idnits 2.17.1 draft-ietf-babel-information-model-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 2 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 317 has weird spacing: '...set-obj rw b...' == Line 390 has weird spacing: '...address rw b...' == Line 421 has weird spacing: '...ats-obj ro b...' == Line 422 has weird spacing: '...bor-obj ro b...' == Line 531 has weird spacing: '... uint ro b...' == (11 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (22 February 2021) is 1158 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0-9a-fA-F' is mentioned on line 590, but not defined Summary: 0 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel routing protocol B.H. Stark 3 Internet-Draft AT&T 4 Intended status: Informational M.J. Jethanandani 5 Expires: 26 August 2021 VMware 6 22 February 2021 8 Babel Information Model 9 draft-ietf-babel-information-model-13 11 Abstract 13 This Babel Information Model provides structured data elements for a 14 Babel implementation reporting its current state and may allow 15 limited configuration of some such data elements. This information 16 model can be used as a basis for creating data models under various 17 data modeling regimes. This information model only includes 18 parameters and parameter values useful for managing Babel over IPv6. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on 26 August 2021. 37 Copyright Notice 39 Copyright (c) 2021 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 44 license-info) in effect on the date of publication of this document. 45 Please review these documents carefully, as they describe your rights 46 and restrictions with respect to this document. Code Components 47 extracted from this document must include Simplified BSD License text 48 as described in Section 4.e of the Trust Legal Provisions and are 49 provided without warranty as described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 58 3.1. Definition of babel-information-obj . . . . . . . . . . . 7 59 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 9 60 3.3. Definition of babel-interface-obj . . . . . . . . . . . . 9 61 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 12 62 3.5. Definition of babel-neighbor-obj . . . . . . . . . . . . 13 63 3.6. Definition of babel-route-obj . . . . . . . . . . . . . . 14 64 3.7. Definition of babel-mac-key-set-obj . . . . . . . . . . . 16 65 3.8. Definition of babel-mac-key-obj . . . . . . . . . . . . . 16 66 3.9. Definition of babel-dtls-cert-set-obj . . . . . . . . . . 18 67 3.10. Definition of babel-dtls-cert-obj . . . . . . . . . . . . 18 68 4. Extending the Information Model . . . . . . . . . . . . . . . 19 69 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 71 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 73 8.1. Normative References . . . . . . . . . . . . . . . . . . 20 74 8.2. Informative References . . . . . . . . . . . . . . . . . 21 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 77 1. Introduction 79 Babel is a loop-avoiding distance-vector routing protocol defined in 80 [RFC8966]. [RFC8967] defines a security mechanism that allows Babel 81 packets to be cryptographically authenticated, and [RFC8968] defines 82 a security mechanism that allows Babel packets to be both 83 authenticated and encrypted. This document describes an information 84 model for Babel (including implementations using one or both of these 85 security mechanisms) that can be used to create management protocol 86 data models (such as a NETCONF [RFC6241] YANG [RFC7950] data model). 88 Due to the simplicity of the Babel protocol, most of the information 89 model is focused on reporting Babel protocol operational state, and 90 very little of that is considered mandatory to implement for an 91 implementation claiming compliance with this information model. Some 92 parameters may be configurable. However, it is up to the Babel 93 implementation whether to allow any of these to be configured within 94 its implementation. Where the implementation does not allow 95 configuration of these parameters, it MAY still choose to expose them 96 as read-only. 98 The Information Model is presented using a hierarchical structure. 99 This does not preclude a data model based on this Information Model 100 from using a referential or other structure. 102 This information model only includes parameters and parameter values 103 useful for managing Babel over IPv6. This model has no parameters or 104 values specific to operating Babel over IPv4, even though [RFC8966] 105 does define a multicast group for sending and listening to multicast 106 announcements on IPv4. There is less likelihood of breakage due to 107 inconsistent configuration and increased implementation simplicity if 108 Babel is operated always and only over IPv6. Running Babel over IPv6 109 requires IPv6 at the link layer and does not need advertised 110 prefixes, router advertisements or DHCPv6 to be present in the 111 network. Link-local IPv6 is widely supported among devices where 112 Babel is expected to be used. Note that Babel over IPv6 can be used 113 for configuration of both IPv4 and IPv6 routes. 