idnits 2.17.1 draft-ietf-babel-yang-model-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 28, 2021) is 1177 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-14) exists of draft-ietf-babel-information-model-11 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft Kloud Services 4 Intended status: Standards Track B. Stark 5 Expires: August 1, 2021 AT&T 6 January 28, 2021 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-07 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on August 1, 2021. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 60 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 61 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 63 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 64 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 66 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29 67 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 30 69 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 70 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 71 6.1. Normative References . . . . . . . . . . . . . . . . . . 31 72 6.2. Informative References . . . . . . . . . . . . . . . . . 32 73 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 33 74 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 33 75 A.2. Automatic Detection of Properties . . . . . . . . . . . . 35 76 A.3. Override Default Properties . . . . . . . . . . . . . . . 36 77 A.4. Configuring other Properties . . . . . . . . . . . . . . 37 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 80 1. Introduction 82 This document defines a data model for the Babel routing protocol 83 [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] data 84 modeling language and is Network Management Datastore Architecture 85 (NDMA) [RFC8342] compatible. It is based on the Babel Information 86 Model [I-D.ietf-babel-information-model]. 88 1.1. Note to RFC Editor 90 Artwork in this document contains shorthand references to drafts in 91 progress. Please apply the following replacements and remove this 92 note before publication. 94 o "XXXX" --> the assigned RFC value for this draft both in this 95 draft and in the YANG models under the revision statement. 97 o "ZZZZ" --> the assigned RFC value for Babel Information Model 98 [I-D.ietf-babel-information-model] 100 o Revision date in model, in the format 2021-01-26 needs to get 101 updated with the date the draft gets approved. The date also 102 needs to get reflected on the line with . 104 1.2. Tree Diagram Annotations 106 For a reference to the annotations used in tree diagrams included in 107 this draft, please see YANG Tree Diagrams [RFC8340]. 109 2. Babel Module 111 This document defines a YANG 1.1 [RFC7950] data model for the 112 configuration and management of Babel. The YANG module is based on 113 the Babel Information Model [I-D.ietf-babel-information-model]. 115 2.1. Information Model 117 There are a few things that should be noted between the Babel 118 Information Model and this data module. The information model 119 mandates the definition of some of the attributes, e.g. babel- 120 implementation-version or the babel-self-router-id. These attributes 121 are marked a read-only objects in the information module as well as 122 in this data module. However, there is no way in the data module to 123 mandate that a read-only attribute be present. It is up to the 124 implementation of this data module to make sure that the attributes 125 that are marked read-only and are mandatory are indeed present. 127 2.2. Tree Diagram 129 The following diagram illustrates a top level hierarchy of the model. 130 In addition to information like the version number implemented by 131 this device, the model contains subtrees on constants, interfaces, 132 routes and security. 134 module: ietf-babel 135 augment /rt:routing/rt:control-plane-protocols 136 /rt:control-plane-protocol: 137 +--rw babel! 138 +--ro version? string 139 +--rw enable boolean 140 +--ro router-id? binary 141 +--ro seqno? uint16 142 +--rw stats-enable? boolean 143 +--rw constants 144 | ... 145 +--rw interfaces* [reference] 146 | ... 147 +--rw mac-key-set* [name] 148 | ... 149 +--rw dtls* [name] 150 | ... 151 +--ro routes* [prefix] 152 ... 154 The interfaces subtree describes attributes such as interface object 155 that is being referenced, the type of link as enumerated by metric- 156 algorithm and split-horizon and whether the interface is enabled or 157 not. 159 The constants subtree describes the UDP port used for sending and 160 receiving Babel messages, and the multicast group used to send and 161 receive announcements on IPv6. 163 The routes subtree describes objects such as the prefix for which the 164 route is advertised, a reference to the neighboring route, and next- 165 hop address. 167 Finally, for security two subtree are defined to contain MAC keys and 168 DTLS certificates. The mac subtree contains keys used with the MAC 169 security mechanism. The boolean flag default-apply indicates whether 170 the set of MAC keys is automatically applied to new interfaces. The 171 dtls subtree contains certificates used with DTLS security mechanism. 172 Similar to the MAC mechanism, the boolean flag default-apply 173 indicates whether the set of DTLS certificates is automatically 174 applied to new interfaces. 176 2.3. YANG Module 178 This YANG module augments the YANG Routing Management [RFC8349] 179 module to provide a common framework for all routing subsystems. By 180 augmenting the module it provides a common building block for routes, 181 and Routing Information Bases (RIBs). It also has a reference to an 182 interface defined by A YANG Data Model for Interface Management 183 [RFC8343]. 185 A router running Babel routing protocol can determine the parameters 186 it needs to use for an interface based on the interface name. For 187 example, it can detect that eth0 is a wired interface, and that wlan0 188 is a wireless interface. This is not true for a tunnel interface, 189 where the link parameters need to be configured explicitly. 