idnits 2.17.1 draft-ietf-babel-yang-model-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 7, 2020) is 1569 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-20) exists of draft-ietf-babel-rfc6126bis-16 ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-14) exists of draft-ietf-babel-information-model-10 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft VMware 4 Intended status: Standards Track B. Stark 5 Expires: July 10, 2020 AT&T 6 January 7, 2020 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-05 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on July 10, 2020. 41 Copyright Notice 43 Copyright (c) 2020 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 60 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 61 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 63 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 64 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 66 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29 67 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 29 69 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 70 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 71 6.1. Normative References . . . . . . . . . . . . . . . . . . 30 72 6.2. Informative References . . . . . . . . . . . . . . . . . 31 73 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 32 74 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 32 75 A.2. Automatic Detection of Properties . . . . . . . . . . . . 34 76 A.3. Override Default Properties . . . . . . . . . . . . . . . 35 77 A.4. Configuring other Properties . . . . . . . . . . . . . . 36 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 80 1. Introduction 82 This document defines a data model for the Babel routing protocol 83 [I-D.ietf-babel-rfc6126bis]. The data model is defined using YANG 84 1.1 [RFC7950] data modeling language and is Network Management 85 Datastore Architecture (NDMA) [RFC8342] compatible. It is based on 86 the Babel Information Model [I-D.ietf-babel-information-model]. 88 1.1. Note to RFC Editor 90 Artwork in this document contains shorthand references to drafts in 91 progress. Please apply the following replacements and remove this 92 note before publication. 94 o "XXXX" --> the assigned RFC value for this draft both in this 95 draft and in the YANG models under the revision statement. 97 o "ZZZZ" --> the assigned RFC value for Babel Information Model 98 [I-D.ietf-babel-information-model] 100 o Revision date in model, in the format 2020-01-07 needs to get 101 updated with the date the draft gets approved. The date also 102 needs to get reflected on the line with . 104 1.2. Tree Diagram Annotations 106 For a reference to the annotations used in tree diagrams included in 107 this draft, please see YANG Tree Diagrams [RFC8340]. 109 2. Babel Module 111 This document defines a YANG 1.1 [RFC7950] data model for the 112 configuration and management of Babel. The YANG module is based on 113 the Babel Information Model [I-D.ietf-babel-information-model]. 115 2.1. Information Model 117 There are a few things that should be noted between the Babel 118 Information Model and this data module. The information model 119 mandates the definition of some of the attributes, e.g. babel- 120 implementation-version or the babel-self-router-id. These attributes 121 are marked a read-only objects in the information module as well as 122 in this data module. However, there is no way in the data module to 123 mandate that a read-only attribute be present. It is up to the 124 implementation of this data module to make sure that the attributes 125 that are marked read-only and are mandatory are indeed present. 127 2.2. Tree Diagram 129 The following diagram illustrates a top level hierarchy of the model. 130 In addition to information like the version number implemented by 131 this device, the model contains subtrees on constants, interfaces, 132 routes and security. 134 module: ietf-babel 135 augment /rt:routing/rt:control-plane-protocols 136 /rt:control-plane-protocol: 137 +--rw babel! 138 +--ro version? string 139 +--rw enable boolean 140 +--ro router-id? binary 141 +--ro seqno? uint16 142 +--rw stats-enable? boolean 143 +--rw constants 144 | ... 145 +--rw interfaces* [reference] 146 | ... 147 +--rw mac* [name] 148 | ... 149 +--rw dtls* [name] 150 | ... 151 +--ro routes* [prefix] 152 ... 154 The interfaces subtree describes attributes such as interface object 155 that is being referenced, the type of link as enumerated by metric- 156 algorithm and split-horizon and whether the interface is enabled or 157 not. 159 The constants subtree describes the UDP port used for sending and 160 receiving Babel messages, and the multicast group used to send and 161 receive announcements on IPv6. 163 The routes subtree describes objects such as the prefix for which the 164 route is advertised, a reference to the neighboring route, and next- 165 hop address. 167 Finally, for security two subtree are defined to contain MAC keys and 168 DTLS certificates. The mac subtree contains keys used with the MAC 169 security mechanism. The boolean flag default-apply indicates whether 170 the set of MAC keys is automatically applied to new interfaces. The 171 dtls subtree contains certificates used with DTLS security mechanism. 172 Similar to the MAC mechanism, the boolean flag default-apply 173 indicates whether the set of DTLS certificates is automatically 174 applied to new interfaces. 176 2.3. YANG Module 178 This YANG module augments the YANG Routing Management [RFC8349] 179 module to provide a common framework for all routing subsystems. By 180 augmenting the module it provides a common building block for routes, 181 and Routing Information Bases (RIBs). It also has a reference to an 182 interface defined by A YANG Data Model for Interface Management 183 [RFC8343]. 