115 1.1. Requirements Language 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described in 120 BCP014 [RFC2119] [RFC8174] when, and only when, they appear in all 121 capitals, as shown here. 123 1.2. Notation 125 This document uses a programming language-like notation to define the 126 properties of the objects of the information model. An optional 127 property is enclosed by square brackets, [ ], and a list property is 128 indicated by two numbers in angle brackets, , where m indicates 129 the minimal number of list elements, and n indicates the maximum 130 number of list elements. The symbol * for n means there are no 131 defined limits on the number of list elements. Each parameter and 132 object includes an indication of "ro" or "rw". "ro" means the 133 parameter or object is read-only. "rw" means it is read-write. For 134 an object, read-write means instances of the object can be created or 135 deleted. If an implementation is allowed to choose to implement a 136 "rw" parameter as read-only, this is noted in the parameter 137 description. 139 The object definitions use base types that are defined as follows: 141 binary A binary string (sequence of octets). 143 boolean A type representing a Boolean (true or false) value. 145 datetime A type representing a date and time using the Gregorian 146 calendar. The datetime format MUST conform to RFC 3339 147 [RFC3339] Section 5.6. 149 ip-address A type representing an IP address. This type supports 150 both IPv4 and IPv6 addresses. 152 operation A type representing a remote procedure call or other 153 action that can be used to manipulate data elements or 154 system behaviors. 156 reference A type representing a reference to another information or 157 data model element or to some other device resource. 159 string A type representing a human-readable string consisting of 160 a (possibly restricted) subset of Unicode and ISO/IEC 161 10646 [ISO.10646] characters. 163 uint A type representing an unsigned integer number. This 164 information model does not define a precision. 166 2. Overview 168 The Information Model is hierarchically structured as follows: 170 +-- babel-information 171 +-- babel-implementation-version 172 +-- babel-enable 173 +-- router-id 174 +-- self-seqno 175 +-- babel-metric-comp-algorithms 176 +-- babel-security-supported 177 +-- babel-mac-algorithms 178 +-- babel-dtls-cert-types 179 +-- babel-stats-enable 180 +-- babel-stats-reset 181 +-- babel-constants 182 | +-- babel-udp-port 183 | +-- babel-mcast-group 184 +-- babel-interfaces 185 | +-- babel-interface-reference 186 | +-- babel-interface-enable 187 | +-- babel-interface-metric-algorithm 188 | +-- babel-interface-split-horizon 189 | +-- babel-mcast-hello-seqno 190 | +-- babel-mcast-hello-interval 191 | +-- babel-update-interval 192 | +-- babel-mac-enable 193 | +-- babel-if-mac-key-sets 194 | +-- babel-mac-verify 195 | +-- babel-dtls-enable 196 | +-- babel-if-dtls-cert-sets 197 | +-- babel-dtls-cached-info 198 | +-- babel-dtls-cert-prefer 199 | +-- babel-packet-log-enable 200 | +-- babel-packet-log 201 | +-- babel-if-stats 202 | | +-- babel-sent-mcast-hello 203 | | +-- babel-sent-mcast-update 204 | | +-- babel-sent-ucast-hello 205 | | +-- babel-sent-ucast-update 206 | | +-- babel-sent-IHU 207 | | +-- babel-received-packets 208 | +-- babel-neighbors 209 | +-- babel-neighbor-address 210 | +-- babel-hello-mcast-history 211 | +-- babel-hello-ucast-history 212 | +-- babel-txcost 213 | +-- babel-exp-mcast-hello-seqno 214 | +-- babel-exp-ucast-hello-seqno 215 | +-- babel-ucast-hello-seqno 216 | +-- babel-ucast-hello-interval 217 | +-- babel-rxcost 218 | +-- babel-cost 219 +-- babel-routes 220 | +-- babel-route-prefix 221 | +-- babel-route-prefix-length 222 | +-- babel-route-router-id 223 | +-- babel-route-neighbor 224 | +-- babel-route-received-metric 225 | +-- babel-route-calculated-metric 226 | +-- babel-route-seqno 227 | +-- babel-route-next-hop 228 | +-- babel-route-feasible 229 | +-- babel-route-selected 230 +-- babel-mac-key-sets 231 | +-- babel-mac-default-apply 232 | +-- babel-mac-keys 233 | +-- babel-mac-key-name 234 | +-- babel-mac-key-use-send 235 | +-- babel-mac-key-use-verify 236 | +-- babel-mac-key-value 237 | +-- babel-mac-key-algorithm 238 | +-- babel-mac-key-test 239 +-- babel-dtls-cert-sets 240 +-- babel-dtls-default-apply 241 +-- babel-dtls-certs 242 +-- babel-cert-name 243 +-- babel-cert-value 244 +-- babel-cert-type 245 +-- babel-cert-private-key 247 Most parameters are read-only. Following is a descriptive list of 248 the parameters that are not required to be read-only: 250 * enable/disable Babel 252 * create/delete Babel MAC Key sets 254 * create/delete Babel Certificate sets 256 * enable/disable statistics collection 258 * Constant: UDP port 260 * Constant: IPv6 multicast group 262 * Interface: enable/disable Babel on this interface 264 * Interface: Metric algorithm 266 * Interface: Split horizon 268 * Interface: sets of MAC keys 270 * Interface: verify received MAC packets 272 * Interface: set of certificates for use with DTLS 274 * Interface: use cached info extensions 276 * Interface: preferred order of certificate types 278 * Interface: enable/disable packet log 279 * MAC-keys: create/delete entries 281 * MAC-keys: key used for sent packets 283 * MAC-keys: key used to verify packets 285 * DTLS-certs: create/delete entries 287 The following parameters are required to return no value when read: 289 * MAC key values 291 * DTLS private keys 293 Note that this overview is intended simply to be informative and is 294 not normative. If there is any discrepancy between this overview and 295 the detailed information model definitions in subsequent sections, 296 the error is in this overview. 