idnits 2.17.1 draft-ietf-babel-yang-model-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 20, 2021) is 1160 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-14) exists of draft-ietf-babel-information-model-12 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft Kloud Services 4 Intended status: Standards Track B. Stark 5 Expires: August 24, 2021 AT&T 6 February 20, 2021 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-08 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on August 24, 2021. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 60 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 61 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 63 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 64 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 66 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29 67 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 30 69 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 70 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 71 6.1. Normative References . . . . . . . . . . . . . . . . . . 31 72 6.2. Informative References . . . . . . . . . . . . . . . . . 32 73 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 33 74 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 33 75 A.2. Automatic Detection of Properties . . . . . . . . . . . . 35 76 A.3. Override Default Properties . . . . . . . . . . . . . . . 36 77 A.4. Configuring other Properties . . . . . . . . . . . . . . 37 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 80 1. Introduction 82 This document defines a data model for the Babel routing protocol 83 [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] data 84 modeling language and is Network Management Datastore Architecture 85 (NDMA) [RFC8342] compatible. It is based on the Babel Information 86 Model [I-D.ietf-babel-information-model]. 88 1.1. Note to RFC Editor 90 Artwork in this document contains shorthand references to drafts in 91 progress. Please apply the following replacements and remove this 92 note before publication. 94 o "XXXX" --> the assigned RFC value for this draft both in this 95 draft and in the YANG models under the revision statement. 97 o "ZZZZ" --> the assigned RFC value for Babel Information Model 98 [I-D.ietf-babel-information-model] 100 o Revision date in model, in the format 2021-02-22 needs to get 101 updated with the date the draft gets approved. The date also 102 needs to get reflected on the line with . 104 1.2. Tree Diagram Annotations 106 For a reference to the annotations used in tree diagrams included in 107 this draft, please see YANG Tree Diagrams [RFC8340]. 109 2. Babel Module 111 This document defines a YANG 1.1 [RFC7950] data model for the 112 configuration and management of Babel. The YANG module is based on 113 the Babel Information Model [I-D.ietf-babel-information-model]. 115 2.1. Information Model 117 There are a few things that should be noted between the Babel 118 Information Model and this data module. The information model 119 mandates the definition of some of the attributes, e.g. babel- 120 implementation-version or the babel-self-router-id. These attributes 121 are marked a read-only objects in the information module as well as 122 in this data module. However, there is no way in the data module to 123 mandate that a read-only attribute be present. It is up to the 124 implementation of this data module to make sure that the attributes 125 that are marked read-only and are mandatory are indeed present. 127 2.2. Tree Diagram 129 The following diagram illustrates a top level hierarchy of the model. 130 In addition to information like the version number implemented by 131 this device, the model contains subtrees on constants, interfaces, 132 routes and security. 134 module: ietf-babel 135 augment /rt:routing/rt:control-plane-protocols 136 /rt:control-plane-protocol: 137 +--rw babel! 138 +--ro version? string 139 +--rw enable boolean 140 +--ro router-id? binary 141 +--ro seqno? uint16 142 +--rw stats-enable? boolean 143 +--rw constants 144 | ... 145 +--rw interfaces* [reference] 146 | ... 147 +--rw mac-key-set* [name] 148 | ... 149 +--rw dtls* [name] 150 | ... 151 +--ro routes* [prefix] 152 ... 154 The interfaces subtree describes attributes such as interface object 155 that is being referenced, the type of link as enumerated by metric- 156 algorithm and split-horizon and whether the interface is enabled or 157 not. 159 The constants subtree describes the UDP port used for sending and 160 receiving Babel messages, and the multicast group used to send and 161 receive announcements on IPv6. 163 The routes subtree describes objects such as the prefix for which the 164 route is advertised, a reference to the neighboring route, and next- 165 hop address. 167 Finally, for security two subtree are defined to contain MAC keys and 168 DTLS certificates. The mac subtree contains keys used with the MAC 169 security mechanism. The boolean flag default-apply indicates whether 170 the set of MAC keys is automatically applied to new interfaces. The 171 dtls subtree contains certificates used with DTLS security mechanism. 172 Similar to the MAC mechanism, the boolean flag default-apply 173 indicates whether the set of DTLS certificates is automatically 174 applied to new interfaces. 176 2.3. YANG Module 178 This YANG module augments the YANG Routing Management [RFC8349] 179 module to provide a common framework for all routing subsystems. By 180 augmenting the module it provides a common building block for routes, 181 and Routing Information Bases (RIBs). It also has a reference to an 182 interface defined by A YANG Data Model for Interface Management 183 [RFC8343]. 185 A router running Babel routing protocol can determine the parameters 186 it needs to use for an interface based on the interface name. For 187 example, it can detect that eth0 is a wired interface, and that wlan0 188 is a wireless interface. This is not true for a tunnel interface, 189 where the link parameters need to be configured explicitly. 