idnits 2.17.1 draft-ietf-babel-yang-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (August 22, 2019) is 1706 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-20) exists of draft-ietf-babel-rfc6126bis-14 ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-14) exists of draft-ietf-babel-information-model-08 Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft VMware 4 Intended status: Standards Track B. Stark 5 Expires: February 23, 2020 AT&T 6 August 22, 2019 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-03 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 20 document are to be interpreted as described in BCP 14 21 [RFC2119][RFC8174] when, and only when, they appear in all capitals, 22 as shown here.. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on February 23, 2020. 41 Copyright Notice 43 Copyright (c) 2019 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 60 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 61 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 63 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 64 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 65 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 66 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 28 67 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 28 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 28 69 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 70 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 71 6.1. Normative References . . . . . . . . . . . . . . . . . . 30 72 6.2. Informative References . . . . . . . . . . . . . . . . . 31 73 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 32 74 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 32 75 A.2. Automatic Detection of Properties . . . . . . . . . . . . 33 76 A.3. Override Default Properties . . . . . . . . . . . . . . . 34 77 A.4. Configuring other Properties . . . . . . . . . . . . . . 36 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37 80 1. Introduction 82 This document defines a data model for the Babel routing protocol 83 [I-D.ietf-babel-rfc6126bis]. The data model is defined using YANG 84 1.1 [RFC7950] data modeling language and is Network Management 85 Datastore Architecture (NDMA) [RFC8342] compatible. It is based on 86 the Babel Information Model [I-D.ietf-babel-information-model]. 88 1.1. Note to RFC Editor 90 Artwork in this document contains shorthand references to drafts in 91 progress. Please apply the following replacements and remove this 92 note before publication. 94 o "XXXX" --> the assigned RFC value for this draft both in this 95 draft and in the YANG models under the revision statement. 97 o "ZZZZ" --> the assigned RFC value for Babel Information Model 98 [I-D.ietf-babel-information-model] 100 o Revision date in model, in the format 2019-08-22 needs to get 101 updated with the date the draft gets approved. The date also 102 needs to get reflected on the line with . 104 1.2. Tree Diagram Annotations 106 For a reference to the annotations used in tree diagrams included in 107 this draft, please see YANG Tree Diagrams [RFC8340]. 109 2. Babel Module 111 This document defines a YANG 1.1 [RFC7950] data model for the 112 configuration and management of Babel. The YANG module is based on 113 the Babel Information Model [I-D.ietf-babel-information-model]. 115 2.1. Information Model 117 There are a few things that should be noted between the Babel 118 Information Model and this data module. The information model 119 mandates the definition of some of the attributes, e.g. babel- 120 implementation-version or the babel-self-router-id. These attributes 121 are marked a read-only objects in the information module as well as 122 in this data module. However, there is no way in the data module to 123 mandate that a read-only attribute be present. It is up to the 124 implementation of this data module to make sure that the attributes 125 that are marked read-only and are mandatory are indeed present. 127 2.2. Tree Diagram 129 The following diagram illustrates a top level hierarchy of the model. 130 In addition to information like the version number implemented by 131 this device, the model contains subtrees on constants, interfaces, 132 routes and security. 134 module: ietf-babel 135 augment /rt:routing/rt:control-plane-protocols 136 /rt:control-plane-protocol: 137 +--rw babel! 138 +--ro version? string 139 +--rw enable boolean 140 +--ro router-id? binary 141 +--ro seqno? uint16 142 +--ro metric-comp-algorithms* identityref 143 +--ro security-supported* identityref 144 +--ro mac-algorithms* identityref 145 +--ro dtls-cert-types* identityref 146 +--rw stats-enable? boolean 147 +--rw constants 148 | ... 149 +--rw interfaces* [reference] 150 | ... 151 +--rw mac* [name] 152 | ... 153 +--rw dtls* [name] 154 | ... 155 +--ro routes* [prefix] 156 ... 158 The interfaces subtree describes attributes such as interface object 159 that is being referenced, the type of link as enumerated by metric- 160 algorithm and split-horizon and whether the interface is enabled or 161 not. 163 The constants subtree describes the UDP port used for sending and 164 receiving Babel messages, and the multicast group used to send and 165 receive announcements on IPv6. 167 The routes subtree describes objects such as the prefix for which the 168 route is advertised, a reference to the neighboring route, and next- 169 hop address. 171 Finally, for security two subtree are defined to contain MAC keys and 172 DTLS certificates. The mac-key-sets subtree contains keys used with 173 the MAC security mechanism. The boolean flag babel-mac-default-apply 174 indicates whether the set of MAC keys is automatically applied to new 175 interfaces. The dtls subtree contains certificates used with DTLS 176 security mechanism. Similar to the MAC mechanism, the boolean flag 177 babel-dtls-default-apply indicates whether the set of DTLS 178 certificates is automatically applied to new interfaces. 