191 For a wired interface, it will assume '2-out-of-3' 'metric- 192 algorithm', and 'split-horizon' set to true. On other hand, for a 193 wireless interface it will assume 'etx' 'metric-algorithm', and 194 'split-horizon' set to false. However, if the wired link is 195 connected to a wireless radio, the values can be overriden by setting 196 'metric-algorithm' to 'etx', and 'split-horizon' to false. 197 Similarly, an interface that is a metered 3G link, and used for 198 fallback connectivity needs much higher default time constants, e.g. 199 'mcast-hello-interval', and 'update-interval', in order to avoid 200 carrying control traffic as much as possible. 202 In addition to the modules used above, this module imports 203 definitions from Common YANG Data Types [RFC6991], and references 204 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC- 205 SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport 206 Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash 207 and Message Authentication Code (MAC) [RFC7693], Babel Information 208 Model [I-D.ietf-babel-information-model], and The Babel Routing 209 Protocol [RFC8966]. 211 file "ietf-babel@2021-01-26.yang" 213 module ietf-babel { 214 yang-version 1.1; 215 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 216 prefix babel; 218 import ietf-yang-types { 219 prefix yt; 220 reference 221 "RFC 6991: Common YANG Data Types."; 222 } 223 import ietf-inet-types { 224 prefix inet; 225 reference 226 "RFC 6991: Common YANG Data Types."; 227 } 228 import ietf-interfaces { 229 prefix if; 230 reference 231 "RFC 8343: A YANG Data Model for Interface Management"; 232 } 233 import ietf-routing { 234 prefix "rt"; 235 reference 236 "RFC 8349: YANG Routing Management"; 237 } 239 organization 240 "IETF Babel routing protocol Working Group"; 242 contact 243 "WG Web: http://tools.ietf.org/wg/babel/ 244 WG List: babel@ietf.org 246 Editor: Mahesh Jethanandani 247 mjethanandani@gmail.com 248 Editor: Barbara Stark 249 bs7652@att.com"; 251 description 252 "This YANG module defines a model for the Babel routing 253 protocol. 255 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 256 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 257 'MAY', and 'OPTIONAL' in this document are to be interpreted as 258 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 259 they appear in all capitals, as shown here. 261 Copyright (c) 2020 IETF Trust and the persons identified as 262 authors of the code. All rights reserved. 264 Redistribution and use in source and binary forms, with or 265 without modification, is permitted pursuant to, and subject to 266 the license terms contained in, the Simplified BSD License set 267 forth in Section 4.c of the IETF Trust's Legal Provisions 268 Relating to IETF Documents 269 (https://trustee.ietf.org/license-info). 271 This version of this YANG module is part of RFC XXXX 272 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 273 for full legal notices."; 275 revision 2021-01-26 { 276 description 277 "Initial version."; 279 reference 280 "RFC XXXX: Babel YANG Data Model."; 281 } 283 /* 284 * Features 285 */ 286 feature two-out-of-three-supported { 287 description 288 "This implementation supports two-out-of-three metric 289 comp algorithm."; 290 } 292 feature etx-supported { 293 description 294 "This implementation supports Expected Transmission Count 295 (ETX) metric comp algorithm."; 296 } 298 feature mac-supported { 299 description 300 "This implementation supports MAC based security."; 301 reference 302 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 303 Protocol."; 304 } 306 feature dtls-supported { 307 description 308 "This implementation supports DTLS based security."; 309 reference 310 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 311 Transport Layer Security."; 312 } 314 feature hmac-sha256-supported { 315 description 316 "This implementation supports hmac-sha256 MAC algorithm."; 317 reference 318 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 319 Protocol."; 320 } 322 feature blake2s-supported { 323 description 324 "This implementation supports blake2s MAC algorithms. 325 Specifically, BLAKE2-128 is supported."; 326 reference 327 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 328 Protocol."; 329 } 331 feature x-509-supported { 332 description 333 "This implementation supports x-509 certificate type."; 334 reference 335 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 336 Transport Layer Security."; 337 } 339 feature raw-public-key-supported { 340 description 341 "This implementation supports raw-public-key certificate type."; 342 reference 343 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 344 Transport Layer Security."; 345 } 347 /* 348 * Identities 349 */ 350 identity metric-comp-algorithms { 351 description 352 "Base identity from which all Babel metric comp algorithms 353 are derived."; 354 } 356 identity two-out-of-three { 357 if-feature two-out-of-three-supported; 358 base "metric-comp-algorithms"; 359 description 360 "2-out-of-3 algorithm."; 361 reference 362 "draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 363 Section A.2.1."; 364 } 366 identity etx { 367 if-feature etx-supported; 368 base "metric-comp-algorithms"; 369 description 370 "Expected Transmission Count."; 371 reference 372 "draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 373 Section A.2.2."; 374 } 375 /* 376 * Babel MAC algorithms identities. 377 */ 378 identity mac-algorithms { 379 description 380 "Base identity for all Babel MAC algorithms."; 381 } 383 identity hmac-sha256 { 384 if-feature mac-supported; 385 if-feature hmac-sha256-supported; 386 base mac-algorithms; 387 description 388 "HMAC-SHA256 algorithm supported."; 389 reference 390 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 391 with IPsec."; 392 } 394 identity blake2s { 395 if-feature mac-supported; 396 if-feature blake2s-supported; 397 base mac-algorithms; 398 description 399 "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is 400 supported."; 401 reference 402 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 403 Authentication Code (MAC)."; 404 } 406 /* 407 * Babel Cert Types 408 */ 409 identity dtls-cert-types { 410 description 411 "Base identity for Babel DTLS certificate types."; 412 } 414 identity x-509 { 415 if-feature dtls-supported; 416 if-feature x-509-supported; 417 base dtls-cert-types; 418 description 419 "X.509 certificate type."; 420 } 422 identity raw-public-key { 423 if-feature dtls-supported; 424 if-feature raw-public-key-supported; 425 base dtls-cert-types; 426 description 427 "Raw Public Key type."; 428 } 430 /* 431 * Babel routing protocol identity. 