idnits 2.17.1 draft-ietf-babel-yang-model-09.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 12, 2021) is 1140 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) == Outdated reference: A later version (-14) exists of draft-ietf-babel-information-model-12 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft Kloud Services 4 Intended status: Standards Track B. Stark 5 Expires: September 13, 2021 AT&T 6 March 12, 2021 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-09 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on September 13, 2021. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (https://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 59 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 60 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 61 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 63 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 64 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4 65 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 66 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29 67 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29 68 4. Security Considerations . . . . . . . . . . . . . . . . . . . 30 69 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 70 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 71 6.1. Normative References . . . . . . . . . . . . . . . . . . 31 72 6.2. Informative References . . . . . . . . . . . . . . . . . 32 73 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 33 74 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 33 75 A.2. Automatic Detection of Properties . . . . . . . . . . . . 35 76 A.3. Override Default Properties . . . . . . . . . . . . . . . 36 77 A.4. Configuring other Properties . . . . . . . . . . . . . . 37 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 80 1. Introduction 82 This document defines a data model for The Babel Routing Protocol 83 [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] data 84 modeling language and is Network Management Datastore Architecture 85 (NDMA) [RFC8342] compatible. It is based on the Babel Information 86 Model [I-D.ietf-babel-information-model]. The data model only 87 includes data nodes that are useful for managing Babel over IPv6. 89 1.1. Note to RFC Editor 91 Artwork in this document contains shorthand references to drafts in 92 progress. Please apply the following replacements and remove this 93 note before publication. 95 o "XXXX" --> the assigned RFC value for this draft both in this 96 draft and in the YANG models under the revision statement. 98 o "ZZZZ" --> the assigned RFC value for Babel Information Model 99 [I-D.ietf-babel-information-model] 101 o Revision date in model, in the format 2021-03-12 needs to get 102 updated with the date the draft gets approved. The date also 103 needs to get reflected on the line with . 105 1.2. Tree Diagram Annotations 107 For a reference to the annotations used in tree diagrams included in 108 this draft, please see YANG Tree Diagrams [RFC8340]. 110 2. Babel Module 112 This document defines a YANG 1.1 [RFC7950] data model for the 113 configuration and management of Babel. The YANG module is based on 114 the Babel Information Model [I-D.ietf-babel-information-model]. 116 2.1. Information Model 118 There are a few things that should be noted between the Babel 119 Information Model and this data module. The information model 120 mandates the definition of some of the attributes, e.g. 'babel- 121 implementation-version' or the 'babel-self-router-id'. These 122 attributes are marked a read-only objects in the information module 123 as well as in this data module. However, there is no way in the data 124 module to mandate that a read-only attribute be present. It is up to 125 the implementation of this data module to make sure that the 126 attributes that are marked read-only and are mandatory are indeed 127 present. 129 2.2. Tree Diagram 131 The following diagram illustrates a top level hierarchy of the model. 132 In addition to information like the version number implemented by 133 this device, the model contains subtrees on 'constants', 134 'interfaces', 'routes' and 'security'. 136 module: ietf-babel 137 augment /rt:routing/rt:control-plane-protocols 138 /rt:control-plane-protocol: 139 +--rw babel! 140 +--ro version? string 141 +--rw enable boolean 142 +--ro router-id? binary 143 +--ro seqno? uint16 144 +--rw stats-enable? boolean 145 +--rw constants 146 | ... 147 +--rw interfaces* [reference] 148 | ... 149 +--rw mac-key-set* [name] 150 | ... 151 +--rw dtls* [name] 152 | ... 153 +--ro routes* [prefix] 154 ... 156 The 'interfaces' subtree describes attributes such as 'interface' 157 object that is being referenced, the type of link, e.g. wired, 158 wireless or tunnel, as enumerated by 'metric-algorithm' and 'split- 159 horizon' and whether the interface is enabled or not. 161 The 'constants' subtree describes the UDP port used for sending and 162 receiving Babel messages, and the multicast group used to send and 163 receive announcements on IPv6. 165 The 'routes' subtree describes objects such as the prefix for which 166 the route is advertised, a reference to the neighboring route, and 167 'next-hop' address. 169 Finally, for security two subtree are defined to contain MAC keys and 170 DTLS certificates. The 'mac-key-set' subtree contains keys used with 171 the MAC security mechanism. The boolean flag 'default-apply' 172 indicates whether the set of MAC keys is automatically applied to new 173 interfaces. The dtls subtree contains certificates used with DTLS 174 security mechanism. Similar to the MAC mechanism, the boolean flag 175 'default-apply' indicates whether the set of DTLS certificates is 176 automatically applied to new interfaces. 178 2.3. YANG Module 180 This YANG module augments the YANG Routing Management [RFC8349] 181 module to provide a common framework for all routing subsystems. By 182 augmenting the module it provides a common building block for routes, 183 and Routing Information Bases (RIBs). It also has a reference to an 184 interface defined by A YANG Data Model for Interface Management 185 [RFC8343]. 