298 3. The Information Model 300 3.1. Definition of babel-information-obj 302 object { 303 string ro babel-implementation-version; 304 boolean rw babel-enable; 305 binary ro babel-self-router-id; 306 [uint ro babel-self-seqno;] 307 string ro babel-metric-comp-algorithms<1..*>; 308 string ro babel-security-supported<0..*>; 309 [string ro babel-mac-algorithms<1..*>;] 310 [string ro babel-dtls-cert-types<1..*>;] 311 [boolean rw babel-stats-enable;] 312 [operation babel-stats-reset;] 313 babel-constants-obj ro babel-constants; 314 babel-interface-obj ro babel-interfaces<0..*>; 315 babel-route-obj ro babel-routes<0..*>; 316 [babel-mac-key-set-obj rw babel-mac-key-sets<0..*>;] 317 [babel-dtls-cert-set-obj rw babel-dtls-cert-sets<0..*>;] 318 } babel-information-obj; 320 babel-implementation-version: The name and version of this 321 implementation of the Babel protocol. 323 babel-enable: When written, it configures whether the protocol 324 should be enabled (true) or disabled (false). A read from the 325 running or intended datastore indicates the configured 326 administrative value of whether the protocol is enabled (true) or 327 not (false). A read from the operational datastore indicates 328 whether the protocol is actually running (true) or not (i.e., it 329 indicates the operational state of the protocol). A data model 330 that does not replicate parameters for running and operational 331 datastores can implement this as two separate parameters. An 332 implementation MAY choose to expose this parameter as read-only 333 ("ro"). 335 babel-self-router-id: The router-id used by this instance of the 336 Babel protocol to identify itself. [RFC8966] describes this as an 337 arbitrary string of 8 octets. 339 babel-self-seqno: The current sequence number included in route 340 updates for routes originated by this node. This is a 16-bit 341 unsigned integer. 343 babel-metric-comp-algorithms: List of supported cost computation 344 algorithms. Possible values include "2-out-of-3", and "ETX". "2- 345 out-of-3" is described in [RFC8966], section A.2.1. "ETX" is 346 described in [RFC8966], section A.2.2. 348 babel-security-supported: List of supported security mechanisms. 349 Possible values include "MAC" to indicate support of [RFC8967] and 350 "DTLS" to indicate support of [RFC8968]. 352 babel-mac-algorithms: List of supported MAC computation algorithms. 353 Possible values include "HMAC-SHA256", "BLAKE2s-128" to indicate 354 support for algorithms indicated in [RFC8967]. 356 babel-dtls-cert-types: List of supported certificate types. 357 Possible values include "X.509" and "RawPublicKey" to indicate 358 support for types indicated in [RFC8968]. 360 babel-stats-enable: Indicates whether statistics collection is 361 enabled (true) or disabled (false) on all interfaces. When 362 enabled, existing statistics values are not cleared and will be 363 incremented as new packets are counted. 365 babel-stats-reset: An operation that resets all babel-if-stats 366 parameters to zero. This operation has no input or output 367 parameters. 369 babel-constants: A babel-constants-obj object. 371 babel-interfaces: A set of babel-interface-obj objects. 373 babel-routes: A set of babel-route-obj objects. Contains the routes 374 known to this node. 376 babel-mac-key-sets: A set of babel-mac-key-set-obj objects. If this 377 object is implemented, it provides access to parameters related to 378 the MAC security mechanism. An implementation MAY choose to 379 expose this object as read-only ("ro"). 381 babel-dtls-cert-sets: A set of babel-dtls-cert-set-obj objects. If 382 this object is implemented, it provides access to parameters 383 related to the DTLS security mechanism. An implementation MAY 384 choose to expose this object as read-only ("ro"). 386 3.2. Definition of babel-constants-obj 388 object { 389 uint rw babel-udp-port; 390 [ip-address rw babel-mcast-group;] 391 } babel-constants-obj; 393 babel-udp-port: UDP port for sending and listening for Babel 394 packets. Default is 6696. An implementation MAY choose to expose 395 this parameter as read-only ("ro"). This is a 16-bit unsigned 396 integer. 398 babel-mcast-group: Multicast group for sending and listening to 399 multicast announcements on IPv6. Default is ff02::1:6. An 400 implementation MAY choose to expose this parameter as read-only 401 ("ro"). 