432 */ 433 identity babel { 434 base "rt:routing-protocol"; 435 description 436 "Babel routing protocol"; 437 } 439 /* 440 * Groupings 441 */ 442 grouping routes { 443 list routes { 444 key "prefix"; 445 config false; 447 leaf prefix { 448 type inet:ip-prefix; 449 description 450 "Prefix (expressed in ip-address/prefix-length format) for 451 which this route is advertised."; 452 reference 453 "RFC ZZZZ: Babel Information Model, Section 3.6."; 454 } 456 leaf router-id { 457 type binary; 458 description 459 "router-id of the source router for which this route is 460 advertised."; 461 reference 462 "RFC ZZZZ: Babel Information Model, Section 3.6."; 463 } 465 leaf neighbor { 466 type leafref { 467 path "/rt:routing/rt:control-plane-protocols/" + 468 "rt:control-plane-protocol/babel/interfaces/" + 469 "neighbor-objects/neighbor-address"; 470 } 471 description 472 "Reference to the neighbor-objects entry for the neighbor 473 that advertised this route."; 474 reference 475 "RFC ZZZZ: Babel Information Model, Section 3.6."; 476 } 478 leaf received-metric { 479 type uint16; 480 description 481 "The metric with which this route was advertised by the 482 neighbor, or maximum value (infinity) to indicate the 483 route was recently retracted and is temporarily 484 unreachable. This metric will be 0 (zero) if the route 485 was not received from a neighbor but was generated 486 through other means. At least one of 487 calculated-metric or received-metric MUST be non-NULL."; 488 reference 489 "RFC ZZZZ: Babel Information Model, Section 3.6, 490 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 491 Section 3.5.5."; 492 } 494 leaf calculated-metric { 495 type uint16; 496 description 497 "A calculated metric for this route. How the metric is 498 calculated is implementation-specific. Maximum value 499 (infinity) indicates the route was recently retracted 500 and is temporarily unreachable. At least one of 501 calculated-metric or received-metric MUST be non-NULL."; 502 reference 503 "RFC ZZZZ: Babel Information Model, Section 3.6, 504 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 505 Section 3.5.5."; 506 } 508 leaf seqno { 509 type uint16; 510 description 511 "The sequence number with which this route was advertised."; 512 reference 513 "RFC ZZZZ: Babel Information Model, Section 3.6."; 514 } 516 leaf next-hop { 517 type inet:ip-address; 518 description 519 "The next-hop address of this route. This will be empty if 520 this route has no next-hop address."; 521 reference 522 "RFC ZZZZ: Babel Information Model, Section 3.6."; 523 } 525 leaf feasible { 526 type boolean; 527 description 528 "A boolean flag indicating whether this route is feasible."; 529 reference 530 "RFC ZZZZ: Babel Information Model, Section 3.6, 531 draft-ietf-babel-rfc6126bis, The Babel Routing Protocol, 532 Section 3.5.1."; 533 } 535 leaf selected { 536 type boolean; 537 description 538 "A boolean flag indicating whether this route is selected, 539 i.e., whether it is currently being used for forwarding and 540 is being advertised."; 541 reference 542 "RFC ZZZZ: Babel Information Model, Section 3.6."; 543 } 544 description 545 "A set of babel-route-obj objects. Includes received and 546 routes routes."; 547 reference 548 "RFC ZZZZ: Babel Information Model, Section 3.1."; 549 } 550 description 551 "Common grouping for routing used in RIB."; 552 } 554 /* 555 * Data model 556 */ 558 augment "/rt:routing/rt:control-plane-protocols/" + 559 "rt:control-plane-protocol" { 560 when "derived-from-or-self(rt:type, 'babel')" { 561 description 562 "Augmentation is valid only when the instance of routing type 563 is of type 'babel'."; 564 } 565 description 566 "Augment the routing module to support a common structure 567 between routing protocols."; 568 reference 569 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 570 2018."; 572 container babel { 573 presence "A Babel container."; 574 description 575 "Babel Information Objects."; 576 reference 577 "RFC ZZZZ: Babel Information Model, Section 3."; 579 leaf version { 580 type string; 581 config false; 582 description 583 "The name and version of this implementation of the Babel 584 protocol."; 585 reference 586 "RFC ZZZZ: Babel Information Model, Section 3.1."; 587 } 589 leaf enable { 590 type boolean; 591 mandatory true; 592 description 593 "When written, it configures whether the protocol should be 594 enabled. A read from the or datastore 595 therefore indicates the configured administrative value of 596 whether the protocol is enabled or not. 598 A read from the datastore indicates whether 599 the protocol is actually running or not, i.e. it indicates 600 the operational state of the protocol."; 601 reference 602 "RFC ZZZZ: Babel Information Model, Section 3.1."; 603 } 605 leaf router-id { 606 type binary; 607 config false; 608 description 609 "Every Babel speaker is assigned a router-id, which is an 610 arbitrary string of 8 octets that is assumed to be unique 611 across the routing domain"; 612 reference 613 "RFC ZZZZ: Babel Information Model, Section 3.1, 614 draft-ietf-babel-rfc6126bis: The Babel Routing Protocol, 615 Section 3."; 616 } 618 leaf seqno { 619 type uint16; 620 config false; 621 description 622 "Sequence number included in route updates for routes 623 originated by this node."; 624 reference 625 "RFC ZZZZ: Babel Information Model, Section 3.1."; 626 } 628 leaf stats-enable { 629 type boolean; 630 description 631 "Indicates whether statistics collection is enabled (true) 632 or disabled (false) on all interfaces. When enabled, 633 existing statistics values