187 A router running Babel routing protocol can determine the parameters 188 it needs to use for an interface based on the interface name. For 189 example, it can detect that eth0 is a wired interface, and that wlan0 190 is a wireless interface. This is not true for a tunnel interface, 191 where the link parameters need to be configured explicitly. 193 For a wired interface, it will assume 'two-out-of-three' for 'metric- 194 algorithm', and 'split-horizon' set to true. On other hand, for a 195 wireless interface it will assume 'etx' for 'metric-algorithm', and 196 'split-horizon' set to false. However, if the wired link is 197 connected to a wireless radio, the values can be overriden by setting 198 'metric-algorithm' to 'etx', and 'split-horizon' to false. 199 Similarly, an interface that is a metered 3G link, and used for 200 fallback connectivity needs much higher default time constants, e.g. 201 'mcast-hello-interval', and 'update-interval', in order to avoid 202 carrying control traffic as much as possible. 204 In addition to the modules used above, this module imports 205 definitions from Common YANG Data Types [RFC6991], and references 206 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC- 207 SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport 208 Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash 209 and Message Authentication Code (MAC) [RFC7693], Babel Information 210 Model [I-D.ietf-babel-information-model], The Babel Routing Protocol 211 [RFC8966], and MAC Authentication for Babel [RFC8967]. 213 file "ietf-babel@2021-03-12.yang" 215 module ietf-babel { 216 yang-version 1.1; 217 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 218 prefix babel; 220 import ietf-yang-types { 221 prefix yt; 222 reference 223 "RFC 6991: Common YANG Data Types."; 224 } 225 import ietf-inet-types { 226 prefix inet; 227 reference 228 "RFC 6991: Common YANG Data Types."; 229 } 230 import ietf-interfaces { 231 prefix if; 232 reference 233 "RFC 8343: A YANG Data Model for Interface Management"; 234 } 235 import ietf-routing { 236 prefix "rt"; 237 reference 238 "RFC 8349: YANG Routing Management"; 239 } 241 organization 242 "IETF Babel routing protocol Working Group"; 244 contact 245 "WG Web: http://tools.ietf.org/wg/babel/ 246 WG List: babel@ietf.org 248 Editor: Mahesh Jethanandani 249 mjethanandani@gmail.com 250 Editor: Barbara Stark 251 bs7652@att.com"; 253 description 254 "This YANG module defines a model for the Babel routing 255 protocol. 257 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 258 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 259 'MAY', and 'OPTIONAL' in this document are to be interpreted as 260 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 261 they appear in all capitals, as shown here. 263 Copyright (c) 2020 IETF Trust and the persons identified as 264 authors of the code. All rights reserved. 266 Redistribution and use in source and binary forms, with or 267 without modification, is permitted pursuant to, and subject to 268 the license terms contained in, the Simplified BSD License set 269 forth in Section 4.c of the IETF Trust's Legal Provisions 270 Relating to IETF Documents 271 (https://trustee.ietf.org/license-info). 273 This version of this YANG module is part of RFC XXXX 274 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 275 for full legal notices."; 277 revision 2021-03-12 { 278 description 279 "Initial version."; 281 reference 282 "RFC XXXX: Babel YANG Data Model."; 283 } 285 /* 286 * Features 287 */ 288 feature two-out-of-three-supported { 289 description 290 "This implementation supports two-out-of-three metric 291 comp algorithm."; 292 } 294 feature etx-supported { 295 description 296 "This implementation supports Expected Transmission Count 297 (ETX) metric comp algorithm."; 298 } 300 feature mac-supported { 301 description 302 "This implementation supports MAC based security."; 303 reference 304 "RFC 8967: MAC authentication for Babel Routing 305 Protocol."; 306 } 308 feature dtls-supported { 309 description 310 "This implementation supports DTLS based security."; 311 reference 312 "RFC 8968: Babel Routing Protocol over Datagram 313 Transport Layer Security."; 314 } 316 feature hmac-sha256-supported { 317 description 318 "This implementation supports hmac-sha256 MAC algorithm."; 319 reference 320 "RFC 8967: MAC authentication for Babel Routing 321 Protocol."; 322 } 324 feature blake2s-supported { 325 description 326 "This implementation supports blake2s MAC algorithms. 327 Specifically, BLAKE2-128 is supported."; 328 reference 329 "RFC 8967: MAC authentication for Babel Routing 330 Protocol."; 331 } 333 feature x-509-supported { 334 description 335 "This implementation supports x-509 certificate type."; 336 reference 337 "RFC 8968: Babel Routing Protocol over Datagram 338 Transport Layer Security."; 339 } 341 feature raw-public-key-supported { 342 description 343 "This implementation supports raw-public-key certificate type."; 344 reference 345 "RFC 8968: Babel Routing Protocol over Datagram 346 Transport Layer Security."; 347 } 349 /* 350 * Identities 351 */ 352 identity metric-comp-algorithms { 353 description 354 "Base identity from which all Babel metric comp algorithms 355 MUST be derived."; 356 } 358 identity two-out-of-three { 359 if-feature two-out-of-three-supported; 360 base "metric-comp-algorithms"; 361 description 362 "2-out-of-3 algorithm."; 363 reference 364 "RFC 8966: The Babel Routing Protocol, Section A.2.1."; 365 } 367 identity etx { 368 if-feature etx-supported; 369 base "metric-comp-algorithms"; 370 description 371 "Expected Transmission Count."; 372 reference 373 "RFC 8966: The Babel Routing Protocol, Section A.2.2."; 374 } 376 /* 377 * Babel MAC algorithms identities. 