191 For a wired interface, it will assume '2-out-of-3' 'metric- 192 algorithm', and 'split-horizon' set to true. On other hand, for a 193 wireless interface it will assume 'etx' 'metric-algorithm', and 194 'split-horizon' set to false. However, if the wired link is 195 connected to a wireless radio, the values can be overriden by setting 196 'metric-algorithm' to 'etx', and 'split-horizon' to false. 197 Similarly, an interface that is a metered 3G link, and used for 198 fallback connectivity needs much higher default time constants, e.g. 199 'mcast-hello-interval', and 'update-interval', in order to avoid 200 carrying control traffic as much as possible. 202 In addition to the modules used above, this module imports 203 definitions from Common YANG Data Types [RFC6991], and references 204 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC- 205 SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport 206 Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash 207 and Message Authentication Code (MAC) [RFC7693], Babel Information 208 Model [I-D.ietf-babel-information-model], and The Babel Routing 209 Protocol [RFC8966]. 211 file "ietf-babel@2021-02-22.yang" 213 module ietf-babel { 214 yang-version 1.1; 215 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 216 prefix babel; 218 import ietf-yang-types { 219 prefix yt; 220 reference 221 "RFC 6991: Common YANG Data Types."; 222 } 223 import ietf-inet-types { 224 prefix inet; 225 reference 226 "RFC 6991: Common YANG Data Types."; 227 } 228 import ietf-interfaces { 229 prefix if; 230 reference 231 "RFC 8343: A YANG Data Model for Interface Management"; 232 } 233 import ietf-routing { 234 prefix "rt"; 235 reference 236 "RFC 8349: YANG Routing Management"; 237 } 239 organization 240 "IETF Babel routing protocol Working Group"; 242 contact 243 "WG Web: http://tools.ietf.org/wg/babel/ 244 WG List: babel@ietf.org 246 Editor: Mahesh Jethanandani 247 mjethanandani@gmail.com 248 Editor: Barbara Stark 249 bs7652@att.com"; 251 description 252 "This YANG module defines a model for the Babel routing 253 protocol. 255 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 256 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 257 'MAY', and 'OPTIONAL' in this document are to be interpreted as 258 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 259 they appear in all capitals, as shown here. 261 Copyright (c) 2020 IETF Trust and the persons identified as 262 authors of the code. All rights reserved. 264 Redistribution and use in source and binary forms, with or 265 without modification, is permitted pursuant to, and subject to 266 the license terms contained in, the Simplified BSD License set 267 forth in Section 4.c of the IETF Trust's Legal Provisions 268 Relating to IETF Documents 269 (https://trustee.ietf.org/license-info). 271 This version of this YANG module is part of RFC XXXX 272 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 273 for full legal notices."; 275 revision 2021-02-22 { 276 description 277 "Initial version."; 279 reference 280 "RFC XXXX: Babel YANG Data Model."; 281 } 283 /* 284 * Features 285 */ 286 feature two-out-of-three-supported { 287 description 288 "This implementation supports two-out-of-three metric 289 comp algorithm."; 290 } 292 feature etx-supported { 293 description 294 "This implementation supports Expected Transmission Count 295 (ETX) metric comp algorithm."; 296 } 298 feature mac-supported { 299 description 300 "This implementation supports MAC based security."; 301 reference 302 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 303 Protocol."; 304 } 306 feature dtls-supported { 307 description 308 "This implementation supports DTLS based security."; 309 reference 310 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 311 Transport Layer Security."; 312 } 314 feature hmac-sha256-supported { 315 description 316 "This implementation supports hmac-sha256 MAC algorithm."; 317 reference 318 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 319 Protocol."; 320 } 322 feature blake2s-supported { 323 description 324 "This implementation supports blake2s MAC algorithms. 325 Specifically, BLAKE2-128 is supported."; 326 reference 327 "draft-ietf-babel-hmac: MAC authentication for Babel Routing 328 Protocol."; 329 } 331 feature x-509-supported { 332 description 333 "This implementation supports x-509 certificate type."; 334 reference 335 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 336 Transport Layer Security."; 337 } 339 feature raw-public-key-supported { 340 description 341 "This implementation supports raw-public-key certificate type."; 342 reference 343 "draft-ietf-babel-dtls: Babel Routing Protocol over Datagram 344 Transport Layer Security."; 345 } 347 /* 348 * Identities 349 */ 350 identity metric-comp-algorithms { 351 description 352 "Base identity from which all Babel metric comp algorithms 353 MUST be derived."; 354 } 356 identity two-out-of-three { 357 if-feature two-out-of-three-supported; 358 base "metric-comp-algorithms"; 359 description 360 "2-out-of-3 algorithm."; 361 reference 362 "RFC 8966: The Babel Routing Protocol, Section A.2.1."; 363 } 365 identity etx { 366 if-feature etx-supported; 367 base "metric-comp-algorithms"; 368 description 369 "Expected Transmission Count."; 370 reference 371 "RFC 8966: The Babel Routing Protocol, Section A.2.2."; 372 } 374 /* 375 * Babel MAC algorithms identities. 376 */ 377 identity mac-algorithms { 378 description 379 "Base identity for all Babel MAC algorithms."; 380 } 382 identity hmac-sha256 { 383 if-feature mac-supported; 384 if-feature hmac-sha256-supported; 385 base mac-algorithms; 386 description 387 "HMAC-SHA256 algorithm supported."; 388 reference 389 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 390 with IPsec."; 391 } 393 identity blake2s { 394 if-feature mac-supported; 395 if-feature blake2s-supported; 396 base mac-algorithms; 397 description 398 "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is 399 supported."; 400 reference 401 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 402 Authentication Code (MAC)."; 403 } 405 /* 406 * Babel Cert Types 407 */ 408 identity dtls-cert-types { 409 description 410 "Base identity for Babel DTLS certificate types."; 411 } 413 identity x-509 { 414 if-feature dtls-supported; 415 if-feature x-509-supported; 416 base dtls-cert-types; 417 description 418 "X.509 certificate type."; 419 } 421 identity raw-public-key { 422 if-feature dtls-supported; 423 if-feature raw-public-key-supported; 424 base dtls-cert-types; 425 description 426 "Raw Public Key type."; 427 } 429 /* 430 * Babel routing protocol identity. 