are not cleared and will be 634 incremented as new packets are counted."; 635 } 637 container constants { 638 description 639 "Babel Constants object."; 640 reference 641 "RFC ZZZZ: Babel Information Model, Section 3.1."; 643 leaf udp-port { 644 type inet:port-number; 645 default "6696"; 646 description 647 "UDP port for sending and receiving Babel messages. The 648 default port is 6696."; 649 reference 650 "RFC ZZZZ: Babel Information Model, Section 3.2."; 651 } 653 leaf mcast-group { 654 type inet:ip-address; 655 default "ff02::1:6"; 656 description 657 "Multicast group for sending and receiving multicast 658 announcements on IPv6."; 659 reference 660 "RFC ZZZZ: Babel Information Model, Section 3.2."; 661 } 662 } 663 list interfaces { 664 key "reference"; 666 description 667 "A set of Babel Interface objects."; 668 reference 669 "RFC ZZZZ: Babel Information Model, Section 3.3."; 671 leaf reference { 672 type if:interface-ref; 673 description 674 "References the name of the interface over which Babel 675 packets are sent and received."; 676 reference 677 "RFC ZZZZ: Babel Information Model, Section 3.3."; 678 } 680 leaf enable { 681 type boolean; 682 default "true"; 683 description 684 "If true, babel sends and receives messages on this 685 interface. If false, babel messages received on this 686 interface are ignored and none are sent."; 687 reference 688 "RFC ZZZZ: Babel Information Model, Section 3.3."; 689 } 691 leaf metric-algorithm { 692 type identityref { 693 base metric-comp-algorithms; 694 } 695 mandatory true; 696 description 697 "Indicates the metric computation algorithm used on this 698 interface. The value MUST be one of those identities 699 based on 'metric-comp-algorithms'."; 700 reference 701 "RFC ZZZZ: Babel Information Model, Section 3.X."; 702 } 704 leaf split-horizon { 705 type boolean; 706 description 707 "Indicates whether or not the split horizon optimization 708 is used when calculating metrics on this interface. 709 A value of true indicates split horizon optimization 710 is used."; 712 reference 713 "RFC ZZZZ: Babel Information Model, Section 3.X."; 714 } 716 leaf mcast-hello-seqno { 717 type uint16; 718 config false; 719 description 720 "The current sequence number in use for multicast hellos 721 sent on this interface."; 722 reference 723 "RFC ZZZZ: Babel Information Model, Section 3.3."; 724 } 726 leaf mcast-hello-interval { 727 type uint16; 728 units centiseconds; 729 description 730 "The current multicast hello interval in use for hellos 731 sent on this interface."; 732 reference 733 "RFC ZZZZ: Babel Information Model, Section 3.3."; 734 } 736 leaf update-interval { 737 type uint16; 738 units centiseconds; 739 description 740 "The current update interval in use for this interface. 741 Units are centiseconds."; 742 reference 743 "RFC ZZZZ: Babel Information Model, Section 3.3."; 744 } 746 leaf mac-enable { 747 type boolean; 748 description 749 "Indicates whether the MAC security mechanism is enabled 750 (true) or disabled (false)."; 751 reference 752 "RFC ZZZZ: Babel Information Model, Section 3.3."; 753 } 755 leaf-list mac-key-sets { 756 type leafref { 757 path "../../mac-key-set/name"; 758 } 759 description 760 "List of references to the mac entries that apply 761 to this interface. When an interface instance is 762 created, all mac instances with default-apply 'true' 763 will be included in this list."; 764 reference 765 "RFC ZZZZ: Babel Information Model, Section 3.3."; 766 } 768 leaf mac-verify { 769 type boolean; 770 description 771 "A Boolean flag indicating whether MACs in 772 incoming Babel packets are required to be present and 773 are verified. If this parameter is 'true', incoming 774 packets are required to have a valid MAC."; 775 reference 776 "RFC ZZZZ: Babel Information Model, Section 3.3."; 777 } 779 leaf dtls-enable { 780 type boolean; 781 description 782 "Indicates whether the DTLS security mechanism is enabled 783 (true) or disabled (false)."; 784 reference 785 "RFC ZZZZ: Babel Information Model, Section 3.3."; 786 } 788 leaf-list dtls-certs { 789 type leafref { 790 path "../../dtls/name"; 791 } 792 description 793 "List of references to the dtls entries that apply to 794 this interface. When an interface instance 795 is created, all dtls instances with default-apply 796 'true' will be included in this list."; 797 reference 798 "RFC ZZZZ: Babel Information Model, Section 3.3."; 799 } 801 leaf dtls-cached-info { 802 type boolean; 803 description 804 "Indicates whether the cached_info extension is included 805 in ClientHello and ServerHello packets. The extension 806 is included if the value is 'true'."; 807 reference 808 "RFC ZZZZ: Babel Information Model, Section 3.3. 809 draft-ietf-babel-dtls: Babel Routing Protocol over 810 Datagram Transport Layer Security, Appendix A."; 811 } 813 leaf-list dtls-cert-prefer { 814 type leafref { 815 path "../../dtls/certs/type"; 816 } 817 ordered-by user; 818 description 819 "List of supported certificate types, in order of 820 preference. The values MUST be among those listed in 821 dtls-cert-types. This list is used to populate the 822 server_certificate_type extension in a Client Hello. 823 Values that are present in at least one instance in the 824 certs object under dtls of a referenced dtls instance 825 and that have a non-empty private-key will be used to 826 populate the client_certificate_type extension in a 827 Client Hello."; 828 reference 829 "RFC ZZZZ: Babel Information Model, Section 3.3 830 draft-ietf-babel-dtls: Babel Routing Protocol over 831 Datagram Transport Layer Security, Appendix A."; 832 } 834 leaf packet-log-enable { 835 type boolean; 836 description 837 "If true, logging of babel packets received on this 838 interface is enabled; if false, babel packets are not 839 logged."; 840 reference 841 "RFC ZZZZ: Babel Information Model, Section 3.3."; 842 } 844 leaf packet-log { 845 type inet:uri; 846 config false; 847 description 848 "A reference or url link to a file that contains a 849 timestamped log of packets received and sent on 850 udp-port on this interface. The [libpcap] file 851 