flag indicating whether MACs in incoming 486 Babel packets are required to be present and are verified. If 487 this parameter is "true", incoming packets are required to have a 488 valid MAC. An implementation MAY choose to expose this parameter 489 as read-only ("ro"). 491 babel-dtls-enable: Indicates whether the DTLS security mechanism is 492 enabled (true) or disabled (false). An implementation MAY choose 493 to expose this parameter as read-only ("ro"). 495 babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- 496 sets entries that apply to this interface. When an interface 497 instance is created, all babel-dtls-cert-sets instances with 498 babel-dtls-default-apply "true" will be included in this list. An 499 implementation MAY choose to expose this parameter as read-only 500 ("ro"). 502 babel-dtls-cached-info: Indicates whether the cached_info extension 503 (see [I-D.ietf-babel-dtls] Appendix A) is included in ClientHello 504 and ServerHello packets. The extension is included if the value 505 is "true". An implementation MAY choose to expose this parameter 506 as read-only ("ro"). 508 babel-dtls-cert-prefer: List of supported certificate types, in 509 order of preference. The values MUST be among those listed in the 510 babel-dtls-cert-types parameter. This list is used to populate 511 the server_certificate_type extension (see [I-D.ietf-babel-dtls] 512 Appendix A) in a Client Hello. Values that are present in at 513 least one instance in the babel-dtls-certs object of a referenced 514 babel-dtls instance and that have a non-empty babel-cert-private- 515 key will be used to populate the client_certificate_type extension 516 in a Client Hello. 518 babel-packet-log-enable: Indicates whether packet logging is enabled 519 (true) or disabled (false) on this interface. 521 babel-packet-log: A reference or url link to a file that contains a 522 timestamped log of packets received and sent on babel-udp-port on 523 this interface. The [libpcap] file format with .pcap file 524 extension SHOULD be supported for packet log files. Logging is 525 enabled / disabled by babel-packet-log-enable. Implementations 526 will need to carefully manage and limit memory used by packet 527 logs. 529 babel-if-stats: Statistics collection object for this interface. 531 babel-neighbors: A set of babel-neighbor-obj objects. 533 3.4. Definition of babel-if-stats-obj 535 object { 536 uint ro babel-sent-mcast-hello; 537 uint ro babel-sent-mcast-update; 538 uint ro babel-sent-ucast-hello; 539 uint ro babel-sent-ucast-update; 540 uint ro babel-sent-IHU; 541 uint ro babel-received-packets; 542 } babel-if-stats-obj; 544 babel-sent-mcast-hello: A count of the number of multicast Hello 545 packets sent on this interface. 547 babel-sent-mcast-update: A count of the number of multicast update 548 packets sent on this interface. 550 babel-sent-ucast-hello: A count of the number of unicast Hello 551 packets sent on this interface. 553 babel-sent-ucast-update: A count of the number of unicast update 554 packets sent on this interface. 556 babel-sent-IHU: A count of the number of IHU packets sent on this 557 interface. 559 babel-received-packets: A count of the number of Babel packets 560 received on this interface. 562 3.5. Definition of babel-neighbor-obj 564 object { 565 ip-address ro babel-neighbor-address; 566 [binary ro babel-hello-mcast-history;] 567 [binary ro babel-hello-ucast-history;] 568 uint ro babel-txcost; 569 uint ro babel-exp-mcast-hello-seqno; 570 uint ro babel-exp-ucast-hello-seqno; 571 [uint ro babel-ucast-hello-seqno;] 572 [uint ro babel-ucast-hello-interval;] 573 [uint ro babel-rxcost;] 574 [uint ro babel-cost;] 575 } babel-neighbor-obj; 577 babel-neighbor-address: IPv4 or IPv6 address the neighbor sends 578 packets from. 580 babel-hello-mcast-history: The multicast Hello history of whether or 581 not the multicast Hello packets prior to babel-exp-mcast-hello- 582 seqno were received. A binary sequence where the most recently 583 received Hello is expressed as a "1" placed in the left-most bit, 584 with prior bits shifted right (and "0" bits placed between prior 585 Hello bits and most recent Hello for any not-received Hellos). 586 This value should be displayed using hex digits ([0-9a-fA-F]). 587 See [I-D.ietf-babel-rfc6126bis], section A.1. 