180 2.3. YANG Module 182 This module augments A YANG Data Model for Interface Management 183 [RFC8343], YANG Routing Management [RFC8349], imports definitions 184 from Common YANG Data Types [RFC6991], and references HMAC: Keyed- 185 Hashing for Message Authentication [RFC2104], Using HMAC-SHA-256, 186 HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport Layer 187 Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash and 188 Message Authentication Code (MAC) [RFC7693], Babel Information Model 189 [I-D.ietf-babel-information-model], and The Babel Routing Protocol 190 [I-D.ietf-babel-rfc6126bis]. 192 file "ietf-babel@2019-08-22.yang" 194 module ietf-babel { 195 yang-version 1.1; 196 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 197 prefix babel; 199 import ietf-yang-types { 200 prefix yt; 201 reference 202 "RFC 6991: Common YANG Data Types."; 203 } 204 import ietf-inet-types { 205 prefix inet; 206 reference 207 "RFC 6991: Common YANG Data Types."; 208 } 209 import ietf-interfaces { 210 prefix if; 211 reference 212 "RFC 8343: A YANG Data Model for Interface Management"; 213 } 214 import ietf-routing { 215 prefix "rt"; 216 reference 217 "RFC 8349: YANG Routing Management"; 218 } 220 organization 221 "IETF Babel routing protocol Working Group"; 223 contact 224 "WG Web: http://tools.ietf.org/wg/babel/ 225 WG List: babel@ietf.org 227 Editor: Mahesh Jethanandani 228 mjethanandani@gmail.com 229 Editor: Barbara Stark 230 bs7652@att.com"; 232 description 233 "This YANG module defines a model for the Babel routing 234 protocol. 236 Copyright (c) 2019 IETF Trust and the persons identified as 237 the document authors. All rights reserved. 238 Redistribution and use in source and binary forms, with or 239 without modification, is permitted pursuant to, and subject 240 to the license terms contained in, the Simplified BSD 241 License set forth in Section 4.c of the IETF Trust's Legal 242 Provisions Relating to IETF Documents 243 (http://trustee.ietf.org/license-info). 245 This version of this YANG module is part of RFC XXXX; see 246 the RFC itself for full legal notices."; 248 revision 2019-08-22 { 249 description 250 "Initial version."; 251 reference 252 "RFC XXXX: Babel YANG Data Model."; 253 } 255 /* 256 * Identities 257 */ 258 identity metric-comp-algorithms { 259 description 260 "Base identity from which all Babel metric comp algorithms 261 are derived."; 262 } 263 identity two-out-of-three { 264 base "metric-comp-algorithms"; 265 description 266 "2-out-of-3 algorithm."; 267 } 268 identity etx { 269 base "metric-comp-algorithms"; 270 description 271 "Expected Transmission Count."; 272 } 274 /* 275 * Babel security type identities 276 */ 277 identity security-supported { 278 description 279 "Base identity from which all Babel security types are 280 derived."; 281 } 283 identity mac { 284 base security-supported; 285 description 286 "Keyed MAC supported."; 287 } 289 identity dtls { 290 base security-supported; 291 description 292 "Datagram Transport Layer Security (DTLS) supported."; 293 reference 294 "RFC 6347, Datagram Transport Layer Security Version 1.2."; 295 } 297 /* 298 * Babel MAC algorithms identities. 299 */ 300 identity mac-algorithms { 301 description 302 "Base identity for all Babel MAC algorithms."; 303 } 305 identity hmac-sha256 { 306 base mac-algorithms; 307 description 308 "HMAC-SHA256 algorithm supported."; 309 reference 310 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 311 with IPsec."; 312 } 314 identity blake2s { 315 base mac-algorithms; 316 description 317 "BLAKE2s algorithm supported."; 318 reference 319 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 320 Authentication Code (MAC)."; 321 } 323 /* 324 * Babel Cert Types 325 */ 326 identity dtls-cert-types { 327 description 328 "Base identity for Babel DTLS certificate types."; 329 } 331 identity x-509 { 332 base dtls-cert-types; 333 description 334 "X.509 certificate type."; 335 } 337 identity raw-public-key { 338 base dtls-cert-types; 339 description 340 "Raw Public Key type."; 341 } 343 /* 344 * Babel routing protocol identity. 345 */ 346 identity babel { 347 base "rt:routing-protocol"; 348 description 349 "Babel routing protocol"; 350 } 352 /* 353 * Groupings 354 */ 355 grouping routes { 356 list routes { 357 key "prefix"; 358 config false; 360 leaf prefix { 361 type inet:ip-prefix; 362 description 363 "Prefix (expressed in ip-address/prefix-length format) for 364 which this route is advertised."; 365 reference 366 "RFC ZZZZ: Babel Information Model, Section 3.6."; 367 } 369 leaf router-id { 370 type binary; 371 description 372 "router-id of the source router for which this route is 373 advertised."; 374 reference 375 "RFC ZZZZ: Babel Information Model, Section 3.6."; 376 } 378 leaf neighbor { 379 type leafref { 380 path "/rt:routing/rt:control-plane-protocols/" + 381 "rt:control-plane-protocol/babel/interfaces/" + 382 "neighbor-objects/neighbor-address"; 383 } 384 description 385 "Reference to the babel-neighbors entry for the neighbor 386 that advertised this route."; 387 reference 388 "RFC ZZZZ: Babel Information Model, Section 3.6."; 389 } 391 leaf received-metric { 392 type uint16; 393 description 394 "The metric with which this route was advertised by the 395 neighbor, or maximum value (infinity) to indicate a the 396 route was recently retracted and is temporarily 397 unreachable. This metric will be 0 (zero) if the route 398 was not received from a neighbor but was generated 399 through other means. At least one of 400 babel-route-calculated-metric or 