format with .pcap file extension SHOULD be supported for 852 packet log files. Logging is enabled / disabled by 853 packet-log-enable."; 854 reference 855 "RFC ZZZZ: Babel Information Model, Section 3.3."; 857 } 859 container stats { 860 config false; 862 description 863 "Statistics collection object for this interface."; 864 reference 865 "RFC ZZZZ: Babel Information Model, Section 3.3."; 867 leaf sent-mcast-hello { 868 type yt:counter32; 869 description 870 "A count of the number of multicast Hello packets sent 871 on this interface."; 872 reference 873 "RFC ZZZZ: Babel Information Model, Section 3.4."; 874 } 876 leaf sent-mcast-update { 877 type yt:counter32; 878 description 879 "A count of the number of multicast update packets sent 880 on this interface."; 881 reference 882 "RFC ZZZZ: Babel Information Model, Section 3.4."; 883 } 885 leaf sent-ucast-hello { 886 type yt:counter32; 887 description 888 "A count of the number of unicast Hello packets sent 889 to this neighbor."; 890 reference 891 "RFC ZZZZ: Babel Information Model, Section 3.6."; 892 } 894 leaf sent-ucast-update { 895 type yt:counter32; 896 description 897 "A count of the number of unicast update packets sent 898 to this neighbor."; 899 reference 900 "RFC ZZZZ: Babel Information Model, Section 3.6."; 901 } 903 leaf sent-ihu { 904 type yt:counter32; 905 description 906 "A count of the number of IHU packets sent to this 907 neighbor."; 908 reference 909 "RFC ZZZZ: Babel Information Model, Section 3.6."; 910 } 912 leaf received-packets { 913 type yt:counter32; 914 description 915 "A count of the number of Babel packets received on 916 this interface."; 917 reference 918 "RFC ZZZZ: Babel Information Model, Section 3.4."; 919 } 920 action reset { 921 description 922 "The information model [RFC ZZZZ] defines reset 923 action as a system-wide reset of Babel statistics. 924 In YANG the reset action is associated with the 925 container where the action is defined. In this case 926 the action is associated with the stats container 927 inside an interface. The action will therefore 928 reset statistics at an interface level. 930 Implementations that want to support a system-wide 931 reset of Babel statistics need to call this action 932 for every instance of the interface."; 934 input { 935 leaf reset-at { 936 type yt:date-and-time; 937 description 938 "The time when the reset was issued."; 939 } 940 } 941 output { 942 leaf reset-finished-at { 943 type yt:date-and-time; 944 description 945 "The time when the reset finished."; 946 } 947 } 948 } 949 } 951 list neighbor-objects { 952 key "neighbor-address"; 953 config false; 955 description 956 "A set of Babel Neighbor Object."; 957 reference 958 "RFC ZZZZ: Babel Information Model, Section 3.5."; 960 leaf neighbor-address { 961 type inet:ip-address; 962 description 963 "IPv4 or v6 address the neighbor sends packets from."; 964 reference 965 "RFC ZZZZ: Babel Information Model, Section 3.5."; 966 } 968 leaf hello-mcast-history { 969 type string; 970 description 971 "The multicast Hello history of whether or not the 972 multicast Hello packets prior to exp-mcast- 973 hello-seqno were received, with a '1' for the most 974 recent Hello placed in the most significant bit and 975 prior Hellos shifted right (with '0' bits placed 976 between prior Hellos and most recent Hello for any 977 not-received Hellos); represented as a string using 978 utf-8 encoded hex digits where a '1' bit = Hello 979 received and a '0' bit = Hello not received."; 980 reference 981 "RFC ZZZZ: Babel Information Model, Section 3.5."; 982 } 984 leaf hello-ucast-history { 985 type string; 986 description 987 "The unicast Hello history of whether or not the 988 unicast Hello packets prior to exp-ucast-hello-seqno 989 were received, with a '1' for the most 990 recent Hello placed in the most significant bit and 991 prior Hellos shifted right (with '0' bits placed 992 between prior Hellos and most recent Hello for any 993 not-received Hellos); represented as a string using 994 utf-8 encoded hex digits where a '1' bit = Hello 995 received and a '0' bit = Hello not received."; 996 reference 997 "RFC ZZZZ: Babel Information Model, Section 3.5."; 998 } 1000 leaf txcost { 1001 type int32; 1002 default "0"; 1003 description 1004 "Transmission cost value from the last IHU packet 1005 received from this neighbor, or maximum value 1006 (infinity) to indicate the IHU hold timer for this 1007 neighbor has expired description."; 1008 reference 1009 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1010 } 1012 leaf exp-mcast-hello-seqno { 1013 type uint16; 1014 default "0"; 1015 description 1016 "Expected multicast Hello sequence number of next Hello 1017 to be received from this neighbor; if multicast Hello 1018 packets are not expected, or processing of multicast 1019 packets is not enabled, this MUST be NULL."; 1020 reference 1021 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1022 } 1024 leaf exp-ucast-hello-seqno { 1025 type uint16; 1026 default "0"; 1027 description 1028 "Expected unicast Hello sequence number of next Hello to 1029 be received from this neighbor; if unicast Hello 1030 packets are not expected, or processing of unicast 1031 packets is not enabled, this MUST be NULL."; 1032 reference 1033 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1034 } 1036 leaf ucast-hello-seqno { 1037 type uint16; 1038 description 1039 "Expected unicast Hello sequence number of next Hello 1040 to be received from this neighbor. If unicast Hello 1041 packets are not expected, or processing of unicast 1042 packets is not enabled, this MUST be 0."; 1043 reference 1044 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1045 } 1047 leaf ucast-hello-interval { 1048 type uint16; 1049 units centiseconds; 1050 description 1051 "The current interval in use for unicast hellos sent to 1052 this neighbor. Units are centiseconds."; 1053 reference 1054 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1055 } 1057 leaf rxcost { 1058 type int32; 1059 description 1060 "Reception cost calculated for this neighbor. This value 1061 is usually