403 3.3. Definition of babel-interface-obj 404 object { 405 reference ro babel-interface-reference; 406 [boolean rw babel-interface-enable;] 407 string rw babel-interface-metric-algorithm; 408 [boolean rw babel-interface-split-horizon;] 409 [uint ro babel-mcast-hello-seqno;] 410 [uint ro babel-mcast-hello-interval;] 411 [uint ro babel-update-interval;] 412 [boolean rw babel-mac-enable;] 413 [reference rw babel-if-mac-key-sets<0..*>;] 414 [boolean rw babel-mac-verify;] 415 [boolean rw babel-dtls-enable;] 416 [reference rw babel-if-dtls-cert-sets<0..*>;] 417 [boolean rw babel-dtls-cached-info;] 418 [string rw babel-dtls-cert-prefer<0..*>;] 419 [boolean rw babel-packet-log-enable;] 420 [reference ro babel-packet-log;] 421 [babel-if-stats-obj ro babel-if-stats;] 422 babel-neighbor-obj ro babel-neighbors<0..*>; 423 } babel-interface-obj; 425 babel-interface-reference: Reference to an interface object that can 426 be used to send and receive IPv6 packets, as defined by the data 427 model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax 428 will be specific to the data model. If there is no set of 429 interface objects available, this should be a string that 430 indicates the interface name used by the underlying operating 431 system. 433 babel-interface-enable: When written, it configures whether the 434 protocol should be enabled (true) or disabled (false) on this 435 interface. A read from the running or intended datastore 436 indicates the configured administrative value of whether the 437 protocol is enabled (true) or not (false). A read from the 438 operational datastore indicates whether the protocol is actually 439 running (true) or not (i.e., it indicates the operational state of 440 the protocol). A data model that does not replicate parameters 441 for running and operational datastores can implement this as two 442 separate parameters. An implementation MAY choose to expose this 443 parameter as read-only ("ro"). 445 babel-interface-metric-algorithm: Indicates the metric computation 446 algorithm used on this interface. The value MUST be one of those 447 listed in the babel-information-obj babel-metric-comp-algorithms 448 parameter. An implementation MAY choose to expose this parameter 449 as read-only ("ro"). 451 babel-interface-split-horizon: Indicates whether or not the split 452 horizon optimization is used when calculating metrics on this 453 interface. A value of true indicates split horizon optimization 454 is used. Split horizon optimization is described in [RFC8966], 455 section 3.7.4. An implementation MAY choose to expose this 456 parameter as read-only ("ro"). 458 babel-mcast-hello-seqno: The current sequence number in use for 459 multicast Hellos sent on this interface. This is a 16-bit 460 unsigned integer. 462 babel-mcast-hello-interval: The current interval in use for 463 multicast Hellos sent on this interface. Units are centiseconds. 464 This is a 16-bit unsigned integer. 466 babel-update-interval: The current interval in use for all updates 467 (multicast and unicast) sent on this interface. Units are 468 centiseconds. This is a 16-bit unsigned integer. 470 babel-mac-enable: Indicates whether the MAC security mechanism is 471 enabled (true) or disabled (false). An implementation MAY choose 472 to expose this parameter as read-only ("ro"). 474 babel-if-mac-keys-sets: List of references to the babel-mac entries 475 that apply to this interface. When an interface instance is 476 created, all babel-mac-key-sets instances with babel-mac-default- 477 apply "true" will be included in this list. An implementation MAY 478 choose to expose this parameter as read-only ("ro"). 480 babel-mac-verify A Boolean flag indicating whether MACs in incoming 481 Babel packets are required to be present and are verified. If 482 this parameter is "true", incoming packets are required to have a 483 valid MAC. An implementation MAY choose to expose this parameter 484 as read-only ("ro"). 486 babel-dtls-enable: Indicates whether the DTLS security mechanism is 487 enabled (true) or disabled (false). An implementation MAY choose 488 to expose this parameter as read-only ("ro"). 490 babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- 491 sets entries that apply to this interface. When an interface 492 instance is created, all babel-dtls-cert-sets instances with 493 babel-dtls-default-apply "true" will be included in this list. An 494 implementation MAY choose to expose this parameter as read-only 495 ("ro"). 497 babel-dtls-cached-info: Indicates whether the cached_info extension 498 (see [RFC8968] Appendix A) is included in ClientHello and 499 ServerHello packets. The extension is included if the value is 500 "true". An implementation MAY choose to expose this parameter as 501 read-only ("ro"). 503 babel-dtls-cert-prefer: List of supported certificate types, in 504 order of preference. The values MUST be among those listed in the 505 babel-dtls-cert-types parameter. This list is used to populate 506 the server_certificate_type extension (see [RFC8968] Appendix A) 507 in a Client Hello. Values that are present in at least one 508 instance in the babel-dtls-certs object of a referenced babel-dtls 509 instance and that have a non-empty babel-cert-private-key will be 510 used to populate the client_certificate_type extension in a Client 511 Hello. 