401 babel-route-received-metric MUST be non-NULL."; 402 reference 403 "RFC ZZZZ: Babel Information Model, Section 3.6, 404 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 405 Section 3.5.5."; 406 } 408 leaf calculated-metric { 409 type uint16; 410 description 411 "A calculated metric for this route. How the metric is 412 calculated is implementation-specific. Maximum value 413 (infinity) indicates the route was recently retracted 414 and is temporarily unreachable. At least one of 415 babel-route-calculated-metric or 416 babel-route-received-metric MUST be non-NULL."; 417 reference 418 "RFC ZZZZ: Babel Information Model, Section 3.6, 419 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 420 Section 3.5.5."; 421 } 423 leaf seqno { 424 type uint16; 425 description 426 "The sequence number with which this route was advertised."; 427 reference 428 "RFC ZZZZ: Babel Information Model, Section 3.6."; 429 } 431 leaf next-hop { 432 type inet:ip-address; 433 description 434 "The next-hop address of this route. This will be empty if 435 this route has no next-hop address."; 436 reference 437 "RFC ZZZZ: Babel Information Model, Section 3.6."; 438 } 440 leaf feasible { 441 type boolean; 442 description 443 "A boolean flag indicating whether this route is feasible."; 444 reference 445 "RFC ZZZZ: Babel Information Model, Section 3.6, 446 draft-ietf-babel-rfc6126bis, The Babel Routing Protocol, 447 Section 3.5.1."; 448 } 450 leaf selected { 451 type boolean; 452 description 453 "A boolean flag indicating whether this route is selected, 454 i.e., whether it is currently being used for forwarding and 455 is being advertised."; 456 reference 457 "RFC ZZZZ: Babel Information Model, Section 3.6."; 458 } 459 description 460 "A set of babel-route-obj objects. Includes received and 461 routes routes."; 462 reference 463 "RFC ZZZZ: Babel Information Model, Section 3.1."; 464 } 465 description 466 "Common grouping for routing used in RIB."; 467 } 468 /* 469 * Data model 470 */ 472 augment "/rt:routing/rt:control-plane-protocols/" + 473 "rt:control-plane-protocol" { 474 when "derived-from-or-self(rt:type, 'babel')" { 475 description 476 "Augmentation is valid only when the instance of routing type 477 is of type 'babel'."; 478 } 479 description 480 "Augment the routing module to support a common structure 481 between routing protocols."; 482 reference 483 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 484 2018."; 486 container babel { 487 presence "A Babel container."; 489 leaf version { 490 type string; 491 config false; 492 description 493 "The name and version of this implementation of the Babel 494 protocol."; 495 reference 496 "RFC ZZZZ: Babel Information Model, Section 3.1."; 497 } 499 leaf enable { 500 type boolean; 501 mandatory true; 502 description 503 "When written, it configures whether the protocol should be 504 enabled. A read from the or datastore 505 therefore indicates the configured administrative value of 506 whether the protocol is enabled or not. 508 A read from the datastore indicates whether 509 the protocol is actually running or not, i.e. it indicates 510 the operational state of the protocol."; 511 reference 512 "RFC ZZZZ: Babel Information Model, Section 3.1."; 513 } 515 leaf router-id { 516 type binary; 517 config false; 518 description 519 "Every Babel speaker is assigned a router-id, which is an 520 arbitrary string of 8 octets that is assumed to be unique 521 across the routing domain"; 522 reference 523 "RFC ZZZZ: Babel Information Model, Section 3.1, 524 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 525 Section 3."; 526 } 528 leaf seqno { 529 type uint16; 530 config false; 531 description 532 "Sequence number included in route updates for routes 533 originated by this node."; 534 reference 535 "RFC ZZZZ: Babel Information Model, Section 3.1."; 536 } 538 leaf-list metric-comp-algorithms { 539 type identityref { 540 base "metric-comp-algorithms"; 541 } 542 config false; 543 min-elements 1; 544 description 545 "List of cost compute algorithms supported by this 546 implementation of Babel."; 547 reference 548 "RFC ZZZZ: Babel Information Model, Section 3.1."; 549 } 551 leaf-list security-supported { 552 type identityref { 553 base "security-supported"; 554 } 555 config false; 556 min-elements 1; 557 description 558 "List of supported security mechanisms."; 559 reference 560 "RFC ZZZZ: Babel Information Model, Section 3.1."; 561 } 563 leaf-list mac-algorithms { 564 type identityref { 565 base mac-algorithms; 566 } 567 config false; 568 description 569 "List of supported MAC computation algorithms. Possible 570 values include 'HMAC-SHA256', 'BLAKE2s'."; 571 reference 572 "RFC ZZZZ: Babel Information Model, Section 3.1."; 573 } 575 leaf-list dtls-cert-types { 576 type identityref { 577 base dtls-cert-types; 578 } 579 config false; 580 description 581 "List of supported DTLS certificate types. Possible values 582 include 'X.509' and 'RawPublicKey'."; 583 reference 584 "RFC ZZZZ: Babel Information Model, Section 3.1."; 585 } 587 leaf stats-enable { 588 type boolean; 589 description 590 "Indicates whether statistics collection is enabled (true) 591 or disabled (false) on all interfaces."; 592 } 594 container constants { 595 leaf udp-port { 596 type inet:port-number; 597 default "6696"; 598 description 599 "UDP port for sending and receiving Babel messages. The 600 default port is 6696."; 601 reference 602 "RFC ZZZZ: Babel Information Model, Section 3.2."; 603 } 605 leaf mcast-group { 606 type inet:ip-address; 607 default "ff02::1:6"; 608 description 609 "Multicast group for sending and receiving multicast 610 announcements on IPv6."; 611 reference 612 "RFC ZZZZ: Babel Information Model, Section 3.2."; 613 } 614 description 615 "Babel Constants