185 A router running Babel routing protocol can determine the parameters 186 it needs to use for an interface based on the interface name. For 187 example, it can detect that eth0 is a wired interface, and that wlan0 188 is a wireless interface. This is not true for a tunnel interface, 189 where the link parameters need to be configured explicitly. 191 For a wired interface, it will assume '2-out-of-3' 'metric- 192 algorithm', and 'split-horizon' set to true. On other hand, for a 193 wireless interface it will assume 'etx' 'metric-algorithm', and 194 'split-horizon' set to false. However, if the wired link is 195 connected to a wireless radio, the values can be overriden by setting 196 'metric-algorithm' to 'etx', and 'split-horizon' to false. 197 Similarly, an interface that is a metered 3G link, and used for 198 fallback connectivity needs much higher default time constants, e.g. 199 'mcast-hello-interval', and 'update-interval', in order to avoid 200 carrying control traffic as much as possible. 202 In addition to the modules used above, this module imports 203 definitions from Common YANG Data Types [RFC6991], and references 204 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC- 205 SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport 206 Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash 207 and Message Authentication Code (MAC) [RFC7693], Babel Information 208 Model [I-D.ietf-babel-information-model], and The Babel Routing 209 Protocol [I-D.ietf-babel-rfc6126bis]. 211 file "ietf-babel@2020-01-07.yang" 213 module ietf-babel { 214 yang-version 1.1; 215 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 216 prefix babel; 218 import ietf-yang-types { 219 prefix yt; 220 reference 221 "RFC 6991: Common YANG Data Types."; 222 } 223 import ietf-inet-types { 224 prefix inet; 225 reference 226 "RFC 6991: Common YANG Data Types."; 227 } 228 import ietf-interfaces { 229 prefix if; 230 reference 231 "RFC 8343: A YANG Data Model for Interface Management"; 232 } 233 import ietf-routing { 234 prefix "rt"; 235 reference 236 "RFC 8349: YANG Routing Management"; 237 } 239 organization 240 "IETF Babel routing protocol Working Group"; 242 contact 243 "WG Web: http://tools.ietf.org/wg/babel/ 244 WG List: babel@ietf.org 246 Editor: Mahesh Jethanandani 247 mjethanandani@gmail.com 248 Editor: Barbara Stark 249 bs7652@att.com"; 251 description 252 "This YANG module defines a model for the Babel routing 253 protocol. 255 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 256 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 257 'MAY', and 'OPTIONAL' in this document are to be interpreted as 258 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 259 they appear in all capitals, as shown here. 261 Copyright (c) 2020 IETF Trust and the persons identified as 262 authors of the code. All rights reserved. 264 Redistribution and use in source and binary forms, with or 265 without modification, is permitted pursuant to, and subject to 266 the license terms contained in, the Simplified BSD License set 267 forth in Section 4.c of the IETF Trust's Legal Provisions 268 Relating to IETF Documents 269 (https://trustee.ietf.org/license-info). 271 This version of this YANG module is part of RFC XXXX 272 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 273 for full legal notices."; 275 revision 2020-01-07 { 276 description 277 "Initial version."; 279 reference 280 "RFC XXXX: Babel YANG Data Model."; 281 } 283 /* 284 * Features 285 */ 286 feature two-out-of-three-supported { 287 description 288 "This implementation supports two-out-of-three metric 289 comp algorithm."; 290 } 292 feature etx-supported { 293 description 294 "This implementation supports Expected Transmission Count 295 (ETX) metric comp algorithm."; 296 } 298 feature mac-supported { 299 description 300 "This implementation supports MAC based security."; 301 } 303 feature dtls-supported { 304 description 305 "This implementation supports DTLS based security."; 306 } 308 feature hmac-sha256-supported { 309 description 310 "This implementation supports hmac-sha256 MAC algorithm."; 311 } 313 feature blake2s-supported { 314 description 315 "This implementation supports blake2 MAC algorithm."; 316 } 318 feature x-509-supported { 319 description 320 "This implementation supports x-509 certificate type."; 321 } 323 feature raw-public-key-supported { 324 description 325 "This implementation supports raw-public-key certificate type."; 326 } 327 /* 328 * Identities 329 */ 330 identity metric-comp-algorithms { 331 description 332 "Base identity from which all Babel metric comp algorithms 333 are derived."; 334 } 336 identity two-out-of-three { 337 base "metric-comp-algorithms"; 338 if-feature two-out-of-three-supported; 339 description 340 "2-out-of-3 algorithm."; 341 } 343 identity etx { 344 base "metric-comp-algorithms"; 345 if-feature etx-supported; 346 description 347 "Expected Transmission Count."; 348 } 350 /* 351 * Babel MAC algorithms identities. 352 */ 353 identity mac-algorithms { 354 description 355 "Base identity for all Babel MAC algorithms."; 356 } 358 identity hmac-sha256 { 359 base mac-algorithms; 360 if-feature mac-supported; 361 if-feature hmac-sha256-supported; 362 description 363 "HMAC-SHA256 algorithm supported."; 364 reference 365 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 366 with IPsec."; 367 } 369 identity blake2s { 370 base mac-algorithms; 371 if-feature mac-supported; 372 if-feature blake2s-supported; 373 description 374 "BLAKE2s algorithm supported."; 376 reference 377 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 378 Authentication Code (MAC)."; 379 } 381 /* 382 * Babel Cert Types 383 */ 384 identity dtls-cert-types { 385 description 386 "Base identity for Babel DTLS certificate types."; 387 } 389 identity x-509 { 390 base dtls-cert-types; 391 if-feature dtls-supported; 392 if-feature x-509-supported; 393 description 394 "X.509 certificate type."; 395 } 397 identity raw-public-key { 398 base dtls-cert-types; 399 if-feature dtls-supported; 400 if-feature raw-public-key-supported; 401 description 402 "Raw Public Key type."; 403 } 405 /* 406 * Babel routing protocol identity. 