589 babel-hello-ucast-history: The unicast Hello history of whether or 590 not the unicast Hello packets prior to babel-exp-ucast-hello-seqno 591 were received. A binary sequence where the most recently received 592 Hello is expressed as a "1" placed in the left-most bit, with 593 prior bits shifted right (and "0" bits placed between prior Hello 594 bits and most recent Hello for any not-received Hellos). This 595 value should be displayed using hex digits ([0-9a-fA-F]). See 596 [I-D.ietf-babel-rfc6126bis], section A.1. 598 babel-txcost: Transmission cost value from the last IHU packet 599 received from this neighbor, or maximum value to indicate the IHU 600 hold timer for this neighbor has expired. See 601 [I-D.ietf-babel-rfc6126bis], section 3.4.2. This is a 16-bit 602 unsigned integer. 604 babel-exp-mcast-hello-seqno: Expected multicast Hello sequence 605 number of next Hello to be received from this neighbor. If 606 multicast Hello packets are not expected, or processing of 607 multicast packets is not enabled, this MUST be NULL. This is a 608 16-bit unsigned integer; if the data model uses zero (0) to 609 represent NULL values for unsigned integers, the data model MAY 610 use a different data type that allows differentiation between zero 611 (0) and NULL. 613 babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number 614 of next Hello to be received from this neighbor. If unicast Hello 615 packets are not expected, or processing of unicast packets is not 616 enabled, this MUST be NULL. This is a 16-bit unsigned integer; if 617 the data model uses zero (0) to represent NULL values for unsigned 618 integers, the data model MAY use a different data type that allows 619 differentiation between zero (0) and NULL. 621 babel-ucast-hello-seqno: The current sequence number in use for 622 unicast Hellos sent to this neighbor. If unicast Hellos are not 623 being sent, this MUST be NULL. This is a 16-bit unsigned integer; 624 if the data model uses zero (0) to represent NULL values for 625 unsigned integers, the data model MAY use a different data type 626 that allows differentiation between zero (0) and NULL. 628 babel-ucast-hello-interval: The current interval in use for unicast 629 Hellos sent to this neighbor. Units are centiseconds. This is a 630 16-bit unsigned integer. 632 babel-rxcost: Reception cost calculated for this neighbor. This 633 value is usually derived from the Hello history, which may be 634 combined with other data, such as statistics maintained by the 635 link layer. The rxcost is sent to a neighbor in each IHU. See 636 [I-D.ietf-babel-rfc6126bis], section 3.4.3. This is a 16-bit 637 unsigned integer. 639 babel-cost: The link cost, as computed from the values maintained in 640 the neighbor table: the statistics kept in the neighbor table 641 about the reception of Hellos, and the txcost computed from 642 received IHU packets. This is a 16-bit unsigned integer. 644 3.6. Definition of babel-route-obj 645 object { 646 ip-address ro babel-route-prefix; 647 uint ro babel-route-prefix-length; 648 binary ro babel-route-router-id; 649 reference ro babel-route-neighbor; 650 uint ro babel-route-received-metric; 651 uint ro babel-route-calculated-metric; 652 uint ro babel-route-seqno; 653 ip-address ro babel-route-next-hop; 654 boolean ro babel-route-feasible; 655 boolean ro babel-route-selected; 656 } babel-route-obj; 658 babel-route-prefix: Prefix (expressed in IP address format) for 659 which this route is advertised. 661 babel-route-prefix-length: Length of the prefix for which this route 662 is advertised. 664 babel-route-router-id: The router-id of the router that originated 665 this route. 667 babel-route-neighbor: Reference to the babel-neighbors entry for the 668 neighbor that advertised this route. 670 babel-route-received-metric: The metric with which this route was 671 advertised by the neighbor, or maximum value to indicate the route 672 was recently retracted and is temporarily unreachable (see 673 Section 3.5.5 of [I-D.ietf-babel-rfc6126bis]). This metric will 674 be NULL if the route was not received from a neighbor but was 675 generated through other means. At least one of babel-route- 676 calculated-metric and babel-route-received-metric MUST be non- 677 NULL. Having both be non-NULL is expected for a route that is 678 received and subsequently advertised. This is a 16-bit unsigned 679 integer; if the data model uses zero (0) to represent NULL values 680 for unsigned integers, the data model MAY use a different data 681 type that allows differentiation between zero (0) and NULL. 683 babel-route-calculated-metric: A calculated metric for this route. 