object."; 616 reference 617 "RFC ZZZZ: Babel Information Model, Section 3.1."; 618 } 620 list interfaces { 621 key "reference"; 623 leaf reference { 624 type if:interface-ref; 625 description 626 "References the name of the interface over which Babel 627 packets are sent and received."; 628 reference 629 "RFC ZZZZ: Babel Information Model, Section 3.3."; 630 } 632 leaf enable { 633 type boolean; 634 default "true"; 635 description 636 "If true, babel sends and receives messages on this 637 interface. If false, babel messages received on this 638 interface are ignored and none are sent."; 639 reference 640 "RFC ZZZZ: Babel Information Model, Section 3.3."; 641 } 643 leaf metric-algorithm { 644 type identityref { 645 base metric-comp-algorithms; 646 } 647 mandatory true; 648 description 649 "Indicates the metric computation algorithm used on this 650 interface. The value MUST be one of those listed in 651 'metric-comp-algorithms'."; 652 reference 653 "RFC ZZZZ: Babel Information Model, Section 3.X."; 654 } 656 leaf split-horizon { 657 type boolean; 658 description 659 "Indicates whether or not the split horizon optimization 660 is used when calculating metrics on this interface. 661 A value of true indicates split horizon optimization 662 is used."; 663 reference 664 "RFC ZZZZ: Babel Information Model, Section 3.X."; 665 } 667 leaf mcast-hello-seqno { 668 type uint16; 669 config false; 670 description 671 "The current sequence number in use for multicast hellos 672 sent on this interface."; 673 reference 674 "RFC ZZZZ: Babel Information Model, Section 3.3."; 675 } 677 leaf mcast-hello-interval { 678 type uint16; 679 units centiseconds; 680 description 681 "The current multicast hello interval in use for hellos 682 sent on this interface."; 683 reference 684 "RFC ZZZZ: Babel Information Model, Section 3.3."; 685 } 687 leaf update-interval { 688 type uint16; 689 units centiseconds; 690 description 691 "The current update interval in use for this interface. 692 Units are centiseconds."; 693 reference 694 "RFC ZZZZ: Babel Information Model, Section 3.3."; 695 } 697 leaf mac-enable { 698 type boolean; 699 description 700 "Indicates whether the MAC security mechanism is enabled 701 (true) or disabled (false)."; 702 reference 703 "RFC ZZZZ: Babel Information Model, Section 3.3."; 704 } 706 leaf-list mac-key-sets { 707 type leafref { 708 path "../../mac/name"; 709 } 710 description 711 "List of references to the babel-mac entries that apply 712 to this interface. When an interface instance is created, 713 all babel-mac-key-sets instances with 714 babel-mac-default-apply 'true' will be included in this 715 list."; 716 reference 717 "RFC ZZZZ: Babel Information Model, Section 3.3."; 718 } 720 leaf mac-verify { 721 type boolean; 722 description 723 "A Boolean flag indicating whether MAC hashes in 724 incoming Babel packets are required to be present and 725 are verified. If this parameter is 'true', incoming 726 packets are required to have a valid MAC hash."; 727 reference 728 "RFC ZZZZ: Babel Information Model, Section 3.3."; 729 } 731 leaf dtls-enable { 732 type boolean; 733 description 734 "Indicates whether the DTLS security mechanism is enabled 735 (true) or disabled (false)."; 736 reference 737 "RFC ZZZZ: Babel Information Model, Section 3.3."; 738 } 740 leaf-list dtls-certs { 741 type leafref { 742 path "../../dtls/name"; 743 } 744 description 745 "List of references to the babel-dtls-cert-sets entries 746 that apply to this interface. When an interface instance 747 is created, all babel-dtls instances with 748 babel-dtls-default-apply 'true' will be included in 749 this list."; 750 reference 751 "RFC ZZZZ: Babel Information Model, Section 3.3."; 752 } 754 leaf dtls-cached-info { 755 type boolean; 756 description 757 "Indicates whether the cached_info extension is included 758 in ClientHello and ServerHello packets. The extension 759 is included if the value is 'true'."; 760 reference 761 "RFC ZZZZ: Babel Information Model, Section 3.3."; 762 } 764 leaf-list dtls-cert-prefer { 765 type leafref { 766 path "../../dtls/certs/type"; 767 } 768 ordered-by user; 769 description 770 "List of supported certificate types, in order of 771 preference. The values MUST be among those listed in the 772 babel-dtls-cert-types parameter. This list is used to 773 populate the server_certificate_type extension in a 774 Client Hello. Values that are present in at least one 775 instance in the babel-dtls-certs object of a referenced 776 babel-dtls instance and that have a non-empty 777 babel-cert-private-key will be used to populate the 778 client_certificate_type extension in a Client Hello."; 779 reference 780 "RFC ZZZZ: Babel Information Model, Section 3.3."; 781 } 783 leaf packet-log-enable { 784 type boolean; 785 description 786 "If true, logging of babel packets received on this 787 interface is enabled; if false, babel packets are not 788 logged."; 789 reference 790 "RFC ZZZZ: Babel Information Model, Section 3.3."; 791 } 793 leaf packet-log { 794 type inet:uri; 795 config false; 796 description 797 "A reference or url link to a file that contains a 798 timestamped log of packets received and sent on 799 babel-udp-port on this interface. The [libpcap] file 800 format with .pcap file extension SHOULD be supported for 801 packet log files. Logging is enabled / disabled by 802 packet-log-enable."; 803 reference 804 "RFC ZZZZ: Babel Information Model, Section 3.3."; 805 } 807 container stats { 808 config false; 809 leaf sent-mcast-hello { 810 type yt:counter32; 811 description 812 "A count of the number of multicast Hello packets sent 813 on this interface."; 814 reference 815 "RFC ZZZZ: Babel Information Model, Section 3.4."; 816 } 818 leaf sent-mcast-update { 819 type yt:counter32; 820 