378 */ 379 identity mac-algorithms { 380 description 381 "Base identity for all Babel MAC algorithms."; 382 } 384 identity hmac-sha256 { 385 if-feature mac-supported; 386 if-feature hmac-sha256-supported; 387 base mac-algorithms; 388 description 389 "HMAC-SHA256 algorithm supported."; 390 reference 391 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 392 with IPsec."; 393 } 395 identity blake2s { 396 if-feature mac-supported; 397 if-feature blake2s-supported; 398 base mac-algorithms; 399 description 400 "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is 401 supported."; 402 reference 403 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 404 Authentication Code (MAC)."; 405 } 407 /* 408 * Babel Cert Types 409 */ 410 identity dtls-cert-types { 411 description 412 "Base identity for Babel DTLS certificate types."; 413 } 415 identity x-509 { 416 if-feature dtls-supported; 417 if-feature x-509-supported; 418 base dtls-cert-types; 419 description 420 "X.509 certificate type."; 421 } 423 identity raw-public-key { 424 if-feature dtls-supported; 425 if-feature raw-public-key-supported; 426 base dtls-cert-types; 427 description 428 "Raw Public Key type."; 429 } 431 /* 432 * Babel routing protocol identity. 433 */ 434 identity babel { 435 base "rt:routing-protocol"; 436 description 437 "Babel routing protocol"; 438 } 440 /* 441 * Groupings 442 */ 443 grouping routes { 444 list routes { 445 key "prefix"; 446 config false; 448 leaf prefix { 449 type inet:ip-prefix; 450 description 451 "Prefix (expressed in ip-address/prefix-length format) for 452 which this route is advertised."; 453 reference 454 "RFC ZZZZ: Babel Information Model, Section 3.6."; 455 } 457 leaf router-id { 458 type binary; 459 description 460 "router-id of the source router for which this route is 461 advertised."; 462 reference 463 "RFC ZZZZ: Babel Information Model, Section 3.6."; 464 } 466 leaf neighbor { 467 type leafref { 468 path "/rt:routing/rt:control-plane-protocols/" + 469 "rt:control-plane-protocol/babel/interfaces/" + 470 "neighbor-objects/neighbor-address"; 471 } 472 description 473 "Reference to the neighbor-objects entry for the neighbor 474 that advertised this route."; 475 reference 476 "RFC ZZZZ: Babel Information Model, Section 3.6."; 477 } 479 leaf received-metric { 480 type uint16; 481 description 482 "The metric with which this route was advertised by the 483 neighbor, or maximum value (infinity) to indicate the 484 route was recently retracted and is temporarily 485 unreachable. This metric will be 0 (zero) if the route 486 was not received from a neighbor but was generated 487 through other means. At least one of 488 calculated-metric or received-metric MUST be non-NULL."; 489 reference 490 "RFC ZZZZ: Babel Information Model, Section 3.6, 491 RFC 8966: The Babel Routing Protocol, Section 2.1."; 492 } 494 leaf calculated-metric { 495 type uint16; 496 description 497 "A calculated metric for this route. How the metric is 498 calculated is implementation-specific. Maximum value 499 (infinity) indicates the route was recently retracted 500 and is temporarily unreachable. At least one of 501 calculated-metric or received-metric MUST be non-NULL."; 502 reference 503 "RFC ZZZZ: Babel Information Model, Section 3.6, 504 RFC 8966: The Babel Routing Protocol, Section 2.1."; 505 } 507 leaf seqno { 508 type uint16; 509 description 510 "The sequence number with which this route was advertised."; 511 reference 512 "RFC ZZZZ: Babel Information Model, Section 3.6."; 513 } 515 leaf next-hop { 516 type inet:ip-address; 517 description 518 "The next-hop address of this route. This will be empty if 519 this route has no next-hop address."; 520 reference 521 "RFC ZZZZ: Babel Information Model, Section 3.6."; 522 } 524 leaf feasible { 525 type boolean; 526 description 527 "A boolean flag indicating whether this route is feasible."; 528 reference 529 "RFC ZZZZ: Babel Information Model, Section 3.6, 530 RFC 8966, The Babel Routing Protocol, Section 3.5.1."; 531 } 533 leaf selected { 534 type boolean; 535 description 536 "A boolean flag indicating whether this route is selected, 537 i.e., whether it is currently being used for forwarding and 538 is being advertised."; 539 reference 540 "RFC ZZZZ: Babel Information Model, Section 3.6."; 541 } 542 description 543 "A set of babel-route-obj objects. Includes received and 544 routes routes."; 545 reference 546 "RFC ZZZZ: Babel Information Model, Section 3.1."; 547 } 548 description 549 "Common grouping for routing used in RIB."; 550 } 552 /* 553 * Data model 554 */ 556 augment "/rt:routing/rt:control-plane-protocols/" + 557 "rt:control-plane-protocol" { 558 when "derived-from-or-self(rt:type, 'babel')" { 559 description 560 "Augmentation is valid only when the instance of routing type 561 is of type 'babel'."; 562 } 563 description 564 "Augment the routing module to support a common structure 565 between routing protocols."; 566 reference 567 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 568 2018."; 570 container babel { 571 presence "A Babel container."; 572 description 573 "Babel Information Objects."; 574 reference 575 "RFC ZZZZ: Babel Information Model, Section 3."; 577 leaf version { 578 type string; 579 config false; 580 description 581 "The name and version of this implementation of the Babel 582 protocol."; 583 reference 584 "RFC ZZZZ: Babel Information Model, Section 3.1."; 585 } 587 leaf enable { 588 type boolean; 589 mandatory true; 590 description 591 "When written, it configures whether the protocol should be 592 enabled. A read from the or datastore 593 therefore indicates the configured administrative value of 594 whether the protocol is enabled or not. 596 A read from the datastore indicates whether 597 the protocol is actually running or not, i.e. it indicates 598 the operational state of the protocol."; 599 reference 600 "RFC ZZZZ: Babel Information Model, Section 3.1."; 601 } 603 leaf router-id { 604 type binary; 605 must '../enable = "true"'; 606 config false; 607 description 608 "Every Babel speaker is assigned a router-id, which is an 609 arbitrary string of 8 octets that is assumed to be unique 610 across the routing domain. 