513 babel-packet-log-enable: Indicates whether packet logging is enabled 514 (true) or disabled (false) on this interface. 516 babel-packet-log: A reference or url link to a file that contains a 517 timestamped log of packets received and sent on babel-udp-port on 518 this interface. The [libpcap] file format with .pcap file 519 extension SHOULD be supported for packet log files. Logging is 520 enabled / disabled by babel-packet-log-enable. Implementations 521 will need to carefully manage and limit memory used by packet 522 logs. 524 babel-if-stats: Statistics collection object for this interface. 526 babel-neighbors: A set of babel-neighbor-obj objects. 528 3.4. Definition of babel-if-stats-obj 530 object { 531 uint ro babel-sent-mcast-hello; 532 uint ro babel-sent-mcast-update; 533 uint ro babel-sent-ucast-hello; 534 uint ro babel-sent-ucast-update; 535 uint ro babel-sent-IHU; 536 uint ro babel-received-packets; 537 } babel-if-stats-obj; 539 babel-sent-mcast-hello: A count of the number of multicast Hello 540 packets sent on this interface. 542 babel-sent-mcast-update: A count of the number of multicast update 543 packets sent on this interface. 545 babel-sent-ucast-hello: A count of the number of unicast Hello 546 packets sent on this interface. 548 babel-sent-ucast-update: A count of the number of unicast update 549 packets sent on this interface. 551 babel-sent-IHU: A count of the number of IHU packets sent on this 552 interface. 554 babel-received-packets: A count of the number of Babel packets 555 received on this interface. 557 3.5. Definition of babel-neighbor-obj 559 object { 560 ip-address ro babel-neighbor-address; 561 [binary ro babel-hello-mcast-history;] 562 [binary ro babel-hello-ucast-history;] 563 uint ro babel-txcost; 564 uint ro babel-exp-mcast-hello-seqno; 565 uint ro babel-exp-ucast-hello-seqno; 566 [uint ro babel-ucast-hello-seqno;] 567 [uint ro babel-ucast-hello-interval;] 568 [uint ro babel-rxcost;] 569 [uint ro babel-cost;] 570 } babel-neighbor-obj; 572 babel-neighbor-address: IPv4 or IPv6 address the neighbor sends 573 packets from. 575 babel-hello-mcast-history: The multicast Hello history of whether or 576 not the multicast Hello packets prior to babel-exp-mcast-hello- 577 seqno were received. A binary sequence where the most recently 578 received Hello is expressed as a "1" placed in the left-most bit, 579 with prior bits shifted right (and "0" bits placed between prior 580 Hello bits and most recent Hello for any not-received Hellos). 581 This value should be displayed using hex digits ([0-9a-fA-F]). 582 See [RFC8966], section A.1. 584 babel-hello-ucast-history: The unicast Hello history of whether or 585 not the unicast Hello packets prior to babel-exp-ucast-hello-seqno 586 were received. A binary sequence where the most recently received 587 Hello is expressed as a "1" placed in the left-most bit, with 588 prior bits shifted right (and "0" bits placed between prior Hello 589 bits and most recent Hello for any not-received Hellos). This 590 value should be displayed using hex digits ([0-9a-fA-F]). See 591 [RFC8966], section A.1. 593 babel-txcost: Transmission cost value from the last IHU packet 594 received from this neighbor, or maximum value to indicate the IHU 595 hold timer for this neighbor has expired. See [RFC8966], section 596 3.4.2. This is a 16-bit unsigned integer. 598 babel-exp-mcast-hello-seqno: Expected multicast Hello sequence 599 number of next Hello to be received from this neighbor. If 600 multicast Hello packets are not expected, or processing of 601 multicast packets is not enabled, this MUST be NULL. This is a 602 16-bit unsigned integer; if the data model uses zero (0) to 603 represent NULL values for unsigned integers, the data model MAY 604 use a different data type that allows differentiation between zero 605 (0) and NULL. 607 babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number 608 of next Hello to be received from this neighbor. If unicast Hello 609 packets are not expected, or processing of unicast packets is not 610 enabled, this MUST be NULL. This is a 16-bit unsigned integer; if 611 the data model uses zero (0) to represent NULL values for unsigned 612 integers, the data model MAY use a different data type that allows 613 differentiation between zero (0) and NULL. 615 babel-ucast-hello-seqno: The current sequence number in use for 616 unicast Hellos sent to this neighbor. If unicast Hellos are not 617 being sent, this MUST be NULL. This is a 16-bit unsigned integer; 618 if the data model uses zero (0) to represent NULL values for 619 unsigned integers, the data model MAY use a different data type 620 that allows differentiation between zero (0) and NULL. 622 babel-ucast-hello-interval: The current interval in use for unicast 623 Hellos sent to this neighbor. Units are centiseconds. This is a 624 16-bit unsigned integer. 626 babel-rxcost: Reception cost calculated for this neighbor. This 627 value is usually derived from the Hello history, which may be 628 combined with other data, such as statistics maintained by the 629 link layer. The rxcost is sent to a neighbor in each IHU. See 630 [RFC8966], section 3.4.3. This is a 16-bit unsigned integer. 