description 821 "A count of the number of multicast update packets sent 822 on this interface."; 823 reference 824 "RFC ZZZZ: Babel Information Model, Section 3.4."; 825 } 827 leaf sent-ucast-hello { 828 type yt:counter32; 829 description 830 "A count of the number of unicast Hello packets sent 831 to this neighbor."; 832 reference 833 "RFC ZZZZ: Babel Information Model, Section 3.6."; 834 } 836 leaf sent-ucast-update { 837 type yt:counter32; 838 description 839 "A count of the number of unicast update packets sent 840 to this neighbor."; 841 reference 842 "RFC ZZZZ: Babel Information Model, Section 3.6."; 843 } 845 leaf sent-ihu { 846 type yt:counter32; 847 description 848 "A count of the number of IHU packets sent to this 849 neighbor."; 850 reference 851 "RFC ZZZZ: Babel Information Model, Section 3.6."; 853 } 855 leaf received-packets { 856 type yt:counter32; 857 description 858 "A count of the number of Babel packets received on 859 this interface."; 860 reference 861 "RFC ZZZZ: Babel Information Model, Section 3.4."; 862 } 863 action reset { 864 description 865 "The information model [RFC ZZZZ] defines this reset 866 action as a system-wide reset of Babel statistics 867 parameters, but in YANG the reset action has to be 868 contained in the container where the action needs to 869 be performed."; 871 input { 872 leaf reset-at { 873 type yt:date-and-time; 874 description 875 "The time when the reset was issued."; 876 } 877 } 878 output { 879 leaf reset-finished-at { 880 type yt:date-and-time; 881 description 882 "The time when the reset finished."; 883 } 884 } 885 } 886 description 887 "Statistics collection object for this interface."; 888 reference 889 "RFC ZZZZ: Babel Information Model, Section 3.3."; 890 } 892 list neighbor-objects { 893 key "neighbor-address"; 894 config false; 896 leaf neighbor-address { 897 type inet:ip-address; 898 description 899 "IPv4 or v6 address the neighbor sends packets from."; 900 reference 901 "RFC ZZZZ: Babel Information Model, Section 3.5."; 902 } 904 leaf hello-mcast-history { 905 type string; 906 description 907 "The multicast Hello history of whether or not the 908 multicast Hello packets prior to babel-exp-mcast- 909 hello-seqno were received, with a '1' for the most 910 recent Hello placed in the most significant bit and 911 prior Hellos shifted right (with '0' bits placed 912 between prior Hellos and most recent Hello for any 913 not-received Hellos); represented as a string using 914 utf-8 encoded hex digits where a '1' bit = Hello 915 received and a '0' bit = Hello not received."; 916 reference 917 "RFC ZZZZ: Babel Information Model, Section 3.5."; 918 } 920 leaf hello-ucast-history { 921 type string; 922 description 923 "The unicast Hello history of whether or not the 924 unicast Hello packets prior to babel-exp-ucast- 925 hello-seqno were received, with a '1' for the most 926 recent Hello placed in the most significant bit and 927 prior Hellos shifted right (with '0' bits placed 928 between prior Hellos and most recent Hello for any 929 not-received Hellos); represented as a string using 930 utf-8 encoded hex digits where a '1' bit = Hello 931 received and a '0' bit = Hello not received."; 932 reference 933 "RFC ZZZZ: Babel Information Model, Section 3.5."; 934 } 936 leaf txcost { 937 type int32; 938 default "0"; 939 description 940 "Transmission cost value from the last IHU packet 941 received from this neighbor, or maximum value 942 (infinity) to indicate the IHU hold timer for this 943 neighbor has expired description."; 944 reference 945 "RFC ZZZZ: Babel Information Model, Section 3.5."; 946 } 948 leaf exp-mcast-hello-seqno { 949 type uint16; 950 default "0"; 951 description 952 "Expected multicast Hello sequence number of next Hello 953 to be received from this neighbor; if multicast Hello 954 packets are not expected, or processing of multicast 955 packets is not enabled, this MUST be NULL."; 956 reference 957 "RFC ZZZZ: Babel Information Model, Section 3.5."; 958 } 960 leaf exp-ucast-hello-seqno { 961 type uint16; 962 default "0"; 963 description 964 "Expected unicast Hello sequence number of next Hello to 965 be received from this neighbor; if unicast Hello 966 packets are not expected, or processing of unicast 967 packets is not enabled, this MUST be NULL."; 968 reference 969 "RFC ZZZZ: Babel Information Model, Section 3.5."; 970 } 972 leaf ucast-hello-seqno { 973 type uint16; 974 description 975 "Expected unicast Hello sequence number of next Hello 976 to be received from this neighbor. If unicast Hello 977 packets are not expected, or processing of unicast 978 packets is not enabled, this MUST be 0."; 979 reference 980 "RFC ZZZZ: Babel Information Model, Section 3.5."; 981 } 983 leaf ucast-hello-interval { 984 type uint16; 985 units centiseconds; 986 description 987 "The current interval in use for unicast hellos sent to 988 this neighbor. Units are centiseconds."; 989 reference 990 "RFC ZZZZ: Babel Information Model, Section 3.5."; 991 } 993 leaf rxcost { 994 type int32; 995 description 996 "Reception cost calculated for this neighbor. This value 997 is usually derived from the Hello history, which may be 998 combined with other data, such as statistics maintained 999 by the link layer. The rxcost is sent to a neighbor in 1000 each IHU."; 1001 reference 1002 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1003 } 1005 leaf cost { 1006 type int32; 1007 description 1008 "Link cost is computed from the values maintained in 1009 the neighbor table. The statistics kept in the neighbor 1010 table about the reception of Hellos, and the txcost 1011 computed from received IHU packets."; 1012 reference 1013 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1014 } 1015 description 1016 "A set of Babel Neighbor