407 */ 408 identity babel { 409 base "rt:routing-protocol"; 410 description 411 "Babel routing protocol"; 412 } 414 /* 415 * Groupings 416 */ 417 grouping routes { 418 list routes { 419 key "prefix"; 420 config false; 422 leaf prefix { 423 type inet:ip-prefix; 424 description 425 "Prefix (expressed in ip-address/prefix-length format) for 426 which this route is advertised."; 427 reference 428 "RFC ZZZZ: Babel Information Model, Section 3.6."; 429 } 431 leaf router-id { 432 type binary; 433 description 434 "router-id of the source router for which this route is 435 advertised."; 436 reference 437 "RFC ZZZZ: Babel Information Model, Section 3.6."; 438 } 440 leaf neighbor { 441 type leafref { 442 path "/rt:routing/rt:control-plane-protocols/" + 443 "rt:control-plane-protocol/babel/interfaces/" + 444 "neighbor-objects/neighbor-address"; 445 } 446 description 447 "Reference to the neighbor-objects entry for the neighbor 448 that advertised this route."; 449 reference 450 "RFC ZZZZ: Babel Information Model, Section 3.6."; 451 } 453 leaf received-metric { 454 type uint16; 455 description 456 "The metric with which this route was advertised by the 457 neighbor, or maximum value (infinity) to indicate the 458 route was recently retracted and is temporarily 459 unreachable. This metric will be 0 (zero) if the route 460 was not received from a neighbor but was generated 461 through other means. At least one of 462 calculated-metric or received-metric MUST be non-NULL."; 463 reference 464 "RFC ZZZZ: Babel Information Model, Section 3.6, 465 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 466 Section 3.5.5."; 467 } 469 leaf calculated-metric { 470 type uint16; 471 description 472 "A calculated metric for this route. How the metric is 473 calculated is implementation-specific. Maximum value 474 (infinity) indicates the route was recently retracted 475 and is temporarily unreachable. At least one of 476 calculated-metric or received-metric MUST be non-NULL."; 477 reference 478 "RFC ZZZZ: Babel Information Model, Section 3.6, 479 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 480 Section 3.5.5."; 481 } 483 leaf seqno { 484 type uint16; 485 description 486 "The sequence number with which this route was advertised."; 487 reference 488 "RFC ZZZZ: Babel Information Model, Section 3.6."; 489 } 491 leaf next-hop { 492 type inet:ip-address; 493 description 494 "The next-hop address of this route. This will be empty if 495 this route has no next-hop address."; 496 reference 497 "RFC ZZZZ: Babel Information Model, Section 3.6."; 498 } 500 leaf feasible { 501 type boolean; 502 description 503 "A boolean flag indicating whether this route is feasible."; 504 reference 505 "RFC ZZZZ: Babel Information Model, Section 3.6, 506 draft-ietf-babel-rfc6126bis, The Babel Routing Protocol, 507 Section 3.5.1."; 508 } 510 leaf selected { 511 type boolean; 512 description 513 "A boolean flag indicating whether this route is selected, 514 i.e., whether it is currently being used for forwarding and 515 is being advertised."; 516 reference 517 "RFC ZZZZ: Babel Information Model, Section 3.6."; 518 } 519 description 520 "A set of babel-route-obj objects. Includes received and 521 routes routes."; 522 reference 523 "RFC ZZZZ: Babel Information Model, Section 3.1."; 524 } 525 description 526 "Common grouping for routing used in RIB."; 527 } 529 /* 530 * Data model 531 */ 533 augment "/rt:routing/rt:control-plane-protocols/" + 534 "rt:control-plane-protocol" { 535 when "derived-from-or-self(rt:type, 'babel')" { 536 description 537 "Augmentation is valid only when the instance of routing type 538 is of type 'babel'."; 539 } 540 description 541 "Augment the routing module to support a common structure 542 between routing protocols."; 543 reference 544 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 545 2018."; 547 container babel { 548 presence "A Babel container."; 549 description 550 "Babel Information Objects."; 551 reference 552 "RFC ZZZZ: Babel Information Model, Section 3."; 554 leaf version { 555 type string; 556 config false; 557 description 558 "The name and version of this implementation of the Babel 559 protocol."; 560 reference 561 "RFC ZZZZ: Babel Information Model, Section 3.1."; 562 } 564 leaf enable { 565 type boolean; 566 mandatory true; 567 description 568 "When written, it configures whether the protocol should be 569 enabled. A read from the or datastore 570 therefore indicates the configured administrative value of 571 whether the protocol is enabled or not. 573 A read from the datastore indicates whether 574 the protocol is actually running or not, i.e. it indicates 575 the operational state of the protocol."; 576 reference 577 "RFC ZZZZ: Babel Information Model, Section 3.1."; 578 } 580 leaf router-id { 581 type binary; 582 config false; 583 description 584 "Every Babel speaker is assigned a router-id, which is an 585 arbitrary string of 8 octets that is assumed to be unique 586 across the routing domain"; 587 reference 588 "RFC ZZZZ: Babel Information Model, Section 3.1, 589 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 590 Section 3."; 591 } 593 leaf seqno { 594 type uint16; 595 config false; 596 description 597 "Sequence number included in route updates for routes 598 originated by this node."; 599 reference 600 "RFC ZZZZ: Babel Information Model, Section 3.1."; 601 } 603 leaf stats-enable { 604 type boolean; 605 description 606 "Indicates whether statistics collection is enabled (true) 607 or disabled (false) on all interfaces."; 608 } 610 container constants { 611 description 612 "Babel Constants object."; 613 reference 614 "RFC ZZZZ: Babel Information Model, Section 3.1."; 616 leaf udp-port { 617 type inet:port-number; 618 default "6696"; 619 description 620 "UDP port for sending