derived from the Hello history, which may be 1062 combined with other data, such as statistics maintained 1063 by the link layer. The rxcost is sent to a neighbor in 1064 each IHU."; 1065 reference 1066 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1067 } 1069 leaf cost { 1070 type int32; 1071 description 1072 "Link cost is computed from the values maintained in 1073 the neighbor table. The statistics kept in the neighbor 1074 table about the reception of Hellos, and the txcost 1075 computed from received IHU packets."; 1076 reference 1077 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1078 } 1079 } 1080 } 1082 list mac-key-set { 1083 key "name"; 1085 description 1086 "A mac key set object. If this object is implemented, it 1087 provides access to parameters related to the MAC security 1088 mechanism."; 1089 reference 1090 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1092 leaf name { 1093 type string; 1094 description 1095 "A string that uniquely identifies the mac object."; 1096 } 1097 leaf default-apply { 1098 type boolean; 1099 description 1100 "A Boolean flag indicating whether this object 1101 instance is applied to all new interfaces, by default. 1102 If 'true', this instance is applied to new babel- 1103 interfaces instances at the time they are created, 1104 by including it in the mac-key-sets list under 1105 interfaces. If 'false', this instance is not applied 1106 to new interfaces instances when they are created."; 1107 reference 1108 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1109 } 1111 list keys { 1112 key "name"; 1113 min-elements "1"; 1115 description 1116 "A set of keys objects."; 1117 reference 1118 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1120 leaf name { 1121 type string; 1122 mandatory true; 1123 description 1124 "A unique name for this MAC key that can be used to 1125 identify the key in this object instance, since the key 1126 value is not allowed to be read. This value can only be 1127 provided when this instance is created, and is not 1128 subsequently writable."; 1129 reference 1130 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1131 } 1133 leaf use-send { 1134 type boolean; 1135 mandatory true; 1136 description 1137 "Indicates whether this key value is used to compute a 1138 MAC and include that MAC in the sent Babel packet. A MAC 1139 for sent packets is computed using this key if the value 1140 is 'true'. If the value is 'false', this key is not used 1141 to compute a MAC to include in sent Babel packets."; 1142 reference 1143 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1144 } 1145 leaf use-verify { 1146 type boolean; 1147 mandatory true; 1148 description 1149 "Indicates whether this key value is used to verify 1150 incoming Babel packets. This key is used to verify 1151 incoming packets if the value is 'true'. If the value 1152 is 'false', no MAC is computed from this key for 1153 comparing an incoming packet."; 1154 reference 1155 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1156 } 1158 leaf value { 1159 type binary; 1160 mandatory true; 1161 description 1162 "The value of the MAC key. An implementation MUST NOT 1163 allow this parameter to be read. This can be done by 1164 always providing an empty string, or through 1165 permissions, or other means. This value MUST be 1166 provided when this instance is created, and is not 1167 subsequently writable. 1169 This value is of a length suitable for the associated 1170 algorithm. If the algorithm is based on 1171 the HMAC construction [RFC2104], the length MUST be 1172 between 0 and the block size of the underlying hash 1173 inclusive (where 'HMAC-SHA256' block size is 64 1174 bytes as described in [RFC4868]). If the algorithm 1175 is 'BLAKE2-128', the length MUST be between 0 and 32 1176 bytes inclusive, as described in [RFC7693]."; 1177 reference 1178 "RFC ZZZZ: Babel Information Model, Section 3.8, 1179 RFC 2104: HMAC: Keyed-Hashing for Message 1180 Authentication 1181 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1182 HMAC-SHA-512 with IPsec, 1183 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1184 Authentication Code (MAC)."; 1185 } 1187 leaf algorithm { 1188 type identityref { 1189 base mac-algorithms; 1190 } 1191 description 1192 "The name of the MAC algorithm used with this key. The 1193 value MUST be the same as one of the enumerations 1194 listed in the mac-algorithms parameter."; 1195 reference 1196 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1197 } 1199 action test { 1200 description 1201 "An operation that allows the MAC key and MAC 1202 algorithm to be tested to see if they produce an 1203 expected outcome. Input to this operation are a 1204 binary string and a calculated MAC (also in the 1205 format of a binary string) for the binary string. 1206 The implementation is expected to create a MAC over 1207 the binary string using the value and algorithm. 1208 The output of this operation is a binary indication that 1209 the calculated MAC matched the input MAC (true) or the 1210 MACs did not match (false)."; 1211 reference 1212 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1214 input { 1215 leaf test-string { 1216 type binary; 1217 mandatory true; 1218 description 1219 "Input to this operation is a binary string. 