Object."; 1017 reference 1018 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1019 } 1020 description 1021 "A set of Babel Interface objects."; 1022 reference 1023 "RFC ZZZZ: Babel Information Model, Section 3.3."; 1024 } 1026 list mac { 1027 key "name"; 1029 leaf name { 1030 type string; 1031 description 1032 "A string that uniquely identifies the mac object."; 1033 } 1035 leaf default-apply { 1036 type boolean; 1037 description 1038 "A Boolean flag indicating whether this babel-mac 1039 instance is applied to all new interfaces, by default. If 1040 'true', this instance is applied to new 1041 babel-interfaces instances at the time they are created, 1042 by including it in the babel-interface-mac-keys list. 1043 If 'false', this instance is not applied to new 1044 babel-interfaces instances when they are created."; 1046 reference 1047 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1048 } 1050 list keys { 1051 key "name"; 1052 min-elements "1"; 1054 leaf name { 1055 type string; 1056 mandatory true; 1057 description 1058 "A unique name for this MAC key that can be used to 1059 identify the key in this object instance, since the key 1060 value is not allowed to be read. This value can only be 1061 provided when this instance is created, and is not 1062 subsequently writable."; 1063 reference 1064 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1065 } 1067 leaf use-sign { 1068 type boolean; 1069 mandatory true; 1070 description 1071 "Indicates whether this key value is used to sign sent 1072 Babel packets. Sent packets are signed using this key 1073 if the value is 'true'. If the value is 'false', this 1074 key is not used to sign sent Babel packets."; 1075 reference 1076 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1077 } 1079 leaf use-verify { 1080 type boolean; 1081 mandatory true; 1082 description 1083 "Indicates whether this key value is used to verify 1084 incoming Babel packets. This key is used to verify 1085 incoming packets if the value is 'true'. If the value 1086 is 'false', no MAC is computed from this key for 1087 comparing an incoming packet."; 1088 reference 1089 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1090 } 1092 leaf value { 1093 type binary; 1094 mandatory true; 1095 description 1096 "The value of the MAC key. An implementation MUST NOT 1097 allow this parameter to be read. This can be done by 1098 always providing an empty string, or through 1099 permissions, or other means. This value MUST be 1100 provided when this instance is created, and is not 1101 subsequently writable. 1103 This value is of a length suitable for the associated 1104 babel-mac-key-algorithm. If the algorithm is based on 1105 the HMAC construction [RFC2104], the length MUST be 1106 between 0 and the block size of the underlying hash 1107 inclusive (where 'HMAC-SHA256' block size is 64 1108 bytes as described in [RFC4868]). If the algorithm 1109 is 'BLAKE2s', the length MUST be between 0 and 32 1110 bytes inclusive, as described in [RFC7693]."; 1111 reference 1112 "RFC ZZZZ: Babel Information Model, Section 3.8, 1113 RFC 2104: HMAC: Keyed-Hashing for Message 1114 Authentication 1115 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1116 HMAC-SHA-512 with IPsec, 1117 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1118 Authentication Code (MAC)."; 1119 } 1121 leaf algorithm { 1122 type identityref { 1123 base mac-algorithms; 1124 } 1125 description 1126 "The name of the MAC algorithm used with this key. The 1127 value MUST be the same as one of the enumerations 1128 listed in the babel-mac-algorithms parameter."; 1129 reference 1130 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1131 } 1133 action test { 1134 input { 1135 leaf test-string { 1136 type binary; 1137 mandatory true; 1138 description 1139 "The test string on which this test has to be 1140 performed."; 1141 } 1143 } 1144 output { 1145 leaf resulting-hash { 1146 type binary; 1147 mandatory true; 1148 description 1149 "An operation that allows the MAC key and hash 1150 algorithm to be tested to see if they produce an 1151 expected outcome. Input to this operation is a 1152 binary string. The implementation is expected to 1153 create a hash of this string using the 1154 babel-mac-key-value and the babel-mac-algorithm. 1155 The output of this operation is the resulting hash, 1156 as a binary string."; 1157 reference 1158 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1159 } 1160 } 1161 } 1162 description 1163 "A set of babel-mac-keys-obj objects."; 1164 reference 1165 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1166 } 1167 description 1168 "A babel-mac-obj object. If this object is implemented, it 1169 provides access to parameters related to the MAC security 1170 mechanism."; 1171 reference 1172 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1173 } 1175 list dtls { 1176 key "name"; 1178 leaf name { 1179 type string; 1180 description 1181 "A string that uniquely identifies a dtls object."; 1182 } 1184 leaf default-apply { 1185 type boolean; 1186 mandatory true; 1187 description 1188 "A Boolean flag indicating whether this babel-dtls 1189 instance is applied to all new interfaces, by default. If 1190 'true', this instance is applied to new babel-interfaces 1191 instances at the time they are created, by including it 1192 in the babel-interface-dtls-certs list. If 'false', 1193 this instance is not applied to new babel-interfaces 1194 instances when they are created."; 1195 reference 1196 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1197 } 1199 list certs { 1200 key "name"; 1201 min-elements "1"; 1203 leaf name { 1204 type string; 1205 description 1206 "A unique name for this DTLS certificate that can be 1207 used to identify the certificate