and receiving Babel messages. The 621 default port is 6696."; 622 reference 623 "RFC ZZZZ: Babel Information Model, Section 3.2."; 624 } 626 leaf mcast-group { 627 type inet:ip-address; 628 default "ff02::1:6"; 629 description 630 "Multicast group for sending and receiving multicast 631 announcements on IPv6."; 632 reference 633 "RFC ZZZZ: Babel Information Model, Section 3.2."; 634 } 635 } 637 list interfaces { 638 key "reference"; 640 description 641 "A set of Babel Interface objects."; 642 reference 643 "RFC ZZZZ: Babel Information Model, Section 3.3."; 645 leaf reference { 646 type if:interface-ref; 647 description 648 "References the name of the interface over which Babel 649 packets are sent and received."; 650 reference 651 "RFC ZZZZ: Babel Information Model, Section 3.3."; 652 } 654 leaf enable { 655 type boolean; 656 default "true"; 657 description 658 "If true, babel sends and receives messages on this 659 interface. If false, babel messages received on this 660 interface are ignored and none are sent."; 661 reference 662 "RFC ZZZZ: Babel Information Model, Section 3.3."; 663 } 664 leaf metric-algorithm { 665 type identityref { 666 base metric-comp-algorithms; 667 } 668 mandatory true; 669 description 670 "Indicates the metric computation algorithm used on this 671 interface. The value MUST be one of those identities 672 based on 'metric-comp-algorithms'."; 673 reference 674 "RFC ZZZZ: Babel Information Model, Section 3.X."; 675 } 677 leaf split-horizon { 678 type boolean; 679 description 680 "Indicates whether or not the split horizon optimization 681 is used when calculating metrics on this interface. 682 A value of true indicates split horizon optimization 683 is used."; 684 reference 685 "RFC ZZZZ: Babel Information Model, Section 3.X."; 686 } 688 leaf mcast-hello-seqno { 689 type uint16; 690 config false; 691 description 692 "The current sequence number in use for multicast hellos 693 sent on this interface."; 694 reference 695 "RFC ZZZZ: Babel Information Model, Section 3.3."; 696 } 698 leaf mcast-hello-interval { 699 type uint16; 700 units centiseconds; 701 description 702 "The current multicast hello interval in use for hellos 703 sent on this interface."; 704 reference 705 "RFC ZZZZ: Babel Information Model, Section 3.3."; 706 } 708 leaf update-interval { 709 type uint16; 710 units centiseconds; 711 description 712 "The current update interval in use for this interface. 713 Units are centiseconds."; 714 reference 715 "RFC ZZZZ: Babel Information Model, Section 3.3."; 716 } 718 leaf mac-enable { 719 type boolean; 720 description 721 "Indicates whether the MAC security mechanism is enabled 722 (true) or disabled (false)."; 723 reference 724 "RFC ZZZZ: Babel Information Model, Section 3.3."; 725 } 727 leaf-list mac-key-sets { 728 type leafref { 729 path "../../mac/name"; 730 } 731 description 732 "List of references to the mac entries that apply 733 to this interface. When an interface instance is 734 created, all mac instances with default-apply 'true' 735 will be included in this list."; 736 reference 737 "RFC ZZZZ: Babel Information Model, Section 3.3."; 738 } 740 leaf mac-verify { 741 type boolean; 742 description 743 "A Boolean flag indicating whether MAC hashes in 744 incoming Babel packets are required to be present and 745 are verified. If this parameter is 'true', incoming 746 packets are required to have a valid MAC hash."; 747 reference 748 "RFC ZZZZ: Babel Information Model, Section 3.3."; 749 } 751 leaf dtls-enable { 752 type boolean; 753 description 754 "Indicates whether the DTLS security mechanism is enabled 755 (true) or disabled (false)."; 756 reference 757 "RFC ZZZZ: Babel Information Model, Section 3.3."; 758 } 759 leaf-list dtls-certs { 760 type leafref { 761 path "../../dtls/name"; 762 } 763 description 764 "List of references to the dtls entries that apply to 765 this interface. When an interface instance 766 is created, all dtls instances with default-apply 767 'true' will be included in this list."; 768 reference 769 "RFC ZZZZ: Babel Information Model, Section 3.3."; 770 } 772 leaf dtls-cached-info { 773 type boolean; 774 description 775 "Indicates whether the cached_info extension is included 776 in ClientHello and ServerHello packets. The extension 777 is included if the value is 'true'."; 778 reference 779 "RFC ZZZZ: Babel Information Model, Section 3.3."; 780 } 782 leaf-list dtls-cert-prefer { 783 type leafref { 784 path "../../dtls/certs/type"; 785 } 786 ordered-by user; 787 description 788 "List of supported certificate types, in order of 789 preference. The values MUST be among those listed in 790 dtls-cert-types. This list is used to populate the 791 server_certificate_type extension in a Client Hello. 792 Values that are present in at least one instance in the 793 certs object under dtls of a referenced dtls instance 794 and that have a non-empty private-key will be used to 795 populate the client_certificate_type extension in a 796 Client Hello."; 797 reference 798 "RFC ZZZZ: Babel Information Model, Section 3.3."; 799 } 801 leaf packet-log-enable { 802 type boolean; 803 description 804 "If true, logging of babel packets received on this 805 interface is enabled; if false, babel packets are not 806 logged."; 808 reference 809 "RFC ZZZZ: Babel Information Model, Section 3.3."; 810 } 812 leaf packet-log { 813 type inet:uri; 814 config false; 815 description 816 "A reference or url link to a file that contains a 817 timestamped log of packets received and sent on 818 udp-port on this interface. The [libpcap] file 819 format with .pcap file extension SHOULD be supported for 820 packet log files. Logging is enabled / disabled by 821 packet-log-enable."; 822 reference 823 "RFC ZZZZ: Babel Information Model, Section 3.3."; 824 } 826 container stats { 827 config false; 829 description 830 "Statistics collection object for this interface."; 831 reference 832 "RFC ZZZZ: Babel Information