1220 The implementation is expected to create 1221 a MAC over this string using the value and 1222 the algorithm defined as part of the mac-key-set."; 1223 reference 1224 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1225 } 1227 leaf mac { 1228 type binary; 1229 mandatory true; 1230 description 1231 "Input to this operation includes a MAC. 1232 The implementation is expected to calculate a MAC 1233 over the string using the value and algorithm of 1234 this key object and compare its calculated MAC to 1235 this input MAC."; 1236 reference 1237 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1238 } 1239 } 1240 output { 1241 leaf indication { 1242 type boolean; 1243 mandatory true; 1244 description 1245 "The output of this operation is a binary indication 1246 that the calculated MAC matched the input MAC (true) 1247 or the MACs did not match (false)."; 1248 reference 1249 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1250 } 1251 } 1252 } 1253 } 1254 } 1256 list dtls { 1257 key "name"; 1259 description 1260 "A dtls object. If this object is implemented, 1261 it provides access to parameters related to the DTLS 1262 security mechanism."; 1263 reference 1264 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1266 leaf name { 1267 type string; 1268 description 1269 "A string that uniquely identifies a dtls object."; 1270 } 1272 leaf default-apply { 1273 type boolean; 1274 mandatory true; 1275 description 1276 "A Boolean flag indicating whether this object 1277 instance is applied to all new interfaces, by default. If 1278 'true', this instance is applied to new interfaces 1279 instances at the time they are created, by including it 1280 in the dtls-certs list under interfaces. If 'false', 1281 this instance is not applied to new interfaces 1282 instances when they are created."; 1283 reference 1284 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1285 } 1287 list certs { 1288 key "name"; 1289 min-elements "1"; 1291 description 1292 "A set of cert objects. This contains 1293 both certificates for this implementation to present 1294 for authentication, and to accept from others. 1295 Certificates with a non-empty private-key 1296 can be presented by this implementation for 1297 authentication."; 1298 reference 1299 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1301 leaf name { 1302 type string; 1303 description 1304 "A unique name for this certificate that can be 1305 used to identify the certificate in this object 1306 instance, since the value is too long to be useful 1307 for identification. This value MUST NOT be empty 1308 and can only be provided when this instance is created 1309 (i.e., it is not subsequently writable)."; 1310 reference 1311 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1312 } 1314 leaf value { 1315 type string; 1316 mandatory true; 1317 description 1318 "The certificate in PEM format [RFC7468]. This 1319 value can only be provided when this instance is 1320 created, and is not subsequently writable."; 1321 reference 1322 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1323 } 1325 leaf type { 1326 type identityref { 1327 base dtls-cert-types; 1328 } 1329 mandatory true; 1330 description 1331 "The name of the certificate type of this object 1332 instance. The value MUST be the same as one of the 1333 enumerations listed in the dtls-cert-types 1334 parameter. This value can only be provided when this 1335 instance is created, and is not subsequently writable."; 1336 reference 1337 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1338 } 1340 leaf private-key { 1341 type binary; 1342 mandatory true; 1343 description 1344 "The value of the private key. If this is non-empty, 1345 this certificate can be used by this implementation to 1346 provide a certificate during DTLS handshaking. An 1347 implementation MUST NOT allow this parameter to be 1348 read. This can be done by always providing an empty 1349 string, or through permissions, or other means. This 1350 value can only be provided when this instance is 1351 created, and is not subsequently writable."; 1352 reference 1353 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1354 } 1355 } 1356 } 1358 uses routes; 1359 } 1360 } 1361 } 1363 1365 3. IANA Considerations 1367 This document registers one URIs and one YANG module. 1369 3.1. URI Registrations 1371 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1373 3.2. YANG Module Name Registration 1375 This document registers one YANG module in the YANG Module Names 1376 registry YANG [RFC6020]. 1378 Name:ietf-babel 1379 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1380 prefix: babel 1381 reference: RFC XXXX 1383 4. Security Considerations 1385 The YANG module specified in this document defines a schema for data 1386 that is designed to be accessed via network management protocol such 1387 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1388 is the secure transport layer and the mandatory-to-implement secure 1389 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1390 the mandatory-to-implement secure transport is TLS [RFC8446]. 1392 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1393 to restrict access for particular NETCONF users to a pre-configured 1394 subset of all available NETCONF protocol operations and content. 1396 There are a number of data nodes defined in the YANG module which are 1397 writable/created/deleted (i.e., config true, which is the default). 1398 These data nodes may be considered sensitive or vulnerable in some 1399 network environments. Write operations (e.g., ) to 1400 these data nodes without proper protection can have a negative effect 1401 on network operations.These are the subtrees and data nodes and their 1402 sensitivity/vulnerability from a config true perspective: 1404 babel: This container includes an "enable" parameter that can be used 1405 to enable or disable use of Babel on a router 1407 babel/constants: This container includes configuration parameters 1408 that can prevent reachability if misconfigured. 1410 babel/interfaces: This leaf-list has configuration parameters that 1411 can enable/disable security mechanisms and change performance 1412 characteristics of the Babel protocol. 1414 babel/hmac and babel/dtls: These contain security credentials that 1415 influence whether packets are trusted. 1417 Some of the readable data or config false nodes in this YANG module 1418 may be considered sensitive or vulnerable in some network 1419 environments. It is thus important to control read access (e.g., via 1420 get, get-config, or notification) to these data nodes. These are the 1421 subtrees and data nodes and their sensitivity/vulnerability from a 1422 config false perpective: 1424 babel: Access to the information in the various nodes can disclose 1425 the network topology. Additionally, the routes used by a network 1426 device may be used to mount a subsequent attack on traffic traversing 1427 the network device. 