in this object 1208 instance, since the value is too long to be useful 1209 for identification. This value MUST NOT be empty 1210 and can only be provided when this instance is created 1211 (i.e., it is not subsequently writable)."; 1212 reference 1213 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1214 } 1216 leaf value { 1217 type string; 1218 mandatory true; 1219 description 1220 "The DTLS certificate in PEM format [RFC7468]. This 1221 value can only be provided when this instance is 1222 created, and is not subsequently writable."; 1223 reference 1224 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1225 } 1227 leaf type { 1228 type identityref { 1229 base dtls-cert-types; 1230 } 1231 mandatory true; 1232 description 1233 "The name of the certificate type of this object 1234 instance. The value MUST be the same as one of the 1235 enumerations listed in the babel-dtls-cert-types 1236 parameter. This value can only be provided when this 1237 instance is created, and is not subsequently writable."; 1238 reference 1239 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1240 } 1242 leaf private-key { 1243 type binary; 1244 mandatory true; 1245 description 1246 "The value of the private key. If this is non-empty, 1247 this certificate can be used by this implementation to 1248 provide a certificate during DTLS handshaking. An 1249 implementation MUST NOT allow this parameter to be 1250 read. This can be done by always providing an empty 1251 string, or through permissions, or other means. This 1252 value can only be provided when this instance is 1253 created, and is not subsequently writable."; 1254 reference 1255 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1256 } 1258 action test { 1259 input { 1260 leaf test-string { 1261 type binary; 1262 mandatory true; 1263 description 1264 "The test string on which this test has to be 1265 performed."; 1266 } 1267 } 1268 output { 1269 leaf resulting-hash { 1270 type binary; 1271 mandatory true; 1272 description 1273 "The output of this operation is a binary string, 1274 and is the resulting hash computed using the 1275 certificate public key, and the SHA-256 1276 hash algorithm."; 1277 } 1278 } 1279 } 1280 description 1281 "A set of babel-dtls-keys-obj objects. This contains 1282 both certificates for this implementation to present 1283 for authentication, and to accept from others. 1284 Certificates with a non-empty babel-cert-private-key 1285 can be presented by this implementation for 1286 authentication."; 1288 reference 1289 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1290 } 1291 description 1292 "A babel-dtls-obj object. If this object is implemented, 1293 it provides access to parameters related to the DTLS 1294 security mechanism."; 1295 reference 1296 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1297 } 1298 description 1299 "Babel Information Objects."; 1300 reference 1301 "RFC ZZZZ: Babel Information Model, Section 3."; 1303 uses routes; 1304 } 1305 } 1306 } 1308 1310 3. IANA Considerations 1312 This document registers one URIs and one YANG module. 1314 3.1. URI Registrations 1316 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1318 3.2. YANG Module Name Registration 1320 This document registers one YANG module in the YANG Module Names 1321 registry YANG [RFC6020]. 1323 Name:ietf-babel 1324 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1325 prefix: babel 1326 reference: RFC XXXX 1328 4. Security Considerations 1330 The YANG module specified in this document defines a schema for data 1331 that is designed to be accessed via network management protocol such 1332 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1333 is the secure transport layer and the mandatory-to-implement secure 1334 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1335 the mandatory-to-implement secure transport is TLS [RFC8446]. 1337 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1338 to restrict access for particular NETCONF users to a pre-configured 1339 subset of all available NETCONF protocol operations and content. 1341 There are a number of data nodes defined in the YANG module which are 1342 writable/created/deleted (i.e., config true, which is the default). 1343 These data nodes may be considered sensitive or vulnerable in some 1344 network environments. Write operations (e.g., ) to 1345 these data nodes without proper protection can have a negative effect 1346 on network operations.These are the subtrees and data nodes and their 1347 sensitivity/vulnerability from a config true perspective: 1349 babel: This container includes an "enable" parameter that can be used 1350 to enable or disable use of Babel on a router 1352 babel/constants: This container includes configuration parameters 1353 that can prevent reachability if misconfigured. 1355 babel/interfaces: This leaf-list has configuration parameters that 1356 can enable/disable security mechanisms and change performance 1357 characteristics of the Babel protocol. 1359 babel/hmac and babel/dtls: These contain security credentials that 1360 influence whether packets are trusted. 1362 Some of the readable data or config false nodes in this YANG module 1363 may be considered sensitive or vulnerable in some network 1364 environments. It is thus important to control read access (e.g., via 1365 get, get-config, or notification) to these data nodes. These are the 1366 subtrees and data nodes and their sensitivity/vulnerability from a 1367 config false perpective: 1369 babel: Access to the information in the various nodes can disclose 1370 the network topology. Additionally, the routes used by a network 1371 device may be used to mount a subsequent attack on traffic traversing 1372 the network device. 