Model, Section 3.3."; 834 leaf sent-mcast-hello { 835 type yt:counter32; 836 description 837 "A count of the number of multicast Hello packets sent 838 on this interface."; 839 reference 840 "RFC ZZZZ: Babel Information Model, Section 3.4."; 841 } 843 leaf sent-mcast-update { 844 type yt:counter32; 845 description 846 "A count of the number of multicast update packets sent 847 on this interface."; 848 reference 849 "RFC ZZZZ: Babel Information Model, Section 3.4."; 850 } 852 leaf sent-ucast-hello { 853 type yt:counter32; 854 description 855 "A count of the number of unicast Hello packets sent 856 to this neighbor."; 857 reference 858 "RFC ZZZZ: Babel Information Model, Section 3.6."; 859 } 861 leaf sent-ucast-update { 862 type yt:counter32; 863 description 864 "A count of the number of unicast update packets sent 865 to this neighbor."; 866 reference 867 "RFC ZZZZ: Babel Information Model, Section 3.6."; 868 } 870 leaf sent-ihu { 871 type yt:counter32; 872 description 873 "A count of the number of IHU packets sent to this 874 neighbor."; 875 reference 876 "RFC ZZZZ: Babel Information Model, Section 3.6."; 877 } 879 leaf received-packets { 880 type yt:counter32; 881 description 882 "A count of the number of Babel packets received on 883 this interface."; 884 reference 885 "RFC ZZZZ: Babel Information Model, Section 3.4."; 886 } 887 action reset { 888 description 889 "The information model [RFC ZZZZ] defines reset 890 action as a system-wide reset of Babel statistics. 891 In YANG the reset action is associated with the 892 container where the action is defined. In this case 893 the action is associated with the stats container 894 inside an interface. The action will therefore 895 reset statistics at an interface level. 897 Implementations that want to support a system-wide 898 reset of Babel statistics need to call this action 899 for every instance of the interface."; 901 input { 902 leaf reset-at { 903 type yt:date-and-time; 904 description 905 "The time when the reset was issued."; 906 } 907 } 908 output { 909 leaf reset-finished-at { 910 type yt:date-and-time; 911 description 912 "The time when the reset finished."; 913 } 914 } 915 } 916 } 918 list neighbor-objects { 919 key "neighbor-address"; 920 config false; 922 description 923 "A set of Babel Neighbor Object."; 924 reference 925 "RFC ZZZZ: Babel Information Model, Section 3.5."; 927 leaf neighbor-address { 928 type inet:ip-address; 929 description 930 "IPv4 or v6 address the neighbor sends packets from."; 931 reference 932 "RFC ZZZZ: Babel Information Model, Section 3.5."; 933 } 935 leaf hello-mcast-history { 936 type string; 937 description 938 "The multicast Hello history of whether or not the 939 multicast Hello packets prior to exp-mcast- 940 hello-seqno were received, with a '1' for the most 941 recent Hello placed in the most significant bit and 942 prior Hellos shifted right (with '0' bits placed 943 between prior Hellos and most recent Hello for any 944 not-received Hellos); represented as a string using 945 utf-8 encoded hex digits where a '1' bit = Hello 946 received and a '0' bit = Hello not received."; 947 reference 948 "RFC ZZZZ: Babel Information Model, Section 3.5."; 949 } 951 leaf hello-ucast-history { 952 type string; 953 description 954 "The unicast Hello history of whether or not the 955 unicast Hello packets prior to exp-ucast-hello-seqno 956 were received, with a '1' for the most 957 recent Hello placed in the most significant bit and 958 prior Hellos shifted right (with '0' bits placed 959 between prior Hellos and most recent Hello for any 960 not-received Hellos); represented as a string using 961 utf-8 encoded hex digits where a '1' bit = Hello 962 received and a '0' bit = Hello not received."; 963 reference 964 "RFC ZZZZ: Babel Information Model, Section 3.5."; 965 } 967 leaf txcost { 968 type int32; 969 default "0"; 970 description 971 "Transmission cost value from the last IHU packet 972 received from this neighbor, or maximum value 973 (infinity) to indicate the IHU hold timer for this 974 neighbor has expired description."; 975 reference 976 "RFC ZZZZ: Babel Information Model, Section 3.5."; 977 } 979 leaf exp-mcast-hello-seqno { 980 type uint16; 981 default "0"; 982 description 983 "Expected multicast Hello sequence number of next Hello 984 to be received from this neighbor; if multicast Hello 985 packets are not expected, or processing of multicast 986 packets is not enabled, this MUST be NULL."; 987 reference 988 "RFC ZZZZ: Babel Information Model, Section 3.5."; 989 } 991 leaf exp-ucast-hello-seqno { 992 type uint16; 993 default "0"; 994 description 995 "Expected unicast Hello sequence number of next Hello to 996 be received from this neighbor; if unicast Hello 997 packets are not expected, or processing of unicast 998 packets is not enabled, this MUST be NULL."; 999 reference 1000 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1001 } 1003 leaf ucast-hello-seqno { 1004 type uint16; 1005 description 1006 "Expected unicast Hello sequence number of next Hello 1007 to be received from this neighbor. If unicast Hello 1008 packets are not expected, or processing of unicast 1009 packets is not enabled, this MUST be 0."; 1010 reference 1011 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1012 } 1014 leaf ucast-hello-interval { 1015 type uint16; 1016 units centiseconds; 1017 description 1018 "The current interval in use for unicast hellos sent to 1019 this neighbor. Units are centiseconds."; 1020 reference 1021 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1022 } 1024 leaf rxcost { 1025 type int32; 1026 description 1027 "Reception cost calculated for this neighbor. This value 1028 is usually derived from the Hello history, which may be 1029 combined with other data, such as statistics maintained 1030 by the link layer. The rxcost is sent to a neighbor in 1031 each IHU."; 1032 reference 1033 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1034 } 1036 leaf cost { 1037 type int32; 1038 description 1039 "Link cost is computed from the values maintained in 1040 the neighbor table. The statistics kept in the neighbor 1041 table about the reception of Hellos, and the txcost 1042 computed from received IHU packets."; 1043 reference 1044 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1045 } 1046 } 1047 } 1048 list mac { 1049 key "name"; 1051 description 1052 "A mac object. If this object is implemented, it 1053 provides access to parameters related to the MAC security 1054 mechanism."; 1055 reference 1056 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1058 leaf name { 1059 type string; 1060 description 1061 "A string that uniquely identifies the mac object."; 1062 } 1064 leaf default-apply { 1065 type boolean; 1066 description 1067 "A Boolean flag indicating whether this mac 1068 instance is applied to all new interfaces, by default. 1069 If 'true', this instance is applied to new 1070 interfaces instances at the time they are created, 1071 by including it in the mac-key-sets list under 1072 interfaces. If 'false', this instance is not applied 1073 to new interfaces instances when they are created."; 1074 reference 1075 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1076 } 1078 list keys { 1079 key "name"; 1080 min-elements "1"; 1082 description 1083 "A set of keys objects."; 1084 reference 1085 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1087 leaf name { 1088 type string; 1089 mandatory true; 1090 description 1091 "A unique name for this MAC key that can be used to 1092 identify the key in this object instance, since the key 1093 value is not allowed to be read. This value can only be 1094 provided when this instance is created, and is not 1095 subsequently writable."; 1097 reference 1098 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1099 } 1101 leaf use-sign { 1102 type boolean; 1103 mandatory true; 1104 description 1105 "Indicates whether this key value is used to sign sent 1106 Babel packets. Sent packets are signed using this key 1107 if the value is 'true'. If the value is 'false', this 1108 key is not used to sign sent Babel packets."; 1109 reference 1110 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1111 } 1113 leaf use-verify { 1114 type boolean; 1115 mandatory true; 1116 description 1117 "Indicates whether this key value is used to verify 1118 incoming Babel packets. This key is used to verify 1119 incoming packets if the value is 'true'. If the value 1120 is 'false', no MAC is computed from this key for 1121 comparing an incoming packet."; 1122 reference 1123 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1124 } 1126 leaf value { 1127 type binary; 1128 mandatory true; 1129 description 1130 "The value of the MAC key. An implementation MUST NOT 1131 allow this parameter to be read. This can be done by 1132 always providing an empty string, or through 1133 permissions, or other means. This value MUST be 1134 provided when this instance is created, and is not 1135 subsequently writable. 1137 This value is of a length suitable for the associated 1138 algorithm. If the algorithm is based on 1139 the HMAC construction [RFC2104], the length MUST be 1140 between 0 and the block size of the underlying hash 1141 inclusive (where 'HMAC-SHA256' block size is 64 1142 bytes as described in [RFC4868]). If the algorithm 1143 is 'BLAKE2s', the length MUST be between 0 and 32 1144 bytes inclusive, as described in [RFC7693]."; 1146 reference 1147 "RFC ZZZZ: Babel Information Model, Section 3.8, 1148 RFC 2104: HMAC: Keyed-Hashing for Message 1149 Authentication 1150 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1151 HMAC-SHA-512 with IPsec, 1152 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1153 Authentication Code (MAC)."; 1154 } 1156 leaf algorithm { 1157 type identityref { 1158 base mac-algorithms; 1159 } 1160 description 1161 "The name of the MAC algorithm used with this key. The 1162 value MUST be the same as one of the enumerations 1163 listed in the mac-algorithms parameter."; 1164 reference 1165 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1166 } 1168 action test { 1169 description 1170 "An operation that allows the MAC key and hash 1171 algorithm to be tested to see if they produce an 1172 expected outcome. Input to this operation is a 1173 binary string. The implementation is expected to 1174 create a hash of this string using the value and 1175 the algorithm. The output of this operation is 1176 the resulting hash, as a binary string."; 1177 reference 1178 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1180 input { 1181 leaf test-string { 1182 type binary; 1183 mandatory true; 1184 description 1185 "Input to this operation is a binary string. 1186 The implementation is expected to create 1187 a hash of this string using the value and 1188 the algorithm."; 1189 reference 1190 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1191 } 1192 } 1193 output { 1194 leaf resulting-hash { 1195 type binary; 1196 mandatory true; 1197 description 1198 "The output of this operation is 1199 the resulting hash, as a binary string."; 1200 reference 1201 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1202 } 1203 } 1204 } 1205 } 1206 } 1208 list dtls { 1209 key "name"; 1211 description 1212 "A dtls object. If this object is implemented, 1213 it provides access to parameters related to the DTLS 1214 security mechanism."; 1215 reference 1216 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1218 leaf name { 1219 type string; 1220 description 1221 "A string that uniquely identifies a dtls object."; 1222 } 1224 leaf default-apply { 1225 type boolean; 1226 mandatory true; 1227 description 1228 "A Boolean flag indicating whether this dtls 1229 instance is applied to all new interfaces, by default. If 1230 'true', this instance is applied to new interfaces 1231 instances at the time they are created, by including it 1232 in the dtls-certs list under interfaces. If 'false', 1233 this instance is not applied to new interfaces 1234 instances when they are created."; 1235 reference 1236 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1237 } 1239 list certs { 1240 key "name"; 1241 min-elements "1"; 1242 description 1243 "A set of cert objects. This contains 1244 both certificates for this implementation to present 1245 for authentication, and to accept from others. 