431 */ 432 identity babel { 433 base "rt:routing-protocol"; 434 description 435 "Babel routing protocol"; 436 } 438 /* 439 * Groupings 440 */ 441 grouping routes { 442 list routes { 443 key "prefix"; 444 config false; 446 leaf prefix { 447 type inet:ip-prefix; 448 description 449 "Prefix (expressed in ip-address/prefix-length format) for 450 which this route is advertised."; 451 reference 452 "RFC ZZZZ: Babel Information Model, Section 3.6."; 453 } 455 leaf router-id { 456 type binary; 457 description 458 "router-id of the source router for which this route is 459 advertised."; 460 reference 461 "RFC ZZZZ: Babel Information Model, Section 3.6."; 462 } 464 leaf neighbor { 465 type leafref { 466 path "/rt:routing/rt:control-plane-protocols/" + 467 "rt:control-plane-protocol/babel/interfaces/" + 468 "neighbor-objects/neighbor-address"; 469 } 470 description 471 "Reference to the neighbor-objects entry for the neighbor 472 that advertised this route."; 473 reference 474 "RFC ZZZZ: Babel Information Model, Section 3.6."; 475 } 477 leaf received-metric { 478 type uint16; 479 description 480 "The metric with which this route was advertised by the 481 neighbor, or maximum value (infinity) to indicate the 482 route was recently retracted and is temporarily 483 unreachable. This metric will be 0 (zero) if the route 484 was not received from a neighbor but was generated 485 through other means. At least one of 486 calculated-metric or received-metric MUST be non-NULL."; 487 reference 488 "RFC ZZZZ: Babel Information Model, Section 3.6, 489 RFC 8966: The Babel Routing Protocol, Section 2.1."; 490 } 492 leaf calculated-metric { 493 type uint16; 494 description 495 "A calculated metric for this route. How the metric is 496 calculated is implementation-specific. Maximum value 497 (infinity) indicates the route was recently retracted 498 and is temporarily unreachable. At least one of 499 calculated-metric or received-metric MUST be non-NULL."; 500 reference 501 "RFC ZZZZ: Babel Information Model, Section 3.6, 502 RFC 8966: The Babel Routing Protocol, Section 2.1."; 503 } 505 leaf seqno { 506 type uint16; 507 description 508 "The sequence number with which this route was advertised."; 509 reference 510 "RFC ZZZZ: Babel Information Model, Section 3.6."; 511 } 513 leaf next-hop { 514 type inet:ip-address; 515 description 516 "The next-hop address of this route. This will be empty if 517 this route has no next-hop address."; 518 reference 519 "RFC ZZZZ: Babel Information Model, Section 3.6."; 520 } 522 leaf feasible { 523 type boolean; 524 description 525 "A boolean flag indicating whether this route is feasible."; 526 reference 527 "RFC ZZZZ: Babel Information Model, Section 3.6, 528 RFC 8966, The Babel Routing Protocol, Section 3.5.1."; 529 } 531 leaf selected { 532 type boolean; 533 description 534 "A boolean flag indicating whether this route is selected, 535 i.e., whether it is currently being used for forwarding and 536 is being advertised."; 537 reference 538 "RFC ZZZZ: Babel Information Model, Section 3.6."; 539 } 540 description 541 "A set of babel-route-obj objects. Includes received and 542 routes routes."; 543 reference 544 "RFC ZZZZ: Babel Information Model, Section 3.1."; 545 } 546 description 547 "Common grouping for routing used in RIB."; 548 } 550 /* 551 * Data model 552 */ 554 augment "/rt:routing/rt:control-plane-protocols/" + 555 "rt:control-plane-protocol" { 556 when "derived-from-or-self(rt:type, 'babel')" { 557 description 558 "Augmentation is valid only when the instance of routing type 559 is of type 'babel'."; 560 } 561 description 562 "Augment the routing module to support a common structure 563 between routing protocols."; 564 reference 565 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 566 2018."; 568 container babel { 569 presence "A Babel container."; 570 description 571 "Babel Information Objects."; 572 reference 573 "RFC ZZZZ: Babel Information Model, Section 3."; 575 leaf version { 576 type string; 577 config false; 578 description 579 "The name and version of this implementation of the Babel 580 protocol."; 581 reference 582 "RFC ZZZZ: Babel Information Model, Section 3.1."; 583 } 585 leaf enable { 586 type boolean; 587 mandatory true; 588 description 589 "When written, it configures whether the protocol should be 590 enabled. A read from the or datastore 591 therefore indicates the configured administrative value of 592 whether the protocol is enabled or not. 594 A read from the datastore indicates whether 595 the protocol is actually running or not, i.e. it indicates 596 the operational state of the protocol."; 597 reference 598 "RFC ZZZZ: Babel Information Model, Section 3.1."; 599 } 601 leaf router-id { 602 type binary; 603 must '../enable = "true"'; 604 config false; 605 description 606 "Every Babel speaker is assigned a router-id, which is an 607 arbitrary string of 8 octets that is assumed to be unique 608 across the routing domain. 