632 babel-cost: The link cost, as computed from the values maintained in 633 the neighbor table: the statistics kept in the neighbor table 634 about the reception of Hellos, and the txcost computed from 635 received IHU packets. This is a 16-bit unsigned integer. 637 3.6. Definition of babel-route-obj 638 object { 639 ip-address ro babel-route-prefix; 640 uint ro babel-route-prefix-length; 641 binary ro babel-route-router-id; 642 reference ro babel-route-neighbor; 643 uint ro babel-route-received-metric; 644 uint ro babel-route-calculated-metric; 645 uint ro babel-route-seqno; 646 ip-address ro babel-route-next-hop; 647 boolean ro babel-route-feasible; 648 boolean ro babel-route-selected; 649 } babel-route-obj; 651 babel-route-prefix: Prefix (expressed in IP address format) for 652 which this route is advertised. 654 babel-route-prefix-length: Length of the prefix for which this route 655 is advertised. 657 babel-route-router-id: The router-id of the router that originated 658 this route. 660 babel-route-neighbor: Reference to the babel-neighbors entry for the 661 neighbor that advertised this route. 663 babel-route-received-metric: The metric with which this route was 664 advertised by the neighbor, or maximum value to indicate the route 665 was recently retracted and is temporarily unreachable (see 666 Section 3.5.5 of [RFC8966]). This metric will be NULL if the 667 route was not received from a neighbor but was generated through 668 other means. At least one of babel-route-calculated-metric and 669 babel-route-received-metric MUST be non-NULL. Having both be non- 670 NULL is expected for a route that is received and subsequently 671 advertised. This is a 16-bit unsigned integer; if the data model 672 uses zero (0) to represent NULL values for unsigned integers, the 673 data model MAY use a different data type that allows 674 differentiation between zero (0) and NULL. 676 babel-route-calculated-metric: A calculated metric for this route. 678 How the metric is calculated is implementation-specific. Maximum 679 value indicates the route was recently retracted and is 680 temporarily unreachable (see Section 3.5.5 of [RFC8966]). At 681 least one of babel-route-calculated-metric and babel-route- 682 received-metric MUST be non-NULL. Having both be non-NULL is 683 expected for a route that is received and subsequently advertised. 684 This is a 16-bit unsigned integer; if the data model uses zero (0) 685 to represent NULL values for unsigned integers, the data model MAY 686 use a different data type that allows differentiation between zero 687 (0) and NULL. 689 babel-route-seqno: The sequence number with which this route was 690 advertised. This is a 16-bit unsigned integer. 692 babel-route-next-hop: The next-hop address of this route. This will 693 be empty if this route has no next-hop address. 695 babel-route-feasible: A Boolean flag indicating whether this route 696 is feasible, as defined in Section 3.5.1 of [RFC8966]). 698 babel-route-selected: A Boolean flag indicating whether this route 699 is selected (i.e., whether it is currently being used for 700 forwarding and is being advertised). 702 3.7. Definition of babel-mac-key-set-obj 704 object { 705 boolean rw babel-mac-default-apply; 706 babel-mac-key-obj rw babel-mac-keys<0..*>; 707 } babel-mac-key-set-obj; 709 babel-mac-default-apply: A Boolean flag indicating whether this 710 object instance is applied to all new babel-interface instances, 711 by default. If "true", this instance is applied to new babel- 712 interfaces instances at the time they are created, by including it 713 in the babel-if-mac-key-sets list. If "false", this instance is 714 not applied to new babel-interfaces instances when they are 715 created. An implementation MAY choose to expose this parameter as 716 read-only ("ro"). 718 babel-mac-keys: A set of babel-mac-key-obj objects. 720 3.8. Definition of babel-mac-key-obj 721 object { 722 string rw babel-mac-key-name; 723 boolean rw babel-mac-key-use-send; 724 boolean rw babel-mac-key-use-verify; 725 binary -- babel-mac-key-value; 726 string rw babel-mac-key-algorithm; 727 [operation babel-mac-key-test;] 728 } babel-mac-key-obj; 730 babel-mac-key-name: A unique name for this MAC key that can be used 731 to identify the key in this object instance, since the key value 732 is not allowed to be read. This value MUST NOT be empty and can 733 only be provided when this instance is created (i.e., it is not 734 subsequently writable). The value MAY be auto-generated if not 735 explicitly supplied when the instance is created. 737 babel-mac-key-use-send: Indicates whether this key value is used to 738 compute a MAC and include that MAC in the sent Babel packet. A 739 MAC for sent packets is computed using this key if the value is 740 "true". If the value is "false", this key is not used to compute 741 a MAC to include in sent Babel packets. An implementation MAY 742 choose to expose this parameter as read-only ("ro"). 