1246 Certificates with a non-empty private-key 1247 can be presented by this implementation for 1248 authentication."; 1249 reference 1250 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1252 leaf name { 1253 type string; 1254 description 1255 "A unique name for this DTLS certificate that can be 1256 used to identify the certificate in this object 1257 instance, since the value is too long to be useful 1258 for identification. This value MUST NOT be empty 1259 and can only be provided when this instance is created 1260 (i.e., it is not subsequently writable)."; 1261 reference 1262 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1263 } 1265 leaf value { 1266 type string; 1267 mandatory true; 1268 description 1269 "The DTLS certificate in PEM format [RFC7468]. This 1270 value can only be provided when this instance is 1271 created, and is not subsequently writable."; 1272 reference 1273 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1274 } 1276 leaf type { 1277 type identityref { 1278 base dtls-cert-types; 1279 } 1280 mandatory true; 1281 description 1282 "The name of the certificate type of this object 1283 instance. The value MUST be the same as one of the 1284 enumerations listed in the dtls-cert-types 1285 parameter. This value can only be provided when this 1286 instance is created, and is not subsequently writable."; 1287 reference 1288 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1289 } 1290 leaf private-key { 1291 type binary; 1292 mandatory true; 1293 description 1294 "The value of the private key. If this is non-empty, 1295 this certificate can be used by this implementation to 1296 provide a certificate during DTLS handshaking. An 1297 implementation MUST NOT allow this parameter to be 1298 read. This can be done by always providing an empty 1299 string, or through permissions, or other means. This 1300 value can only be provided when this instance is 1301 created, and is not subsequently writable."; 1302 reference 1303 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1304 } 1306 action test { 1307 input { 1308 leaf test-string { 1309 type binary; 1310 mandatory true; 1311 description 1312 "The test string on which this test has to be 1313 performed."; 1314 } 1315 } 1316 output { 1317 leaf resulting-hash { 1318 type binary; 1319 mandatory true; 1320 description 1321 "The output of this operation is a binary string, 1322 and is the resulting hash computed using the 1323 certificate public key, and the SHA-256 1324 hash algorithm."; 1325 } 1326 } 1327 } 1328 } 1329 } 1331 uses routes; 1332 } 1333 } 1334 } 1336 1338 3. IANA Considerations 1340 This document registers one URIs and one YANG module. 1342 3.1. URI Registrations 1344 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1346 3.2. YANG Module Name Registration 1348 This document registers one YANG module in the YANG Module Names 1349 registry YANG [RFC6020]. 1351 Name:ietf-babel 1352 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1353 prefix: babel 1354 reference: RFC XXXX 1356 4. Security Considerations 1358 The YANG module specified in this document defines a schema for data 1359 that is designed to be accessed via network management protocol such 1360 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1361 is the secure transport layer and the mandatory-to-implement secure 1362 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1363 the mandatory-to-implement secure transport is TLS [RFC8446]. 1365 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1366 to restrict access for particular NETCONF users to a pre-configured 1367 subset of all available NETCONF protocol operations and content. 1369 There are a number of data nodes defined in the YANG module which are 1370 writable/created/deleted (i.e., config true, which is the default). 1371 These data nodes may be considered sensitive or vulnerable in some 1372 network environments. Write operations (e.g., ) to 1373 these data nodes without proper protection can have a negative effect 1374 on network operations.These are the subtrees and data nodes and their 1375 sensitivity/vulnerability from a config true perspective: 1377 babel: This container includes an "enable" parameter that can be used 1378 to enable or disable use of Babel on a router 1380 babel/constants: This container includes configuration parameters 1381 that can prevent reachability if misconfigured. 1383 babel/interfaces: This leaf-list has configuration parameters that 1384 can enable/disable security mechanisms and change performance 1385 characteristics of the Babel protocol. 1387 babel/hmac and babel/dtls: These contain security credentials that 1388 influence whether packets are trusted. 1390 Some of the readable data or config false nodes in this YANG module 1391 may be considered sensitive or vulnerable in some network 1392 environments. It is thus important to control read access (e.g., via 1393 get, get-config, or notification) to these data nodes. These are the 1394 subtrees and data nodes and their sensitivity/vulnerability from a 1395 config false perpective: 1397 babel: Access to the information in the various nodes can disclose 1398 the network topology. Additionally, the routes used by a network 1399 device may be used to mount a subsequent attack on traffic traversing 1400 the network device. 1402 babel/hmac and babel/dtls: These contain security credentials, 1403 include private credentials of the router. 