1429 babel/hmac and babel/dtls: These contain security credentials, 1430 include private credentials of the router. 1432 Some of the RPC operations in this YANG module may be considered 1433 sensitive or vulnerable in some network environments. It is thus 1434 important to control access to these operations. These are the 1435 operations and their sensitivity/vulnerability from a RPC operation 1436 perspective: 1438 babel/hmac/hmac/keys/test and babel/dtls/certs/test: These can be 1439 used in a brute force attack to identify the credentials being used 1440 to secure the Babel protocol. 1442 5. Acknowledgements 1444 Juliusz Chroboczek provided most of the example configurations for 1445 babel that are shown in the Appendix. 1447 6. References 1449 6.1. Normative References 1451 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1452 Requirement Levels", BCP 14, RFC 2119, 1453 DOI 10.17487/RFC2119, March 1997, 1454 . 1456 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1457 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1458 DOI 10.17487/RFC4868, May 2007, 1459 . 1461 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1462 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1463 January 2012, . 1465 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1466 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1467 . 1469 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1470 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1471 . 1473 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1474 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1475 May 2017, . 1477 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1478 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1479 . 1481 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1482 Routing Management (NMDA Version)", RFC 8349, 1483 DOI 10.17487/RFC8349, March 2018, 1484 . 1486 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 1487 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 1488 . 1490 6.2. Informative References 1492 [I-D.ietf-babel-information-model] 1493 Stark, B. and M. Jethanandani, "Babel Information Model", 1494 draft-ietf-babel-information-model-11 (work in progress), 1495 August 2020. 1497 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1498 Hashing for Message Authentication", RFC 2104, 1499 DOI 10.17487/RFC2104, February 1997, 1500 . 1502 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1503 the Network Configuration Protocol (NETCONF)", RFC 6020, 1504 DOI 10.17487/RFC6020, October 2010, 1505 . 1507 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1508 and A. Bierman, Ed., "Network Configuration Protocol 1509 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1510 . 1512 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1513 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1514 . 1516 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1517 Cryptographic Hash and Message Authentication Code (MAC)", 1518 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1519 . 1521 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1522 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1523 . 1525 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1526 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1527 . 1529 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1530 Access Control Model", STD 91, RFC 8341, 1531 DOI 10.17487/RFC8341, March 2018, 1532 . 1534 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1535 and R. Wilton, "Network Management Datastore Architecture 1536 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1537 . 1539 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1540 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1541 . 1543 Appendix A. An Appendix 1545 This section is devoted to examples that demonstrate how Babel can be 1546 configured. 1548 A.1. Statistics Gathering Enabled 1550 In this example, interface eth0 is being configured for routing 1551 protocol Babel, and statistics gathering is enabled. For security, 1552 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1553 the key value provided, and every received Babel packet is verified 1554 with the same key value. 1556 1557 1558 1560 1561 eth0 1562 ianaift:ethernetCsmacd 1563 true 1564 1565 1566 1568 1569 1570 babel:babel 1573 1574 name:babel 1575 1577 true 1578 true 1579 1580 eth0 1581 two-out-of-three 1582 true 1583 1584 1585 hmac-sha256 1586 1587 hmac-sha256-keys 1588 true 1589 true 1590 base64encodedvalue== 1591 hmac-sha256 1592 1593 1594 1595 1596 1597 1598 1600 A.2. Automatic Detection of Properties 1602 1612 1613 1614 1616 1617 eth0 1618 ianaift:ethernetCsmacd 1619 true 1620 1621 1622 wlan0 1623 ianaift:ieee80211 1624 true 1625 1626 1627 1629 1630 1631 babel:babel 1634 1635 name:babel 1636 1638 true 1639 1640 eth0 1641 true 1642 two-out-of-three 1643 true 1644 1645 1646 wlan0 1647 true 1648 etx 1649 false 1650 1651 1652 1653 1654 1655 1657 A.3. Override Default Properties 1659 1677 1678 1679 1681 1682 eth0 1683 ianaift:ethernetCsmacd 1684 true 1685 1686 1687 eth1 1688 ianaift:ethernetCsmacd 1689 true 1690 1691 1692 tun0 1693 ianaift:tunnel 1694 true 1695 1697 1698 1700 1701 1702 babel:babel 1705 1706 name:babel 1707 1709 true 1710 1711 eth0 1712 true 1713 two-out-of-three 1714 true 1715 1716 1717 eth1 1718 true 1719 etx 1720 false 1721 1722 1723 tun0 1724 true 1725 two-out-of-three 1726 true 1727 1728 1729 1730 1731 1732 1734 A.4. Configuring other Properties 1736 1745 1746 1747 1749 1750 eth0 1751 ianaift:ethernetCsmacd 1752 true 1753 1754 1755 ppp0 1756 ianaift:ppp 1757 true 1758 1759 1760 1762 1763 1764 babel:babel 1767 1768 name:babel 1769 1771 true 1772 1773 eth0 1774 true 1775 two-out-of-three 1776 true 1777 1778 1779 ppp0 1780 true 1781 30 1782 120 1783 two-out-of-three 1784 1785 1786 1787 1788 1789 1790 Authors' Addresses 1792 Mahesh Jethanandani 1793 Kloud Services 1794 California 1795 USA 1797 Email: mjethanandani@gmail.com 1799 Barbara Stark 1800 AT&T 1801 Atlanta, GA 1802 USA 1804 Email: barbara.stark@att.com