744 babel-mac-key-use-verify: Indicates whether this key value is used 745 to verify incoming Babel packets. This key is used to verify 746 incoming packets if the value is "true". If the value is "false", 747 no MAC is computed from this key for comparing with the MAC in an 748 incoming packet. An implementation MAY choose to expose this 749 parameter as read-only ("ro"). 751 babel-mac-key-value: The value of the MAC key. An implementation 752 MUST NOT allow this parameter to be read. This can be done by 753 always providing an empty string when read, or through 754 permissions, or other means. This value MUST be provided when 755 this instance is created, and is not subsequently writable. This 756 value is of a length suitable for the associated babel-mac-key- 757 algorithm. If the algorithm is based on the HMAC construction 758 [RFC2104], the length MUST be between 0 and the block size of the 759 underlying hash inclusive (where "HMAC-SHA256" block size is 64 760 bytes as described in [RFC4868]). If the algorithm is "BLAKE2s- 761 128", the length MUST be between 0 and 32 bytes inclusive, as 762 described in [RFC7693]. 764 babel-mac-key-algorithm The name of the MAC algorithm used with this 765 key. The value MUST be the same as one of the enumerations listed 766 in the babel-mac-algorithms parameter. An implementation MAY 767 choose to expose this parameter as read-only ("ro"). 769 babel-mac-key-test: An operation that allows the MAC key and MAC 770 algorithm to be tested to see if they produce an expected outcome. 771 Input to this operation are a binary string and a calculated MAC 772 (also in the format of a binary string) for the binary string. 773 The implementation is expected to create a MAC over the binary 774 string using the babel-mac-key-value and the babel-mac-key- 775 algorithm. The output of this operation is a Boolean indication 776 that the calculated MAC matched the input MAC (true) or the MACs 777 did not match (false). 779 3.9. Definition of babel-dtls-cert-set-obj 781 object { 782 boolean rw babel-dtls-default-apply; 783 babel-dtls-cert-obj rw babel-dtls-certs<0..*>; 784 } babel-dtls-cert-set-obj; 786 babel-dtls-default-apply: A Boolean flag indicating whether this 787 object instance is applied to all new babel-interface instances, 788 by default. If "true", this instance is applied to new babel- 789 interfaces instances at the time they are created, by including it 790 in the babel-interface-dtls-certs list. If "false", this instance 791 is not applied to new babel-interfaces instances when they are 792 created. An implementation MAY choose to expose this parameter as 793 read-only ("ro"). 795 babel-dtls-certs: A set of babel-dtls-cert-obj objects. This 796 contains both certificates for this implementation to present for 797 authentication, and to accept from others. Certificates with a 798 non-empty babel-cert-private-key can be presented by this 799 implementation for authentication. 801 3.10. Definition of babel-dtls-cert-obj 803 object { 804 string rw babel-cert-name; 805 string rw babel-cert-value; 806 string rw babel-cert-type; 807 binary -- babel-cert-private-key; 808 } babel-dtls-cert-obj; 810 babel-cert-name: A unique name for this certificate that can be used 811 to identify the certificate in this object instance, since the 812 value is too long to be useful for identification. This value 813 MUST NOT be empty and can only be provided when this instance is 814 created (i.e., it is not subsequently writable). The value MAY be 815 auto-generated if not explicitly supplied when the instance is 816 created. 818 babel-cert-value: The certificate in PEM format [RFC7468]. This 819 value MUST be provided when this instance is created, and is not 820 subsequently writable. 822 babel-cert-type: The name of the certificate type of this object 823 instance. The value MUST be the same as one of the enumerations 824 listed in the babel-dtls-cert-types parameter. This value can 825 only be provided when this instance is created, and is not 826 subsequently writable. 828 babel-cert-private-key: The value of the private key. If this is 829 non-empty, this certificate can be used by this implementation to 830 provide a certificate during DTLS handshaking. An implementation 831 MUST NOT allow this parameter to be read. This can be done by 832 always providing an empty string when read, or through 833 permissions, or other means. This value can only be provided when 834 this instance is created, and is not subsequently writable. 836 4. Extending the Information Model 838 Implementations MAY extend this information model with other 839 parameters or objects. For example, an implementation MAY choose to 840 expose Babel route filtering rules by adding a route filtering object 841 with parameters appropriate to how route filtering is done in that 842 implementation. The precise means used to extend the information 843 model would be specific to the data model the implementation uses to 844 expose this information. 