610 The router-id is valid only if the protocol is enabled, 611 at which time a non-zero value is assigned."; 612 reference 613 "RFC ZZZZ: Babel Information Model, Section 3.1, 614 RFC 8966: The Babel Routing Protocol, 615 Section 3."; 617 } 619 leaf seqno { 620 type uint16; 621 config false; 622 description 623 "Sequence number included in route updates for routes 624 originated by this node."; 625 reference 626 "RFC ZZZZ: Babel Information Model, Section 3.1."; 627 } 629 leaf stats-enable { 630 type boolean; 631 description 632 "Indicates whether statistics collection is enabled (true) 633 or disabled (false) on all interfaces. When enabled, 634 existing statistics values are not cleared and will be 635 incremented as new packets are counted."; 636 } 638 container constants { 639 description 640 "Babel Constants object."; 641 reference 642 "RFC ZZZZ: Babel Information Model, Section 3.1."; 644 leaf udp-port { 645 type inet:port-number; 646 default "6696"; 647 description 648 "UDP port for sending and receiving Babel messages. The 649 default port is 6696."; 650 reference 651 "RFC ZZZZ: Babel Information Model, Section 3.2."; 652 } 654 leaf mcast-group { 655 type inet:ip-address; 656 default "ff02::1:6"; 657 description 658 "Multicast group for sending and receiving multicast 659 announcements on IPv6."; 660 reference 661 "RFC ZZZZ: Babel Information Model, Section 3.2."; 662 } 663 } 664 list interfaces { 665 key "reference"; 667 description 668 "A set of Babel Interface objects."; 669 reference 670 "RFC ZZZZ: Babel Information Model, Section 3.3."; 672 leaf reference { 673 type if:interface-ref; 674 description 675 "References the name of the interface over which Babel 676 packets are sent and received."; 677 reference 678 "RFC ZZZZ: Babel Information Model, Section 3.3."; 679 } 681 leaf enable { 682 type boolean; 683 default "true"; 684 description 685 "If true, babel sends and receives messages on this 686 interface. If false, babel messages received on this 687 interface are ignored and none are sent."; 688 reference 689 "RFC ZZZZ: Babel Information Model, Section 3.3."; 690 } 692 leaf metric-algorithm { 693 type identityref { 694 base metric-comp-algorithms; 695 } 696 mandatory true; 697 description 698 "Indicates the metric computation algorithm used on this 699 interface. The value MUST be one of those identities 700 based on 'metric-comp-algorithms'."; 701 reference 702 "RFC ZZZZ: Babel Information Model, Section 3.3."; 703 } 705 leaf split-horizon { 706 type boolean; 707 description 708 "Indicates whether or not the split horizon optimization 709 is used when calculating metrics on this interface. 710 A value of true indicates split horizon optimization 711 is used."; 713 reference 714 "RFC ZZZZ: Babel Information Model, Section 3.3."; 715 } 717 leaf mcast-hello-seqno { 718 type uint16; 719 config false; 720 description 721 "The current sequence number in use for multicast hellos 722 sent on this interface."; 723 reference 724 "RFC ZZZZ: Babel Information Model, Section 3.3."; 725 } 727 leaf mcast-hello-interval { 728 type uint16; 729 units centiseconds; 730 description 731 "The current multicast hello interval in use for hellos 732 sent on this interface."; 733 reference 734 "RFC ZZZZ: Babel Information Model, Section 3.3."; 735 } 737 leaf update-interval { 738 type uint16; 739 units centiseconds; 740 description 741 "The current update interval in use for this interface. 742 Units are centiseconds."; 743 reference 744 "RFC ZZZZ: Babel Information Model, Section 3.3."; 745 } 747 leaf mac-enable { 748 type boolean; 749 description 750 "Indicates whether the MAC security mechanism is enabled 751 (true) or disabled (false)."; 752 reference 753 "RFC ZZZZ: Babel Information Model, Section 3.3."; 754 } 756 leaf-list mac-key-sets { 757 type leafref { 758 path "../../mac-key-set/name"; 759 } 760 description 761 "List of references to the mac entries that apply 762 to this interface. When an interface instance is 763 created, all mac instances with default-apply 'true' 764 will be included in this list."; 765 reference 766 "RFC ZZZZ: Babel Information Model, Section 3.3."; 767 } 769 leaf mac-verify { 770 type boolean; 771 description 772 "A Boolean flag indicating whether MACs in 773 incoming Babel packets are required to be present and 774 are verified. If this parameter is 'true', incoming 775 packets are required to have a valid MAC."; 776 reference 777 "RFC ZZZZ: Babel Information Model, Section 3.3."; 778 } 780 leaf dtls-enable { 781 type boolean; 782 description 783 "Indicates whether the DTLS security mechanism is enabled 784 (true) or disabled (false)."; 785 reference 786 "RFC ZZZZ: Babel Information Model, Section 3.3."; 787 } 789 leaf-list dtls-certs { 790 type leafref { 791 path "../../dtls/name"; 792 } 793 description 794 "List of references to the dtls entries that apply to 795 this interface. When an interface instance 796 is created, all dtls instances with default-apply 797 'true' will be included in this list."; 798 reference 799 "RFC ZZZZ: Babel Information Model, Section 3.3."; 800 } 802 leaf dtls-cached-info { 803 type boolean; 804 description 805 "Indicates whether the cached_info extension is included 806 in ClientHello and ServerHello packets. The extension 807 is included if the value is 'true'."; 808 reference 809 "RFC ZZZZ: Babel Information Model, Section 3.3. 810 draft-ietf-babel-dtls: Babel Routing Protocol over 811 Datagram Transport Layer Security, Appendix A."; 812 } 814 leaf-list dtls-cert-prefer { 815 type leafref { 816 path "../../dtls/certs/type"; 817 } 818 ordered-by user; 819 description 820 "List of supported certificate types, in order of 821 preference. The values MUST be among those listed in 822 dtls-cert-types. This list is used to populate the 823 server_certificate_type extension in a Client Hello. 824 Values that are present in at least one instance in the 825 certs object under dtls of a referenced dtls instance 826 and that have a non-empty private-key will be used to 827 populate the client_certificate_type extension in a 828 Client Hello."; 829 reference 830 "RFC ZZZZ: Babel Information Model, Section 3.3 831 draft-ietf-babel-dtls: Babel Routing Protocol over 832 Datagram Transport Layer Security, Appendix A."; 833 } 835 leaf packet-log-enable { 836 type boolean; 837 description 838 "If true, logging of babel packets received on this 839 interface is enabled; if false, babel packets are not 840 logged."; 841 reference 842 "RFC ZZZZ: Babel Information Model, Section 3.3."; 843 } 845 leaf packet-log { 846 type inet:uri; 847 config false; 848 description 849 "A reference or url link to a file that contains a 850 timestamped log of packets received and sent on 851 udp-port on this interface. The [libpcap] file 852 format with .pcap file extension SHOULD be supported for 853 packet log files. Logging is enabled / disabled by 854 packet-log-enable."; 855 reference 856 "RFC ZZZZ: Babel Information Model, Section 3.3."; 858 } 860 container stats { 861 config false; 863 description 864 "Statistics collection object for this interface."; 865 reference 866 "RFC ZZZZ: Babel Information Model, Section 3.3."; 868 leaf sent-mcast-hello { 869 type yt:counter32; 870 description 871 "A count of the number of multicast Hello packets sent 872 on this interface."; 873 reference 874 "RFC ZZZZ: Babel Information Model, Section 3.4."; 875 } 877 leaf sent-mcast-update { 878 type yt:counter32; 879 description 880 "A count of the number of multicast update packets sent 881 on this interface."; 882 reference 883 "RFC ZZZZ: Babel Information Model, Section 3.4."; 884 } 886 leaf sent-ucast-hello { 887 type yt:counter32; 888 description 889 "A count of the number of unicast Hello packets sent 890 on this interface."; 891 reference 892 "RFC ZZZZ: Babel Information Model, Section 3.6."; 893 } 895 leaf sent-ucast-update { 896 type yt:counter32; 897 description 898 "A count of the number of unicast update packets sent 899 on this interface."; 900 reference 901 "RFC ZZZZ: Babel Information Model, Section 3.6."; 902 } 904 leaf sent-ihu { 905 type yt:counter32; 906 description 907 "A count of the number of IHU packets sent on this 908 interface."; 909 reference 910 "RFC ZZZZ: Babel Information Model, Section 3.6."; 911 } 913 leaf received-packets { 914 type yt:counter32; 915 description 916 "A count of the number of Babel packets received on 917 this interface."; 918 reference 919 "RFC ZZZZ: Babel Information Model, Section 3.4."; 920 } 921 action reset { 922 description 923 "The information model [RFC ZZZZ] defines reset 924 action as a system-wide reset of Babel statistics. 925 In YANG the reset action is associated with the 926 container where the action is defined. In this case 927 the action is associated with the stats container 928 inside an interface. The action will therefore 929 reset statistics at an interface level. 931 Implementations that want to support a system-wide 932 reset of Babel statistics need to call this action 933 for every instance of the interface."; 935 input { 936 leaf reset-at { 937 type yt:date-and-time; 938 description 939 "The time when the reset was issued."; 940 } 941 } 942 output { 943 leaf reset-finished-at { 944 type yt:date-and-time; 945 description 946 "The time when the reset finished."; 947 } 948 } 949 } 950 } 952 list neighbor-objects { 953 key "neighbor-address"; 954 config false; 956 description 957 "A set of Babel Neighbor Object."; 958 reference 959 "RFC ZZZZ: Babel Information Model, Section 3.5."; 961 leaf neighbor-address { 962 type inet:ip-address; 963 description 964 "IPv4 or v6 address the neighbor sends packets from."; 965 reference 966 "RFC ZZZZ: Babel Information Model, Section 3.5."; 967 } 969 leaf hello-mcast-history { 970 type string; 971 description 972 "The multicast Hello history of whether or not the 973 multicast Hello packets prior to exp-mcast- 974 hello-seqno were received, with a '1' for the most 975 recent Hello placed in the most significant bit and 976 prior Hellos shifted right (with '0' bits placed 977 between prior Hellos and most recent Hello for any 978 not-received Hellos); represented as a string using 979 utf-8 encoded hex digits where a '1' bit = Hello 980 received and a '0' bit = Hello not received."; 981 reference 982 "RFC ZZZZ: Babel Information Model, Section 3.5."; 983 } 985 leaf hello-ucast-history { 986 type string; 987 description 988 "The unicast Hello history of whether or not the 989 unicast Hello packets prior to exp-ucast-hello-seqno 990 were received, with a '1' for the most 991 recent Hello placed in the most significant bit and 992 prior Hellos shifted right (with '0' bits placed 993 between prior Hellos and most recent Hello for any 994 not-received Hellos); represented as a string using 995 utf-8 encoded hex digits where a '1' bit = Hello 996 received and a '0' bit = Hello not received."; 997 reference 998 "RFC ZZZZ: Babel Information Model, Section 3.5."; 999 } 1001 leaf txcost { 1002 type int32; 1003 default "0"; 1004 description 1005 "Transmission cost value from the last IHU packet 1006 received from this neighbor, or maximum value 1007 (infinity) to indicate the IHU hold timer for this 1008 neighbor has expired description."; 1009 reference 1010 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1011 } 1013 leaf exp-mcast-hello-seqno { 1014 type uint16; 1015 default "0"; 1016 description 1017 "Expected multicast Hello sequence number of next Hello 1018 to be received from this neighbor; if multicast Hello 1019 packets are not expected, or processing of multicast 1020 packets is not enabled, this MUST be NULL."; 1021 reference 1022 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1023 } 1025 leaf exp-ucast-hello-seqno { 1026 type uint16; 1027 default "0"; 1028 description 1029 "Expected unicast Hello sequence number of next Hello to 1030 be received from this neighbor; if unicast Hello 1031 packets are not expected, or processing of unicast 1032 packets is not enabled, this MUST be NULL."; 1033 reference 1034 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1035 } 1037 leaf ucast-hello-seqno { 1038 type uint16; 1039 description 1040 "Expected unicast Hello sequence number of next Hello 1041 to be received from this neighbor. If unicast Hello 1042 packets are not expected, or processing of unicast 1043 packets is not enabled, this MUST be 0."; 1044 reference 1045 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1046 } 1048 leaf ucast-hello-interval { 1049 type uint16; 1050 units centiseconds; 1051 description 1052 "The current interval in use for unicast hellos sent to 1053 this neighbor. Units are centiseconds."; 1054 reference 1055 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1056 } 1058 leaf rxcost { 1059 type int32; 1060 description 1061 "Reception cost calculated for this neighbor. This value 1062 