1374 babel/hmac and babel/dtls: These contain security credentials, 1375 include private credentials of the router. 1377 Some of the RPC operations in this YANG module may be considered 1378 sensitive or vulnerable in some network environments. It is thus 1379 important to control access to these operations. These are the 1380 operations and their sensitivity/vulnerability from a RPC operation 1381 perspective: 1383 babel/hmac/hmac/keys/test and babel/dtls/certs/test: These can be 1384 used in a brute force attack to identify the credentials being used 1385 to secure the Babel protocol. 1387 5. Acknowledgements 1389 Juliusz Chroboczek provided most of the example configurations for 1390 babel that are shown in the Appendix. 1392 6. References 1394 6.1. Normative References 1396 [I-D.ietf-babel-rfc6126bis] 1397 Chroboczek, J. and D. Schinazi, "The Babel Routing 1398 Protocol", draft-ietf-babel-rfc6126bis-14 (work in 1399 progress), August 2019. 1401 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1402 Requirement Levels", BCP 14, RFC 2119, 1403 DOI 10.17487/RFC2119, March 1997, 1404 . 1406 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1407 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1408 DOI 10.17487/RFC4868, May 2007, 1409 . 1411 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1412 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1413 January 2012, . 1415 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1416 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1417 . 1419 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1420 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1421 . 1423 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1424 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1425 May 2017, . 1427 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1428 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1429 . 1431 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1432 Routing Management (NMDA Version)", RFC 8349, 1433 DOI 10.17487/RFC8349, March 2018, 1434 . 1436 6.2. Informative References 1438 [I-D.ietf-babel-information-model] 1439 Stark, B. and M. Jethanandani, "Babel Information Model", 1440 draft-ietf-babel-information-model-08 (work in progress), 1441 August 2019. 1443 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1444 Hashing for Message Authentication", RFC 2104, 1445 DOI 10.17487/RFC2104, February 1997, 1446 . 1448 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1449 the Network Configuration Protocol (NETCONF)", RFC 6020, 1450 DOI 10.17487/RFC6020, October 2010, 1451 . 1453 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1454 and A. Bierman, Ed., "Network Configuration Protocol 1455 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1456 . 1458 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1459 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1460 . 1462 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1463 Cryptographic Hash and Message Authentication Code (MAC)", 1464 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1465 . 1467 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1468 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1469 . 1471 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1472 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1473 . 1475 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1476 Access Control Model", STD 91, RFC 8341, 1477 DOI 10.17487/RFC8341, March 2018, 1478 . 1480 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1481 and R. Wilton, "Network Management Datastore Architecture 1482 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1483 . 1485 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1486 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1487 . 1489 Appendix A. An Appendix 1491 This section is devoted to examples that demonstrate how Babel can be 1492 configured. 1494 A.1. Statistics Gathering Enabled 1496 In this example, interface eth0 is being configured for routing 1497 protocol Babel, and statistics gathering is enabled. 1499 1500 1501 1503 1504 eth0 1505 ianaift:ethernetCsmacd 1506 true 1507 1508 1509 1511 1512 1513 babel:babel 1515 1516 name:babel 1517 1519 true 1520 1521 eth0 1522 two-out-of-three 1523 true 1524 1525 true 1526 1527 1528 1529 1530 1532 A.2. Automatic Detection of Properties 1534 1544 1545 1546 1548 1549 eth0 1550 ianaift:ethernetCsmacd 1551 true 1552 1553 1554 wlan0 1555 ianaift:ieee80211 1556 true 1557 1558 1559 1561 1562 1563 babel:babel 1565 1566 name:babel 1567 1569 true 1570 1571 eth0 1572 true 1573 two-out-of-three 1574 true 1575 1576 1577 wlan0 1578 true 1579 etx 1580 false 1581 1582 1583 1584 1585 1586 1588 A.3. Override Default Properties 1590 1607 1608 1609 1611 1612 eth0 1613 ianaift:ethernetCsmacd 1614 true 1615 1616 1617 eth1 1618 ianaift:ethernetCsmacd 1619 true 1620 1621 1622 tun0 1623 ianaift:tunnel 1624 true 1625 1626 1627 1629 1630 1631 babel:babel 1633 1634 name:babel 1635 1637 true 1638 1639 eth0 1640 true 1641 two-out-of-three 1642 true 1644 1645 1646 eth1 1647 true 1648 etx 1649 false 1650 1651 1652 tun0 1653 true 1654 two-out-of-three 1655 true 1656 1657 1658 1659 1660 1661 1663 A.4. Configuring other Properties 1665 1675 1676 1677 1679 1680 eth0 1681 ianaift:ethernetCsmacd 1682 true 1683 1684 1685 ppp0 1686 ianaift:ppp 1687 true 1688 1689 1690 1693 1694 1695 babel:babel 1697 1698 name:babel 1699 1701 true 1702 1703 eth0 1704 true 1705 two-out-of-three 1706 true 1707 1708 1709 ppp0 1710 true 1711 30 1712 120 1713 two-out-of-three 1714 1715 1716 1717 1718 1719 1721 Authors' Addresses 1723 Mahesh Jethanandani 1724 VMware 1725 California 1726 USA 1728 Email: mjethanandani@gmail.com 1730 Barbara Stark 1731 AT&T 1732 Atlanta, GA 1733 USA 1735 Email: barbara.stark@att.com