1405 Some of the RPC operations in this YANG module may be considered 1406 sensitive or vulnerable in some network environments. It is thus 1407 important to control access to these operations. These are the 1408 operations and their sensitivity/vulnerability from a RPC operation 1409 perspective: 1411 babel/hmac/hmac/keys/test and babel/dtls/certs/test: These can be 1412 used in a brute force attack to identify the credentials being used 1413 to secure the Babel protocol. 1415 5. Acknowledgements 1417 Juliusz Chroboczek provided most of the example configurations for 1418 babel that are shown in the Appendix. 1420 6. References 1422 6.1. Normative References 1424 [I-D.ietf-babel-rfc6126bis] 1425 Chroboczek, J. and D. Schinazi, "The Babel Routing 1426 Protocol", draft-ietf-babel-rfc6126bis-16 (work in 1427 progress), December 2019. 1429 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1430 Requirement Levels", BCP 14, RFC 2119, 1431 DOI 10.17487/RFC2119, March 1997, 1432 . 1434 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1435 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1436 DOI 10.17487/RFC4868, May 2007, 1437 . 1439 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1440 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1441 January 2012, . 1443 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1444 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1445 . 1447 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1448 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1449 . 1451 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1452 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1453 May 2017, . 1455 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1456 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1457 . 1459 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1460 Routing Management (NMDA Version)", RFC 8349, 1461 DOI 10.17487/RFC8349, March 2018, 1462 . 1464 6.2. Informative References 1466 [I-D.ietf-babel-information-model] 1467 Stark, B. and M. Jethanandani, "Babel Information Model", 1468 draft-ietf-babel-information-model-10 (work in progress), 1469 October 2019. 1471 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1472 Hashing for Message Authentication", RFC 2104, 1473 DOI 10.17487/RFC2104, February 1997, 1474 . 1476 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1477 the Network Configuration Protocol (NETCONF)", RFC 6020, 1478 DOI 10.17487/RFC6020, October 2010, 1479 . 1481 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1482 and A. Bierman, Ed., "Network Configuration Protocol 1483 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1484 . 1486 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1487 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1488 . 1490 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1491 Cryptographic Hash and Message Authentication Code (MAC)", 1492 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1493 . 1495 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1496 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1497 . 1499 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1500 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1501 . 1503 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1504 Access Control Model", STD 91, RFC 8341, 1505 DOI 10.17487/RFC8341, March 2018, 1506 . 1508 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1509 and R. Wilton, "Network Management Datastore Architecture 1510 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1511 . 1513 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1514 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1515 . 1517 Appendix A. An Appendix 1519 This section is devoted to examples that demonstrate how Babel can be 1520 configured. 1522 A.1. Statistics Gathering Enabled 1524 In this example, interface eth0 is being configured for routing 1525 protocol Babel, and statistics gathering is enabled. For security, 1526 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1527 the key value provided, and every received Babel packet is verified 1528 with the same key value. 1530 1531 1532 1534 1535 eth0 1536 ianaift:ethernetCsmacd 1537 true 1538 1539 1540 1542 1543 1544 babel:babel 1547 1548 name:babel 1549 1551 true 1552 true 1553 1554 eth0 1555 two-out-of-three 1556 true 1557 1558 1559 hmac-sha256 1560 1561 hmac-sha256-keys 1562 true 1563 true 1564 base64encodedvalue== 1565 hmac-sha256 1566 1567 1568 1569 1570 1571 1572 1574 A.2. Automatic Detection of Properties 1576 1586 1587 1588 1590 1591 eth0 1592 ianaift:ethernetCsmacd 1593 true 1594 1595 1596 wlan0 1597 ianaift:ieee80211 1598 true 1599 1600 1601 1603 1604 1605 babel:babel 1608 1609 name:babel 1610 1612 true 1613 1614 eth0 1615 true 1616 two-out-of-three 1617 true 1618 1619 1620 wlan0 1621 true 1622 etx 1623 false 1624 1625 1626 1627 1628 1629 1631 A.3. Override Default Properties 1633 1651 1652 1653 1655 1656 eth0 1657 ianaift:ethernetCsmacd 1658 true 1659 1660 1661 eth1 1662 ianaift:ethernetCsmacd 1663 true 1664 1665 1666 tun0 1667 ianaift:tunnel 1668 true 1669 1671 1672 1674 1675 1676 babel:babel 1679 1680 name:babel 1681 1683 true 1684 1685 eth0 1686 true 1687 two-out-of-three 1688 true 1689 1690 1691 eth1 1692 true 1693 etx 1694 false 1695 1696 1697 tun0 1698 true 1699 two-out-of-three 1700 true 1701 1702 1703 1704 1705 1706 1708 A.4. Configuring other Properties 1710 1719 1720 1721 1723 1724 eth0 1725 ianaift:ethernetCsmacd 1726 true 1727 1728 1729 ppp0 1730 ianaift:ppp 1731 true 1732 1733 1734 1736 1737 1738 babel:babel 1741 1742 name:babel 1743 1745 true 1746 1747 eth0 1748 true 1749 two-out-of-three 1750 true 1751 1752 1753 ppp0 1754 true 1755 30 1756 120 1757 two-out-of-three 1758 1759 1760 1761 1762 1763 1764 Authors' Addresses 1766 Mahesh Jethanandani 1767 VMware 1768 California 1769 USA 1771 Email: mjethanandani@gmail.com 1773 Barbara Stark 1774 AT&T 1775 Atlanta, GA 1776 USA 1778 Email: barbara.stark@att.com