612 The router-id is valid only if the protocol is enabled, 613 at which time a non-zero value is assigned."; 614 reference 615 "RFC ZZZZ: Babel Information Model, Section 3.1, 616 RFC 8966: The Babel Routing Protocol, 617 Section 3."; 619 } 621 leaf seqno { 622 type uint16; 623 config false; 624 description 625 "Sequence number included in route updates for routes 626 originated by this node."; 627 reference 628 "RFC ZZZZ: Babel Information Model, Section 3.1."; 629 } 631 leaf stats-enable { 632 type boolean; 633 description 634 "Indicates whether statistics collection is enabled (true) 635 or disabled (false) on all interfaces. When enabled, 636 existing statistics values are not cleared and will be 637 incremented as new packets are counted."; 638 } 640 container constants { 641 description 642 "Babel Constants object."; 643 reference 644 "RFC ZZZZ: Babel Information Model, Section 3.1."; 646 leaf udp-port { 647 type inet:port-number; 648 default "6696"; 649 description 650 "UDP port for sending and receiving Babel messages. The 651 default port is 6696."; 652 reference 653 "RFC ZZZZ: Babel Information Model, Section 3.2."; 654 } 656 leaf mcast-group { 657 type inet:ip-address; 658 default "ff02::1:6"; 659 description 660 "Multicast group for sending and receiving multicast 661 announcements on IPv6."; 662 reference 663 "RFC ZZZZ: Babel Information Model, Section 3.2."; 664 } 665 } 666 list interfaces { 667 key "reference"; 669 description 670 "A set of Babel Interface objects."; 671 reference 672 "RFC ZZZZ: Babel Information Model, Section 3.3."; 674 leaf reference { 675 type if:interface-ref; 676 description 677 "References the name of the interface over which Babel 678 packets are sent and received."; 679 reference 680 "RFC ZZZZ: Babel Information Model, Section 3.3."; 681 } 683 leaf enable { 684 type boolean; 685 default "true"; 686 description 687 "If true, babel sends and receives messages on this 688 interface. If false, babel messages received on this 689 interface are ignored and none are sent."; 690 reference 691 "RFC ZZZZ: Babel Information Model, Section 3.3."; 692 } 694 leaf metric-algorithm { 695 type identityref { 696 base metric-comp-algorithms; 697 } 698 mandatory true; 699 description 700 "Indicates the metric computation algorithm used on this 701 interface. The value MUST be one of those identities 702 based on 'metric-comp-algorithms'."; 703 reference 704 "RFC ZZZZ: Babel Information Model, Section 3.3."; 705 } 707 leaf split-horizon { 708 type boolean; 709 description 710 "Indicates whether or not the split horizon optimization 711 is used when calculating metrics on this interface. 712 A value of true indicates split horizon optimization 713 is used."; 715 reference 716 "RFC ZZZZ: Babel Information Model, Section 3.3."; 717 } 719 leaf mcast-hello-seqno { 720 type uint16; 721 config false; 722 description 723 "The current sequence number in use for multicast hellos 724 sent on this interface."; 725 reference 726 "RFC ZZZZ: Babel Information Model, Section 3.3."; 727 } 729 leaf mcast-hello-interval { 730 type uint16; 731 units centiseconds; 732 description 733 "The current multicast hello interval in use for hellos 734 sent on this interface."; 735 reference 736 "RFC ZZZZ: Babel Information Model, Section 3.3."; 737 } 739 leaf update-interval { 740 type uint16; 741 units centiseconds; 742 description 743 "The current update interval in use for this interface. 744 Units are centiseconds."; 745 reference 746 "RFC ZZZZ: Babel Information Model, Section 3.3."; 747 } 749 leaf mac-enable { 750 type boolean; 751 description 752 "Indicates whether the MAC security mechanism is enabled 753 (true) or disabled (false)."; 754 reference 755 "RFC ZZZZ: Babel Information Model, Section 3.3."; 756 } 758 leaf-list mac-key-sets { 759 type leafref { 760 path "../../mac-key-set/name"; 761 } 762 description 763 "List of references to the mac entries that apply 764 to this interface. When an interface instance is 765 created, all mac instances with default-apply 'true' 766 will be included in this list."; 767 reference 768 "RFC ZZZZ: Babel Information Model, Section 3.3."; 769 } 771 leaf mac-verify { 772 type boolean; 773 description 774 "A Boolean flag indicating whether MACs in 775 incoming Babel packets are required to be present and 776 are verified. If this parameter is 'true', incoming 777 packets are required to have a valid MAC."; 778 reference 779 "RFC ZZZZ: Babel Information Model, Section 3.3."; 780 } 782 leaf dtls-enable { 783 type boolean; 784 description 785 "Indicates whether the DTLS security mechanism is enabled 786 (true) or disabled (false)."; 787 reference 788 "RFC ZZZZ: Babel Information Model, Section 3.3."; 789 } 791 leaf-list dtls-certs { 792 type leafref { 793 path "../../dtls/name"; 794 } 795 description 796 "List of references to the dtls entries that apply to 797 this interface. When an interface instance 798 is created, all dtls instances with default-apply 799 'true' will be included in this list."; 800 reference 801 "RFC ZZZZ: Babel Information Model, Section 3.3."; 802 } 804 leaf dtls-cached-info { 805 type boolean; 806 description 807 "Indicates whether the cached_info extension is included 808 in ClientHello and ServerHello packets. The extension 809 is included if the value is 'true'."; 810 reference 811 "RFC ZZZZ: Babel Information Model, Section 3.3. 812 RFC 8968: Babel Routing Protocol over 813 Datagram Transport Layer Security, Appendix A."; 814 } 816 leaf-list dtls-cert-prefer { 817 type leafref { 818 path "../../dtls/certs/type"; 819 } 820 ordered-by user; 821 description 822 "List of supported certificate types, in order of 823 preference. The values MUST be among those listed in 824 dtls-cert-types. This list is used to populate the 825 server_certificate_type extension in a Client Hello. 