is usually derived from the Hello history, which may be 1063 combined with other data, such as statistics maintained 1064 by the link layer. The rxcost is sent to a neighbor in 1065 each IHU."; 1066 reference 1067 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1068 } 1070 leaf cost { 1071 type int32; 1072 description 1073 "Link cost is computed from the values maintained in 1074 the neighbor table. The statistics kept in the neighbor 1075 table about the reception of Hellos, and the txcost 1076 computed from received IHU packets."; 1077 reference 1078 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1079 } 1080 } 1081 } 1083 list mac-key-set { 1084 key "name"; 1086 description 1087 "A mac key set object. If this object is implemented, it 1088 provides access to parameters related to the MAC security 1089 mechanism."; 1090 reference 1091 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1093 leaf name { 1094 type string; 1095 description 1096 "A string that uniquely identifies the mac object."; 1097 } 1098 leaf default-apply { 1099 type boolean; 1100 description 1101 "A Boolean flag indicating whether this object 1102 instance is applied to all new interfaces, by default. 1103 If 'true', this instance is applied to new babel- 1104 interfaces instances at the time they are created, 1105 by including it in the mac-key-sets list under 1106 interfaces. If 'false', this instance is not applied 1107 to new interfaces instances when they are created."; 1108 reference 1109 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1110 } 1112 list keys { 1113 key "name"; 1114 min-elements "1"; 1116 description 1117 "A set of keys objects."; 1118 reference 1119 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1121 leaf name { 1122 type string; 1123 mandatory true; 1124 description 1125 "A unique name for this MAC key that can be used to 1126 identify the key in this object instance, since the key 1127 value is not allowed to be read. This value can only be 1128 provided when this instance is created, and is not 1129 subsequently writable."; 1130 reference 1131 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1132 } 1134 leaf use-send { 1135 type boolean; 1136 mandatory true; 1137 description 1138 "Indicates whether this key value is used to compute a 1139 MAC and include that MAC in the sent Babel packet. A MAC 1140 for sent packets is computed using this key if the value 1141 is 'true'. If the value is 'false', this key is not used 1142 to compute a MAC to include in sent Babel packets."; 1143 reference 1144 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1145 } 1146 leaf use-verify { 1147 type boolean; 1148 mandatory true; 1149 description 1150 "Indicates whether this key value is used to verify 1151 incoming Babel packets. This key is used to verify 1152 incoming packets if the value is 'true'. If the value 1153 is 'false', no MAC is computed from this key for 1154 comparing an incoming packet."; 1155 reference 1156 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1157 } 1159 leaf value { 1160 type binary; 1161 mandatory true; 1162 description 1163 "The value of the MAC key. An implementation MUST NOT 1164 allow this parameter to be read. This can be done by 1165 always providing an empty string, or through 1166 permissions, or other means. This value MUST be 1167 provided when this instance is created, and is not 1168 subsequently writable. 1170 This value is of a length suitable for the associated 1171 algorithm. If the algorithm is based on 1172 the HMAC construction [RFC2104], the length MUST be 1173 between 0 and the block size of the underlying hash 1174 inclusive (where 'HMAC-SHA256' block size is 64 1175 bytes as described in [RFC4868]). If the algorithm 1176 is 'BLAKE2-128', the length MUST be between 0 and 32 1177 bytes inclusive, as described in [RFC7693]."; 1178 reference 1179 "RFC ZZZZ: Babel Information Model, Section 3.8, 1180 RFC 2104: HMAC: Keyed-Hashing for Message 1181 Authentication 1182 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1183 HMAC-SHA-512 with IPsec, 1184 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1185 Authentication Code (MAC)."; 1186 } 1188 leaf algorithm { 1189 type identityref { 1190 base mac-algorithms; 1191 } 1192 description 1193 "The name of the MAC algorithm used with this key. The 1194 value MUST be the same as one of the enumerations 1195 listed in the mac-algorithms parameter."; 1196 reference 1197 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1198 } 1200 action test { 1201 description 1202 "An operation that allows the MAC key and MAC 1203 algorithm to be tested to see if they produce an 1204 expected outcome. Input to this operation are a 1205 binary string and a calculated MAC (also in the 1206 format of a binary string) for the binary string. 1207 The implementation is expected to create a MAC over 1208 the binary string using the value and algorithm. 1209 The output of this operation is a binary indication that 1210 the calculated MAC matched the input MAC (true) or the 1211 MACs did not match (false)."; 1212 reference 1213 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1215 input { 1216 leaf test-string { 1217 type binary; 1218 mandatory true; 1219 description 1220 "Input to this operation is a binary string. 