685 How the metric is calculated is implementation-specific. Maximum 686 value indicates the route was recently retracted and is 687 temporarily unreachable (see Section 3.5.5 of 688 [I-D.ietf-babel-rfc6126bis]). At least one of babel-route- 689 calculated-metric and babel-route-received-metric MUST be non- 690 NULL. Having both be non-NULL is expected for a route that is 691 received and subsequently advertised. This is a 16-bit unsigned 692 integer; if the data model uses zero (0) to represent NULL values 693 for unsigned integers, the data model MAY use a different data 694 type that allows differentiation between zero (0) and NULL. 696 babel-route-seqno: The sequence number with which this route was 697 advertised. This is a 16-bit unsigned integer. 699 babel-route-next-hop: The next-hop address of this route. This will 700 be empty if this route has no next-hop address. 702 babel-route-feasible: A Boolean flag indicating whether this route 703 is feasible, as defined in Section 3.5.1 of 704 [I-D.ietf-babel-rfc6126bis]). 706 babel-route-selected: A Boolean flag indicating whether this route 707 is selected (i.e., whether it is currently being used for 708 forwarding and is being advertised). 710 3.7. Definition of babel-mac-key-set-obj 712 object { 713 boolean rw babel-mac-default-apply; 714 babel-mac-key-obj rw babel-mac-keys<0..*>; 715 } babel-mac-key-set-obj; 717 babel-mac-default-apply: A Boolean flag indicating whether this 718 object instance is applied to all new babel-interface instances, 719 by default. If "true", this instance is applied to new babel- 720 interfaces instances at the time they are created, by including it 721 in the babel-if-mac-key-sets list. If "false", this instance is 722 not applied to new babel-interfaces instances when they are 723 created. An implementation MAY choose to expose this parameter as 724 read-only ("ro"). 726 babel-mac-keys: A set of babel-mac-key-obj objects. 728 3.8. Definition of babel-mac-key-obj 729 object { 730 string rw babel-mac-key-name; 731 boolean rw babel-mac-key-use-send; 732 boolean rw babel-mac-key-use-verify; 733 binary -- babel-mac-key-value; 734 string rw babel-mac-key-algorithm; 735 [operation babel-mac-key-test;] 736 } babel-mac-key-obj; 738 babel-mac-key-name: A unique name for this MAC key that can be used 739 to identify the key in this object instance, since the key value 740 is not allowed to be read. This value MUST NOT be empty and can 741 only be provided when this instance is created (i.e., it is not 742 subsequently writable). The value MAY be auto-generated if not 743 explicitly supplied when the instance is created. 745 babel-mac-key-use-send: Indicates whether this key value is used to 746 compute a MAC and include that MAC in the sent Babel packet. A 747 MAC for sent packets is computed using this key if the value is 748 "true". If the value is "false", this key is not used to compute 749 a MAC to include in sent Babel packets. An implementation MAY 750 choose to expose this parameter as read-only ("ro"). 752 babel-mac-key-use-verify: Indicates whether this key value is used 753 to verify incoming Babel packets. This key is used to verify 754 incoming packets if the value is "true". If the value is "false", 755 no MAC is computed from this key for comparing with the MAC in an 756 incoming packet. An implementation MAY choose to expose this 757 parameter as read-only ("ro"). 759 babel-mac-key-value: The value of the MAC key. An implementation 760 MUST NOT allow this parameter to be read. This can be done by 761 always providing an empty string when read, or through 762 permissions, or other means. This value MUST be provided when 763 this instance is created, and is not subsequently writable. This 764 value is of a length suitable for the associated babel-mac-key- 765 algorithm. If the algorithm is based on the HMAC construction 766 [RFC2104], the length MUST be between 0 and the block size of the 767 underlying hash inclusive (where "HMAC-SHA256" block size is 64 768 bytes as described in [RFC4868]). If the algorithm is "BLAKE2s- 769 128", the length MUST be between 0 and 32 bytes inclusive, as 770 described in [RFC7693]. 772 babel-mac-key-algorithm The name of the MAC algorithm used with this 773 key. The value MUST be the same as one of the enumerations listed 774 in the babel-mac-algorithms parameter. An implementation MAY 775 choose to expose this parameter as read-only ("ro"). 