826 Values that are present in at least one instance in the 827 certs object under dtls of a referenced dtls instance 828 and that have a non-empty private-key will be used to 829 populate the client_certificate_type extension in a 830 Client Hello."; 831 reference 832 "RFC ZZZZ: Babel Information Model, Section 3.3 833 RFC 8968: Babel Routing Protocol over 834 Datagram Transport Layer Security, Appendix A."; 835 } 837 leaf packet-log-enable { 838 type boolean; 839 description 840 "If true, logging of babel packets received on this 841 interface is enabled; if false, babel packets are not 842 logged."; 843 reference 844 "RFC ZZZZ: Babel Information Model, Section 3.3."; 845 } 847 leaf packet-log { 848 type inet:uri; 849 config false; 850 description 851 "A reference or url link to a file that contains a 852 timestamped log of packets received and sent on 853 udp-port on this interface. The [libpcap] file 854 format with .pcap file extension SHOULD be supported for 855 packet log files. Logging is enabled / disabled by 856 packet-log-enable."; 857 reference 858 "RFC ZZZZ: Babel Information Model, Section 3.3."; 860 } 862 container stats { 863 config false; 865 description 866 "Statistics collection object for this interface."; 867 reference 868 "RFC ZZZZ: Babel Information Model, Section 3.3."; 870 leaf sent-mcast-hello { 871 type yt:counter32; 872 description 873 "A count of the number of multicast Hello packets sent 874 on this interface."; 875 reference 876 "RFC ZZZZ: Babel Information Model, Section 3.4."; 877 } 879 leaf sent-mcast-update { 880 type yt:counter32; 881 description 882 "A count of the number of multicast update packets sent 883 on this interface."; 884 reference 885 "RFC ZZZZ: Babel Information Model, Section 3.4."; 886 } 888 leaf sent-ucast-hello { 889 type yt:counter32; 890 description 891 "A count of the number of unicast Hello packets sent 892 on this interface."; 893 reference 894 "RFC ZZZZ: Babel Information Model, Section 3.6."; 895 } 897 leaf sent-ucast-update { 898 type yt:counter32; 899 description 900 "A count of the number of unicast update packets sent 901 on this interface."; 902 reference 903 "RFC ZZZZ: Babel Information Model, Section 3.6."; 904 } 906 leaf sent-ihu { 907 type yt:counter32; 908 description 909 "A count of the number of IHU packets sent on this 910 interface."; 911 reference 912 "RFC ZZZZ: Babel Information Model, Section 3.6."; 913 } 915 leaf received-packets { 916 type yt:counter32; 917 description 918 "A count of the number of Babel packets received on 919 this interface."; 920 reference 921 "RFC ZZZZ: Babel Information Model, Section 3.4."; 922 } 923 action reset { 924 description 925 "The information model [RFC ZZZZ] defines reset 926 action as a system-wide reset of Babel statistics. 927 In YANG the reset action is associated with the 928 container where the action is defined. In this case 929 the action is associated with the stats container 930 inside an interface. The action will therefore 931 reset statistics at an interface level. 933 Implementations that want to support a system-wide 934 reset of Babel statistics need to call this action 935 for every instance of the interface."; 937 input { 938 leaf reset-at { 939 type yt:date-and-time; 940 description 941 "The time when the reset was issued."; 942 } 943 } 944 output { 945 leaf reset-finished-at { 946 type yt:date-and-time; 947 description 948 "The time when the reset finished."; 949 } 950 } 951 } 952 } 954 list neighbor-objects { 955 key "neighbor-address"; 956 config false; 958 description 959 "A set of Babel Neighbor Object."; 960 reference 961 "RFC ZZZZ: Babel Information Model, Section 3.5."; 963 leaf neighbor-address { 964 type inet:ip-address; 965 description 966 "IPv4 or v6 address the neighbor sends packets from."; 967 reference 968 "RFC ZZZZ: Babel Information Model, Section 3.5."; 969 } 971 leaf hello-mcast-history { 972 type string; 973 description 974 "The multicast Hello history of whether or not the 975 multicast Hello packets prior to exp-mcast- 976 hello-seqno were received, with a '1' for the most 977 recent Hello placed in the most significant bit and 978 prior Hellos shifted right (with '0' bits placed 979 between prior Hellos and most recent Hello for any 980 not-received Hellos); represented as a string using 981 utf-8 encoded hex digits where a '1' bit = Hello 982 received and a '0' bit = Hello not received."; 983 reference 984 "RFC ZZZZ: Babel Information Model, Section 3.5."; 985 } 987 leaf hello-ucast-history { 988 type string; 989 description 990 "The unicast Hello history of whether or not the 991 unicast Hello packets prior to exp-ucast-hello-seqno 992 were received, with a '1' for the most 993 recent Hello placed in the most significant bit and 994 prior Hellos shifted right (with '0' bits placed 995 between prior Hellos and most recent Hello for any 996 not-received Hellos); represented as a string using 997 utf-8 encoded hex digits where a '1' bit = Hello 998 received and a '0' bit = Hello not received."; 999 reference 1000 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1001 } 1003 leaf txcost { 1004 type int32; 1005 default "0"; 1006 description 1007 "Transmission cost value from the last IHU packet 1008 received from this neighbor, or maximum value 1009 (infinity) to indicate the IHU hold timer for this 1010 neighbor has expired description."; 1011 reference 1012 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1013 } 1015 leaf exp-mcast-hello-seqno { 1016 type uint16; 1017 default "0"; 1018 description 1019 "Expected multicast Hello sequence number of next Hello 1020 to be received from this neighbor; if multicast Hello 1021 packets are not expected, or processing of multicast 1022 packets is not enabled, this MUST be NULL."; 1023 reference 1024 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1025 } 1027 leaf exp-ucast-hello-seqno { 1028 type uint16; 1029 default "0"; 1030 description 1031 "Expected unicast Hello sequence number of next Hello to 1032 be received from this neighbor; if unicast Hello 1033 packets are not expected, or processing of unicast 1034 packets is not enabled, this MUST be NULL."; 1035 reference 1036 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1037 } 1039 leaf ucast-hello-seqno { 1040 type uint16; 1041 default "0"; 1042 description 1043 "The current sequence number in use for unicast Hellos 1044 sent to this neighbor. If unicast Hellos are not being 1045 sent, this MUST be NULL."; 1046 reference 1047 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1048 } 1050 leaf ucast-hello-interval { 1051 type uint16; 1052 units centiseconds; 1053 description 1054 "The current interval in use for unicast hellos sent to 1055 this neighbor. Units are centiseconds."; 1056 reference 1057 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1058 } 1060 leaf rxcost { 1061 type uint16; 1062 description 1063 "Reception cost calculated for this neighbor. This value 1064 is usually derived from the Hello history, which may be 1065 combined with other data, such as statistics maintained 1066 