1221 The implementation is expected to create 1222 a MAC over this string using the value and 1223 the algorithm defined as part of the mac-key-set."; 1224 reference 1225 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1226 } 1228 leaf mac { 1229 type binary; 1230 mandatory true; 1231 description 1232 "Input to this operation includes a MAC. 1233 The implementation is expected to calculate a MAC 1234 over the string using the value and algorithm of 1235 this key object and compare its calculated MAC to 1236 this input MAC."; 1237 reference 1238 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1239 } 1240 } 1241 output { 1242 leaf indication { 1243 type boolean; 1244 mandatory true; 1245 description 1246 "The output of this operation is a binary indication 1247 that the calculated MAC matched the input MAC (true) 1248 or the MACs did not match (false)."; 1249 reference 1250 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1251 } 1252 } 1253 } 1254 } 1255 } 1257 list dtls { 1258 key "name"; 1260 description 1261 "A dtls object. If this object is implemented, 1262 it provides access to parameters related to the DTLS 1263 security mechanism."; 1264 reference 1265 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1267 leaf name { 1268 type string; 1269 description 1270 "A string that uniquely identifies a dtls object."; 1271 } 1273 leaf default-apply { 1274 type boolean; 1275 mandatory true; 1276 description 1277 "A Boolean flag indicating whether this object 1278 instance is applied to all new interfaces, by default. If 1279 'true', this instance is applied to new interfaces 1280 instances at the time they are created, by including it 1281 in the dtls-certs list under interfaces. If 'false', 1282 this instance is not applied to new interfaces 1283 instances when they are created."; 1284 reference 1285 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1286 } 1288 list certs { 1289 key "name"; 1290 min-elements "1"; 1292 description 1293 "A set of cert objects. This contains 1294 both certificates for this implementation to present 1295 for authentication, and to accept from others. 1296 Certificates with a non-empty private-key 1297 can be presented by this implementation for 1298 authentication."; 1299 reference 1300 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1302 leaf name { 1303 type string; 1304 description 1305 "A unique name for this certificate that can be 1306 used to identify the certificate in this object 1307 instance, since the value is too long to be useful 1308 for identification. This value MUST NOT be empty 1309 and can only be provided when this instance is created 1310 (i.e., it is not subsequently writable)."; 1311 reference 1312 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1313 } 1315 leaf value { 1316 type string; 1317 mandatory true; 1318 description 1319 "The certificate in PEM format [RFC7468]. This 1320 value can only be provided when this instance is 1321 created, and is not subsequently writable."; 1322 reference 1323 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1324 } 1326 leaf type { 1327 type identityref { 1328 base dtls-cert-types; 1329 } 1330 mandatory true; 1331 description 1332 "The name of the certificate type of this object 1333 instance. The value MUST be the same as one of the 1334 enumerations listed in the dtls-cert-types 1335 parameter. This value can only be provided when this 1336 instance is created, and is not subsequently writable."; 1337 reference 1338 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1339 } 1341 leaf private-key { 1342 type binary; 1343 mandatory true; 1344 description 1345 "The value of the private key. If this is non-empty, 1346 this certificate can be used by this implementation to 1347 provide a certificate during DTLS handshaking. An 1348 implementation MUST NOT allow this parameter to be 1349 read. This can be done by always providing an empty 1350 string, or through permissions, or other means. This 1351 value can only be provided when this instance is 1352 created, and is not subsequently writable."; 1353 reference 1354 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1355 } 1356 } 1357 } 1359 uses routes; 1360 } 1361 } 1362 } 1364 1366 3. IANA Considerations 1368 This document registers one URIs and one YANG module. 1370 3.1. URI Registrations 1372 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1374 3.2. YANG Module Name Registration 1376 This document registers one YANG module in the YANG Module Names 1377 registry YANG [RFC6020]. 1379 Name:ietf-babel 1380 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1381 prefix: babel 1382 reference: RFC XXXX 1384 4. Security Considerations 1386 The YANG module specified in this document defines a schema for data 1387 that is designed to be accessed via network management protocol such 1388 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1389 is the secure transport layer and the mandatory-to-implement secure 1390 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1391 the mandatory-to-implement secure transport is TLS [RFC8446]. 1393 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1394 to restrict access for particular NETCONF users to a pre-configured 1395 subset of all available NETCONF protocol operations and content. 1397 There are a number of data nodes defined in the YANG module which are 1398 writable/created/deleted (i.e., config true, which is the default). 1399 These data nodes may be considered sensitive or vulnerable in some 1400 network environments. Write operations (e.g., ) to 1401 these data nodes without proper protection can have a negative effect 1402 on network operations.These are the subtrees and data nodes and their 1403 sensitivity/vulnerability from a config true perspective: 1405 babel: This container includes an "enable" parameter that can be used 1406 to enable or disable use of Babel on a router 1408 babel/constants: This container includes configuration parameters 1409 that can prevent reachability if misconfigured. 1411 babel/interfaces: This leaf-list has configuration parameters that 1412 can enable/disable security mechanisms and change performance 1413 characteristics of the Babel protocol. 1415 babel/hmac and babel/dtls: These contain security credentials that 1416 influence whether packets are trusted. 1418 Some of the readable data or config false nodes in this YANG module 1419 may be considered sensitive or vulnerable in some network 1420 environments. It is thus important to control read access (e.g., via 1421 get, get-config, or notification) to these data nodes. These are the 1422 subtrees and data nodes and their sensitivity/vulnerability from a 1423 config false perpective: 1425 babel: Access to the information in the various nodes can disclose 1426 the network topology. Additionally, the routes used by a network 1427 device may be used to mount a subsequent attack on traffic traversing 1428 the network device. 