846 5. Security Considerations 848 This document defines a set of information model objects and 849 parameters that may be exposed to be visible from other devices, and 850 some of which may be configured. Securing access to and ensuring the 851 integrity of this data is in scope of and the responsibility of any 852 data model derived from this information model. Specifically, any 853 YANG [RFC7950] data model is expected to define security exposure of 854 the various parameters, and a [TR-181] data model will be secured by 855 the mechanisms defined for the management protocol used to transport 856 it. 858 Misconfiguration (whether unintentional or malicious) can prevent 859 reachability or cause poor network performance (increased latency, 860 jitter, etc.). Misconfiguration of security credentials can cause a 861 denial of service condition for the Babel routing protocol. The 862 information in this model discloses network topology, which can be 863 used to mount subsequent attacks on traffic traversing the network. 865 This information model defines objects that can allow credentials 866 (for this device, for trusted devices, and for trusted certificate 867 authorities) to be added and deleted. Public keys may be exposed 868 through this model. This model requires that private keys and MAC 869 keys never be exposed. Certificates used by [RFC8968] 870 implementations use separate parameters to model the public parts 871 (including the public key) and the private key. 873 MAC keys are allowed to be as short as zero-length. This is useful 874 for testing. Network operators are RECOMMENDED to follow current 875 best practices for key length and generation of keys related to the 876 MAC algorithm associated with the key. Short (and zero-length) keys 877 are highly susceptible to brute force attacks and therefore SHOULD 878 NOT be used. See the Security Considerations section of [RFC8967] 879 for additional considerations related to MAC keys. 881 This information model uses key sets and certification sets to 882 provide a means of grouping keys and certificates. This makes it 883 easy to use a different set per interface, the same set for one or 884 more interfaces, have a default set in case a new interface is 885 instantiated and to change keys and certificates as needed. 887 6. IANA Considerations 889 This document has no IANA actions. 891 7. Acknowledgements 893 Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Antonin 894 Decimo, Acee Lindem, and Carsten Bormann have been very helpful in 895 refining this information model. 897 The language in the Notation section was mostly taken from [RFC8193]. 899 8. References 901 8.1. Normative References 903 [ISO.10646] 904 International Organization for Standardization, 905 "Information Technology - Universal Multiple-Octet Coded 906 Character Set (UCS)", ISO Standard 10646:2014, 2014. 908 [libpcap] Wireshark, "Libpcap File Format", 2015, 909 . 912 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 913 Hashing for Message Authentication", RFC 2104, 914 DOI 10.17487/RFC2104, February 1997, 915 . 917 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 918 Requirement Levels", BCP 14, RFC 2119, 919 DOI 10.17487/RFC2119, March 1997, 920 . 922 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 923 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 924 . 926 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 927 384, and HMAC-SHA-512 with IPsec", RFC 4868, 928 DOI 10.17487/RFC4868, May 2007, 929 . 931 [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, 932 PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, 933 April 2015, . 935 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 936 Cryptographic Hash and Message Authentication Code (MAC)", 937 RFC 7693, DOI 10.17487/RFC7693, November 2015, 938 . 940 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 941 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 942 May 2017, . 944 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 945 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 946 . 948 [RFC8967] Dô, C., Kolodziejak, W., and J. Chroboczek, "MAC 949 Authentication for the Babel Routing Protocol", RFC 8967, 950 DOI 10.17487/RFC8967, January 2021, 951 . 953 [RFC8968] Décimo, A., Schinazi, D., and J. Chroboczek, "Babel 954 Routing Protocol over Datagram Transport Layer Security", 955 RFC 8968, DOI 10.17487/RFC8968, January 2021, 956 . 958 8.2. Informative References 960 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 961 and A. Bierman, Ed., "Network Configuration Protocol 962 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 963 . 965 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 966 RFC 7950, DOI 10.17487/RFC7950, August 2016, 967 . 969 [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. 970 Schoenwaelder, "Information Model for Large-Scale 971 Measurement Platforms (LMAPs)", RFC 8193, 972 DOI 10.17487/RFC8193, August 2017, 973 . 975 [TR-181] Broadband Forum, "Device Data Model", 976 . 978 Authors' Addresses 980 Barbara Stark 981 AT&T 982 Atlanta, GA, 983 United States of America 985 Email: barbara.stark@att.com 987 Mahesh Jethanandani 988 VMware 989 California 990 United States of America 992 Email: mjethanandani@gmail.com