by the link layer. The rxcost is sent to a neighbor in 1067 each IHU."; 1068 reference 1069 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1070 } 1072 leaf cost { 1073 type int32; 1074 description 1075 "Link cost is computed from the values maintained in 1076 the neighbor table. The statistics kept in the neighbor 1077 table about the reception of Hellos, and the txcost 1078 computed from received IHU packets."; 1079 reference 1080 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1081 } 1082 } 1083 } 1085 list mac-key-set { 1086 key "name"; 1088 description 1089 "A mac key set object. If this object is implemented, it 1090 provides access to parameters related to the MAC security 1091 mechanism."; 1092 reference 1093 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1095 leaf name { 1096 type string; 1097 description 1098 "A string that uniquely identifies the mac object."; 1099 } 1100 leaf default-apply { 1101 type boolean; 1102 description 1103 "A Boolean flag indicating whether this object 1104 instance is applied to all new interfaces, by default. 1105 If 'true', this instance is applied to new babel- 1106 interfaces instances at the time they are created, 1107 by including it in the mac-key-sets list under 1108 interfaces. If 'false', this instance is not applied 1109 to new interfaces instances when they are created."; 1110 reference 1111 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1112 } 1114 list keys { 1115 key "name"; 1116 min-elements "1"; 1118 description 1119 "A set of keys objects."; 1120 reference 1121 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1123 leaf name { 1124 type string; 1125 description 1126 "A unique name for this MAC key that can be used to 1127 identify the key in this object instance, since the key 1128 value is not allowed to be read. This value can only be 1129 provided when this instance is created, and is not 1130 subsequently writable."; 1131 reference 1132 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1133 } 1135 leaf use-send { 1136 type boolean; 1137 mandatory true; 1138 description 1139 "Indicates whether this key value is used to compute a 1140 MAC and include that MAC in the sent Babel packet. A MAC 1141 for sent packets is computed using this key if the value 1142 is 'true'. If the value is 'false', this key is not used 1143 to compute a MAC to include in sent Babel packets."; 1144 reference 1145 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1146 } 1147 leaf use-verify { 1148 type boolean; 1149 mandatory true; 1150 description 1151 "Indicates whether this key value is used to verify 1152 incoming Babel packets. This key is used to verify 1153 incoming packets if the value is 'true'. If the value 1154 is 'false', no MAC is computed from this key for 1155 comparing an incoming packet."; 1156 reference 1157 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1158 } 1160 leaf value { 1161 type binary; 1162 mandatory true; 1163 description 1164 "The value of the MAC key. An implementation MUST NOT 1165 allow this parameter to be read. This can be done by 1166 always providing an empty string, or through 1167 permissions, or other means. This value MUST be 1168 provided when this instance is created, and is not 1169 subsequently writable. 1171 This value is of a length suitable for the associated 1172 babel-mac-key-algorithm. If the algorithm is based on 1173 the HMAC construction [RFC2104], the length MUST be 1174 between 0 and an upper limit that is at least the size 1175 of the output length (where 'HMAC-SHA256' output length 1176 is 32 octets as described in [RFC4868]). Longer lengths 1177 MAY be supported but are not necessary if the management 1178 system has the ability to generate a suitably random 1179 value (e.g., by randomly generating a value or by 1180 using a key derivation technique as recommended in 1181 [RFC8967] Security Considerations). If the algorithm 1182 is 'BLAKE2s-128', the length MUST be between 0 and 32 1183 bytes inclusive as specified by [RFC7693]."; 1184 reference 1185 "RFC ZZZZ: Babel Information Model, Section 3.8, 1186 RFC 2104: HMAC: Keyed-Hashing for Message 1187 Authentication 1188 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1189 HMAC-SHA-512 with IPsec, 1190 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1191 Authentication Code (MAC). 1192 RFC 8967: MAC Authentication for Babel."; 1193 } 1194 leaf algorithm { 1195 type identityref { 1196 base mac-algorithms; 1197 } 1198 mandatory "true"; 1199 description 1200 "The name of the MAC algorithm used with this key. The 1201 value MUST be the same as one of the enumerations 1202 listed in the mac-algorithms parameter."; 1203 reference 1204 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1205 } 1207 action test { 1208 description 1209 "An operation that allows the MAC key and MAC 1210 algorithm to be tested to see if they produce an 1211 expected outcome. Input to this operation are a 1212 binary string and a calculated MAC (also in the 1213 format of a binary string) for the binary string. 1214 The implementation is expected to create a MAC over 1215 the binary string using the value and algorithm. 1216 The output of this operation is a binary indication that 1217 the calculated MAC matched the input MAC (true) or the 1218 MACs did not match (false)."; 1219 reference 1220 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1222 input { 1223 leaf test-string { 1224 type binary; 1225 mandatory true; 1226 description 1227 "Input to this operation is a binary string. 