1430 babel/hmac and babel/dtls: These contain security credentials, 1431 include private credentials of the router. 1433 Some of the RPC operations in this YANG module may be considered 1434 sensitive or vulnerable in some network environments. It is thus 1435 important to control access to these operations. These are the 1436 operations and their sensitivity/vulnerability from a RPC operation 1437 perspective: 1439 babel/hmac/hmac/keys/test and babel/dtls/certs/test: These can be 1440 used in a brute force attack to identify the credentials being used 1441 to secure the Babel protocol. 1443 5. Acknowledgements 1445 Juliusz Chroboczek provided most of the example configurations for 1446 babel that are shown in the Appendix. 1448 6. References 1450 6.1. Normative References 1452 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1453 Requirement Levels", BCP 14, RFC 2119, 1454 DOI 10.17487/RFC2119, March 1997, 1455 . 1457 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1458 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1459 DOI 10.17487/RFC4868, May 2007, 1460 . 1462 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1463 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1464 January 2012, . 1466 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1467 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1468 . 1470 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1471 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1472 . 1474 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1475 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1476 May 2017, . 1478 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1479 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1480 . 1482 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1483 Routing Management (NMDA Version)", RFC 8349, 1484 DOI 10.17487/RFC8349, March 2018, 1485 . 1487 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 1488 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 1489 . 1491 6.2. Informative References 1493 [I-D.ietf-babel-information-model] 1494 Stark, B. and M. Jethanandani, "Babel Information Model", 1495 draft-ietf-babel-information-model-12 (work in progress), 1496 January 2021. 1498 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1499 Hashing for Message Authentication", RFC 2104, 1500 DOI 10.17487/RFC2104, February 1997, 1501 . 1503 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1504 the Network Configuration Protocol (NETCONF)", RFC 6020, 1505 DOI 10.17487/RFC6020, October 2010, 1506 . 1508 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1509 and A. Bierman, Ed., "Network Configuration Protocol 1510 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1511 . 1513 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1514 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1515 . 1517 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1518 Cryptographic Hash and Message Authentication Code (MAC)", 1519 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1520 . 1522 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1523 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1524 . 1526 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1527 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1528 . 1530 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1531 Access Control Model", STD 91, RFC 8341, 1532 DOI 10.17487/RFC8341, March 2018, 1533 . 1535 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1536 and R. Wilton, "Network Management Datastore Architecture 1537 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1538 . 1540 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1541 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1542 . 1544 Appendix A. An Appendix 1546 This section is devoted to examples that demonstrate how Babel can be 1547 configured. 1549 A.1. Statistics Gathering Enabled 1551 In this example, interface eth0 is being configured for routing 1552 protocol Babel, and statistics gathering is enabled. For security, 1553 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1554 the key value provided, and every received Babel packet is verified 1555 with the same key value. 1557 1558 1559 1561 1562 eth0 1563 ianaift:ethernetCsmacd 1564 true 1565 1566 1567 1569 1570 1571 babel:babel 1574 1575 name:babel 1576 1578 true 1579 true 1580 1581 eth0 1582 two-out-of-three 1583 true 1584 1585 1586 hmac-sha256 1587 1588 hmac-sha256-keys 1589 true 1590 true 1591 base64encodedvalue== 1592 hmac-sha256 1593 1594 1595 1596 1597 1598 1599 1601 A.2. Automatic Detection of Properties 1603 1613 1614 1615 1617 1618 eth0 1619 ianaift:ethernetCsmacd 1620 true 1621 1622 1623 wlan0 1624 ianaift:ieee80211 1625 true 1626 1627 1628 1630 1631 1632 babel:babel 1635 1636 name:babel 1637 1639 true 1640 1641 eth0 1642 true 1643 two-out-of-three 1644 true 1645 1646 1647 wlan0 1648 true 1649 etx 1650 false 1651 1652 1653 1654 1655 1656 1658 A.3. Override Default Properties 1660 1678 1679 1680 1682 1683 eth0 1684 ianaift:ethernetCsmacd 1685 true 1686 1687 1688 eth1 1689 ianaift:ethernetCsmacd 1690 true 1691 1692 1693 tun0 1694 ianaift:tunnel 1695 true 1696 1698 1699 1701 1702 1703 babel:babel 1706 1707 name:babel 1708 1710 true 1711 1712 eth0 1713 true 1714 two-out-of-three 1715 true 1716 1717 1718 eth1 1719 true 1720 etx 1721 false 1722 1723 1724 tun0 1725 true 1726 two-out-of-three 1727 true 1728 1729 1730 1731 1732 1733 1735 A.4. Configuring other Properties 1737 1746 1747 1748 1750 1751 eth0 1752 ianaift:ethernetCsmacd 1753 true 1754 1755 1756 ppp0 1757 ianaift:ppp 1758 true 1759 1760 1761 1763 1764 1765 babel:babel 1768 1769 name:babel 1770 1772 true 1773 1774 eth0 1775 true 1776 two-out-of-three 1777 true 1778 1779 1780 ppp0 1781 true 1782 30 1783 120 1784 two-out-of-three 1785 1786 1787 1788 1789 1790 1791 Authors' Addresses 1793 Mahesh Jethanandani 1794 Kloud Services 1795 California 1796 USA 1798 Email: mjethanandani@gmail.com 1800 Barbara Stark 1801 AT&T 1802 Atlanta, GA 1803 USA 1805 Email: barbara.stark@att.com