777 babel-mac-key-test: An operation that allows the MAC key and MAC 778 algorithm to be tested to see if they produce an expected outcome. 779 Input to this operation are a binary string and a calculated MAC 780 (also in the format of a binary string) for the binary string. 781 The implementation is expected to create a MAC over the binary 782 string using the babel-mac-key-value and the babel-mac-key- 783 algorithm. The output of this operation is a Boolean indication 784 that the calculated MAC matched the input MAC (true) or the MACs 785 did not match (false). 787 3.9. Definition of babel-dtls-cert-set-obj 789 object { 790 boolean rw babel-dtls-default-apply; 791 babel-dtls-cert-obj rw babel-dtls-certs<0..*>; 792 } babel-dtls-cert-set-obj; 794 babel-dtls-default-apply: A Boolean flag indicating whether this 795 object instance is applied to all new babel-interface instances, 796 by default. If "true", this instance is applied to new babel- 797 interfaces instances at the time they are created, by including it 798 in the babel-interface-dtls-certs list. If "false", this instance 799 is not applied to new babel-interfaces instances when they are 800 created. An implementation MAY choose to expose this parameter as 801 read-only ("ro"). 803 babel-dtls-certs: A set of babel-dtls-cert-obj objects. This 804 contains both certificates for this implementation to present for 805 authentication, and to accept from others. Certificates with a 806 non-empty babel-cert-private-key can be presented by this 807 implementation for authentication. 809 3.10. Definition of babel-dtls-cert-obj 811 object { 812 string rw babel-cert-name; 813 string rw babel-cert-value; 814 string rw babel-cert-type; 815 binary -- babel-cert-private-key; 816 } babel-dtls-cert-obj; 818 babel-cert-name: A unique name for this certificate that can be used 819 to identify the certificate in this object instance, since the 820 value is too long to be useful for identification. This value 821 MUST NOT be empty and can only be provided when this instance is 822 created (i.e., it is not subsequently writable). The value MAY be 823 auto-generated if not explicitly supplied when the instance is 824 created. 826 babel-cert-value: The certificate in PEM format [RFC7468]. This 827 value MUST be provided when this instance is created, and is not 828 subsequently writable. 830 babel-cert-type: The name of the certificate type of this object 831 instance. The value MUST be the same as one of the enumerations 832 listed in the babel-dtls-cert-types parameter. This value can 833 only be provided when this instance is created, and is not 834 subsequently writable. 836 babel-cert-private-key: The value of the private key. If this is 837 non-empty, this certificate can be used by this implementation to 838 provide a certificate during DTLS handshaking. An implementation 839 MUST NOT allow this parameter to be read. This can be done by 840 always providing an empty string when read, or through 841 permissions, or other means. This value can only be provided when 842 this instance is created, and is not subsequently writable. 844 4. Extending the Information Model 846 Implementations MAY extend this information model with other 847 parameters or objects. For example, an implementation MAY choose to 848 expose Babel route filtering rules by adding a route filtering object 849 with parameters appropriate to how route filtering is done in that 850 implementation. The precise means used to extend the information 851 model would be specific to the data model the implementation uses to 852 expose this information. 854 5. Security Considerations 856 This document defines a set of information model objects and 857 parameters that may be exposed to be visible from other devices, and 858 some of which may be configured. Securing access to and ensuring the 859 integrity of this data is in scope of and the responsibility of any 860 data model derived from this information model. Specifically, any 861 YANG [RFC7950] data model is expected to define security exposure of 862 the various parameters, and a [TR-181] data model will be secured by 863 the mechanisms defined for the management protocol used to transport 864 it. 866 Misconfiguration (whether unintentional or malicious) can prevent 867 reachability or cause poor network performance (increased latency, 868 jitter, etc.). The information in this model discloses network 869 topology, which can be used to mount subsequent attacks on traffic 870 traversing the network. 