1228 The implementation is expected to create 1229 a MAC over this string using the value and 1230 the algorithm defined as part of the mac-key-set."; 1231 reference 1232 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1233 } 1235 leaf mac { 1236 type binary; 1237 mandatory true; 1238 description 1239 "Input to this operation includes a MAC. 1240 The implementation is expected to calculate a MAC 1241 over the string using the value and algorithm of 1242 this key object and compare its calculated MAC to 1243 this input MAC."; 1244 reference 1245 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1246 } 1247 } 1248 output { 1249 leaf indication { 1250 type boolean; 1251 mandatory true; 1252 description 1253 "The output of this operation is a binary indication 1254 that the calculated MAC matched the input MAC (true) 1255 or the MACs did not match (false)."; 1256 reference 1257 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1258 } 1259 } 1260 } 1261 } 1262 } 1264 list dtls { 1265 key "name"; 1267 description 1268 "A dtls object. If this object is implemented, 1269 it provides access to parameters related to the DTLS 1270 security mechanism."; 1271 reference 1272 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1274 leaf name { 1275 type string; 1276 description 1277 "A string that uniquely identifies a dtls object."; 1278 } 1280 leaf default-apply { 1281 type boolean; 1282 mandatory true; 1283 description 1284 "A Boolean flag indicating whether this object 1285 instance is applied to all new interfaces, by default. If 1286 'true', this instance is applied to new interfaces 1287 instances at the time they are created, by including it 1288 in the dtls-certs list under interfaces. If 'false', 1289 this instance is not applied to new interfaces 1290 instances when they are created."; 1291 reference 1292 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1293 } 1295 list certs { 1296 key "name"; 1297 min-elements "1"; 1299 description 1300 "A set of cert objects. This contains 1301 both certificates for this implementation to present 1302 for authentication, and to accept from others. 1303 Certificates with a non-empty private-key 1304 can be presented by this implementation for 1305 authentication."; 1306 reference 1307 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1309 leaf name { 1310 type string; 1311 description 1312 "A unique name for this certificate that can be 1313 used to identify the certificate in this object 1314 instance, since the value is too long to be useful 1315 for identification. This value MUST NOT be empty 1316 and can only be provided when this instance is created 1317 (i.e., it is not subsequently writable)."; 1318 reference 1319 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1320 } 1322 leaf value { 1323 type string; 1324 mandatory true; 1325 description 1326 "The certificate in PEM format [RFC7468]. This 1327 value can only be provided when this instance is 1328 created, and is not subsequently writable."; 1329 reference 1330 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1331 } 1333 leaf type { 1334 type identityref { 1335 base dtls-cert-types; 1336 } 1337 mandatory true; 1338 description 1339 "The name of the certificate type of this object 1340 instance. The value MUST be the same as one of the 1341 enumerations listed in the dtls-cert-types 1342 parameter. This value can only be provided when this 1343 instance is created, and is not subsequently writable."; 1344 reference 1345 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1346 } 1348 leaf private-key { 1349 type binary; 1350 mandatory true; 1351 description 1352 "The value of the private key. If this is non-empty, 1353 this certificate can be used by this implementation to 1354 provide a certificate during DTLS handshaking. An 1355 implementation MUST NOT allow this parameter to be 1356 read. This can be done by always providing an empty 1357 string, or through permissions, or other means. This 1358 value can only be provided when this instance is 1359 created, and is not subsequently writable."; 1360 reference 1361 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1362 } 1363 } 1364 } 1366 uses routes; 1367 } 1368 } 1369 } 1371 1373 3. IANA Considerations 1375 This document registers one URIs and one YANG module. 1377 3.1. URI Registrations 1379 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1381 3.2. YANG Module Name Registration 1383 This document registers one YANG module in the YANG Module Names 1384 registry YANG [RFC6020]. 1386 Name:ietf-babel 1387 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1388 prefix: babel 1389 reference: RFC XXXX 1391 4. Security Considerations 1393 The YANG module specified in this document defines a schema for data 1394 that is designed to be accessed via network management protocol such 1395 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1396 is the secure transport layer and the mandatory-to-implement secure 1397 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1398 the mandatory-to-implement secure transport is TLS [RFC8446]. 1400 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1401 to restrict access for particular NETCONF users to a pre-configured 1402 subset of all available NETCONF protocol operations and content. 1404 There are a number of data nodes defined in the YANG module which are 1405 writable/created/deleted (i.e., config true, which is the default). 1406 These data nodes may be considered sensitive or vulnerable in some 1407 network environments. Write operations (e.g., ) to 1408 these data nodes without proper protection can have a negative effect 1409 on network operations. These are the subtrees and data nodes and 1410 their sensitivity/vulnerability from a config true perspective: 1412 'babel': This container includes an 'enable' parameter that can be 1413 used to enable or disable use of Babel on a router 1415 'babel/constants': This container includes configuration parameters 1416 that can prevent reachability if misconfigured. 1418 'babel/interfaces': This leaf-list has configuration parameters that 1419 can enable/disable security mechanisms and change performance 1420 characteristics of the Babel protocol. 1422 'babel/hmac' and 'babel/dtls': These contain security credentials 1423 that influence whether packets are trusted. 1425 Some of the readable data or config false nodes in this YANG module 1426 may be considered sensitive or vulnerable in some network 1427 environments. It is thus important to control read access (e.g., via 1428 get, get-config, or notification) to these data nodes. These are the 1429 subtrees and data nodes and their sensitivity/vulnerability from a 1430 config false perpective: 1432 'babel': Access to the information in the various nodes can disclose 1433 the network topology. Additionally, the routes used by a network 1434 device may be used to mount a subsequent attack on traffic traversing 1435 the network device. 1437 'babel/hmac' and 'babel/dtls': These contain security credentials, 1438 include private credentials of the router. 1440 Some of the RPC operations in this YANG module may be considered 1441 sensitive or vulnerable in some network environments. It is thus 1442 important to control access to these operations. These are the 1443 operations and their sensitivity/vulnerability from a RPC operation 1444 perspective: 1446 This model does not define any RPC operations. 1448 5. Acknowledgements 1450 Juliusz Chroboczek provided most of the example configurations for 1451 babel that are shown in the Appendix. 1453 6. References 1455 6.1. Normative References 1457 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1458 Requirement Levels", BCP 14, RFC 2119, 1459 DOI 10.17487/RFC2119, March 1997, 1460 . 1462 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1463 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1464 DOI 10.17487/RFC4868, May 2007, 1465 . 1467 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1468 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1469 January 2012, . 1471 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1472 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1473 . 1475 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1476 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1477 . 1479 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1480 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1481 May 2017, . 1483 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1484 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1485 . 1487 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1488 Routing Management (NMDA Version)", RFC 8349, 1489 DOI 10.17487/RFC8349, March 2018, 1490 . 1492 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 1493 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 1494 . 1496 [RFC8967] Do, C., Kolodziejak, W., and J. Chroboczek, "MAC 1497 Authentication for the Babel Routing Protocol", RFC 8967, 1498 DOI 10.17487/RFC8967, January 2021, 1499 . 1501 6.2. Informative References 1503 [I-D.ietf-babel-information-model] 1504 Stark, B. and M. Jethanandani, "Babel Information Model", 1505 draft-ietf-babel-information-model-12 (work in progress), 1506 January 2021. 1508 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1509 Hashing for Message Authentication", RFC 2104, 1510 DOI 10.17487/RFC2104, February 1997, 1511 . 1513 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1514 the Network Configuration Protocol (NETCONF)", RFC 6020, 1515 DOI 10.17487/RFC6020, October 2010, 1516 . 1518 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1519 and A. Bierman, Ed., "Network Configuration Protocol 1520 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1521 . 1523 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1524 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1525 . 1527 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1528 Cryptographic Hash and Message Authentication Code (MAC)", 1529 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1530 . 1532 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1533 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1534 . 1536 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1537 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1538 . 1540 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1541 Access Control Model", STD 91, RFC 8341, 1542 DOI 10.17487/RFC8341, March 2018, 1543 . 1545 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1546 and R. Wilton, "Network Management Datastore Architecture 1547 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1548 . 1550 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1551 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1552 . 1554 Appendix A. An Appendix 1556 This section is devoted to examples that demonstrate how Babel can be 1557 configured. 1559 A.1. Statistics Gathering Enabled 1561 In this example, interface eth0 is being configured for routing 1562 protocol Babel, and statistics gathering is enabled. For security, 1563 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1564 the key value provided, and every received Babel packet is verified 1565 with the same key value. 1567 1568 1569 1571 1572 eth0 1573 ianaift:ethernetCsmacd 1574 true 1575 1576 1577 1579 1580 1581 babel:babel 1584 1585 name:babel 1586 1588 true 1589 true 1590 1591 eth0 1592 two-out-of-three 1593 true 1594 1595 1596 hmac-sha256 1597 1598 hmac-sha256-keys 1599 true 1600 true 1601 base64encodedvalue== 1602 hmac-sha256 1603 1604 1605 1606 1607 1608 1609 1611 A.2. Automatic Detection of Properties 1613 1623 1624 1625 1627 1628 eth0 1629 ianaift:ethernetCsmacd 1630 true 1631 1632 1633 wlan0 1634 ianaift:ieee80211 1635 true 1636 1637 1638 1640 1641 1642 babel:babel 1645 1646 name:babel 1647 1649 true 1650 1651 eth0 1652 true 1653 two-out-of-three 1654 true 1655 1656 1657 wlan0 1658 true 1659 etx 1660 false 1661 1662 1663 1664 1665 1666 1668 A.3. Override Default Properties 1670 1688 1689 1690 1692 1693 eth0 1694 ianaift:ethernetCsmacd 1695 true 1696 1697 1698 eth1 1699 ianaift:ethernetCsmacd 1700 true 1701 1702 1703 tun0 1704 ianaift:tunnel 1705 true 1706 1708 1709 1711 1712 1713 babel:babel 1716 1717 name:babel 1718 1720 true 1721 1722 eth0 1723 true 1724 two-out-of-three 1725 true 1726 1727 1728 eth1 1729 true 1730 etx 1731 false 1732 1733 1734 tun0 1735 true 1736 two-out-of-three 1737 true 1738 1739 1740 1741 1742 1743 1745 A.4. Configuring other Properties 1747 1756 1757 1758 1760 1761 eth0 1762 ianaift:ethernetCsmacd 1763 true 1764 1765 1766 ppp0 1767 ianaift:ppp 1768 true 1769 1770 1771 1773 1774 1775 babel:babel 1778 1779 name:babel 1780 1782 true 1783 1784 eth0 1785 true 1786 two-out-of-three 1787 true 1788 1789 1790 ppp0 1791 true 1792 30 1793 120 1794 two-out-of-three 1795 1796 1797 1798 1799 1800 1801 Authors' Addresses 1803 Mahesh Jethanandani 1804 Kloud Services 1805 California 1806 USA 1808 Email: mjethanandani@gmail.com 1810 Barbara Stark 1811 AT&T 1812 Atlanta, GA 1813 USA 1815 Email: barbara.stark@att.com