872 This information model defines objects that can allow credentials 873 (for this device, for trusted devices, and for trusted certificate 874 authorities) to be added and deleted. Public keys may be exposed 875 through this model. This model requires that private keys and MAC 876 keys never be exposed. Certificates used by [I-D.ietf-babel-dtls] 877 implementations use separate parameters to model the public parts 878 (including the public key) and the private key. 880 MAC keys are allowed to be as short as zero-length. This is useful 881 for testing. Network operators are RECOMMENDED to follow current 882 best practices for key length and generation of keys related to the 883 MAC algorithm associated with the key. Short (and zero-length) keys 884 are highly susceptible to brute force attacks and therefore SHOULD 885 NOT be used. See the Security Considerations section of 886 [I-D.ietf-babel-hmac] for additional considerations related to MAC 887 keys. 889 This information model uses key sets and certification sets to 890 provide a means of grouping keys and certificates. This makes it 891 easy to use a different set per interface, the same set for one or 892 more interfaces, have a default set in case a new interface is 893 instantiated and to change keys and certificates as needed. 895 6. IANA Considerations 897 This document has no IANA actions. 899 7. Acknowledgements 901 Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Antonin 902 Decimo, Acee Lindem, and Carsten Bormann have been very helpful in 903 refining this information model. 905 The language in the Notation section was mostly taken from [RFC8193]. 907 8. References 909 8.1. Normative References 911 [I-D.ietf-babel-dtls] 912 Decimo, A., Schinazi, D., and J. Chroboczek, "Babel 913 Routing Protocol over Datagram Transport Layer Security", 914 Work in Progress, Internet-Draft, draft-ietf-babel-dtls- 915 10, 30 June 2020, . 918 [I-D.ietf-babel-hmac] 919 Do, C., Kolodziejak, W., and J. Chroboczek, "MAC 920 authentication for the Babel routing protocol", Work in 921 Progress, Internet-Draft, draft-ietf-babel-hmac-12, 4 922 September 2020, . 925 [I-D.ietf-babel-rfc6126bis] 926 Chroboczek, J. and D. Schinazi, "The Babel Routing 927 Protocol", Work in Progress, Internet-Draft, draft-ietf- 928 babel-rfc6126bis-20, 24 August 2020, . 931 [ISO.10646] 932 International Organization for Standardization, 933 "Information Technology - Universal Multiple-Octet Coded 934 Character Set (UCS)", ISO Standard 10646:2014, 2014. 936 [libpcap] Wireshark, "Libpcap File Format", 2015, 937 . 940 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 941 Hashing for Message Authentication", RFC 2104, 942 DOI 10.17487/RFC2104, February 1997, 943 . 945 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 946 Requirement Levels", BCP 14, RFC 2119, 947 DOI 10.17487/RFC2119, March 1997, 948 . 950 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 951 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 952 . 954 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 955 384, and HMAC-SHA-512 with IPsec", RFC 4868, 956 DOI 10.17487/RFC4868, May 2007, 957 . 959 [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, 960 PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, 961 April 2015, . 963 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 964 Cryptographic Hash and Message Authentication Code (MAC)", 965 RFC 7693, DOI 10.17487/RFC7693, November 2015, 966 . 968 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 969 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 970 May 2017, . 972 8.2. Informative References 974 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 975 and A. Bierman, Ed., "Network Configuration Protocol 976 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 977 . 979 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 980 RFC 7950, DOI 10.17487/RFC7950, August 2016, 981 . 983 [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. 984 Schoenwaelder, "Information Model for Large-Scale 985 Measurement Platforms (LMAPs)", RFC 8193, 986 DOI 10.17487/RFC8193, August 2017, 987 . 989 [TR-181] Broadband Forum, "Device Data Model", 990 . 992 Authors' Addresses 994 Barbara Stark 995 AT&T 996 Atlanta, GA, 997 United States of America 999 Email: barbara.stark@att.com 1001 Mahesh Jethanandani 1002 VMware 1003 California 1004 United States of America 1006 Email: mjethanandani@gmail.com