idnits 2.17.1 draft-ietf-babel-yang-model-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There is 1 instance of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (12 May 2021) is 1080 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 6347 (Obsoleted by RFC 9147) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft Kloud Services 4 Intended status: Standards Track B. Stark 5 Expires: 13 November 2021 AT&T 6 12 May 2021 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-10 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on 13 November 2021. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 48 license-info) in effect on the date of publication of this document. 49 Please review these documents carefully, as they describe your rights 50 and restrictions with respect to this document. Code Components 51 extracted from this document must include Simplified BSD License text 52 as described in Section 4.e of the Trust Legal Provisions and are 53 provided without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 59 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 60 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 62 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 63 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 64 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 65 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 30 66 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 30 67 4. Security Considerations . . . . . . . . . . . . . . . . . . . 30 68 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 69 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 70 6.1. Normative References . . . . . . . . . . . . . . . . . . 31 71 6.2. Informative References . . . . . . . . . . . . . . . . . 32 72 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 33 73 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 34 74 A.2. Automatic Detection of Properties . . . . . . . . . . . . 35 75 A.3. Override Default Properties . . . . . . . . . . . . . . . 37 76 A.4. Configuring other Properties . . . . . . . . . . . . . . 38 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39 79 1. Introduction 81 This document defines a data model for The Babel Routing Protocol 82 [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] data 83 modeling language and is Network Management Datastore Architecture 84 (NDMA) [RFC8342] compatible. It is based on the Babel Information 85 Model [I-D.ietf-babel-information-model]. The data model only 86 includes data nodes that are useful for managing Babel over IPv6. 88 1.1. Note to RFC Editor 90 Artwork in this document contains shorthand references to drafts in 91 progress. Please apply the following replacements and remove this 92 note before publication. 94 * "XXXX" --> the assigned RFC value for this draft both in this 95 draft and in the YANG models under the revision statement. 97 * "ZZZZ" --> the assigned RFC value for Babel Information Model 98 [I-D.ietf-babel-information-model] 100 * Revision date in model, in the format 2021-05-12 needs to get 101 updated with the date the draft gets approved. The date also 102 needs to get reflected on the line with . 104 1.2. Tree Diagram Annotations 106 For a reference to the annotations used in tree diagrams included in 107 this draft, please see YANG Tree Diagrams [RFC8340]. 109 2. Babel Module 111 This document defines a YANG 1.1 [RFC7950] data model for the 112 configuration and management of Babel. The YANG module is based on 113 the Babel Information Model [I-D.ietf-babel-information-model]. 115 2.1. Information Model 117 There are a few things that should be noted between the Babel 118 Information Model and this data module. The information model 119 mandates the definition of some of the attributes, e.g. 'babel- 120 implementation-version' or the 'babel-self-router-id'. These 121 attributes are marked as read-only objects in the information module 122 as well as in this data module. However, there is no way in the data 123 module to mandate that a read-only attribute be present. It is up to 124 the implementation of this data module to make sure that the 125 attributes that are marked read-only and are mandatory are indeed 126 present. 128 2.2. Tree Diagram 130 The following diagram illustrates a top level hierarchy of the model. 131 In addition to information like the version number implemented by 132 this device, the model contains subtrees on 'constants', 133 'interfaces', 'routes' and 'security'. 135 module: ietf-babel 136 augment /rt:routing/rt:control-plane-protocols 137 /rt:control-plane-protocol: 138 +--rw babel! 139 +--ro version? string 140 +--rw enable boolean 141 +--ro router-id? binary 142 +--ro seqno? uint16 143 +--rw stats-enable? boolean 144 +--rw constants 145 | ... 146 +--rw interfaces* [reference] 147 | ... 148 +--rw mac-key-set* [name] 149 | ... 150 +--rw dtls* [name] 151 | ... 152 +--ro routes* [prefix] 153 ... 155 The 'interfaces' subtree describes attributes such as 'interface' 156 object that is being referenced, the type of link, e.g. wired, 157 wireless or tunnel, as enumerated by 'metric-algorithm' and 'split- 158 horizon' and whether the interface is enabled or not. 160 The 'constants' subtree describes the UDP port used for sending and 161 receiving Babel messages, and the multicast group used to send and 162 receive announcements on IPv6. 164 The 'routes' subtree describes objects such as the prefix for which 165 the route is advertised, a reference to the neighboring route, and 166 'next-hop' address. 168 Finally, for security two subtree are defined to contain MAC keys and 169 DTLS certificates. The 'mac-key-set' subtree contains keys used with 170 the MAC security mechanism. The boolean flag 'default-apply' 171 indicates whether the set of MAC keys is automatically applied to new 172 interfaces. The dtls subtree contains certificates used with DTLS 173 security mechanism. Similar to the MAC mechanism, the boolean flag 174 'default-apply' indicates whether the set of DTLS certificates is 175 automatically applied to new interfaces. 177 2.3. YANG Module 179 This YANG module augments the YANG Routing Management [RFC8349] 180 module to provide a common framework for all routing subsystems. By 181 augmenting the module it provides a common building block for routes, 182 and Routing Information Bases (RIBs). It also has a reference to an 183 interface defined by A YANG Data Model for Interface Management 184 [RFC8343]. 186 A router running Babel routing protocol can determine the parameters 187 it needs to use for an interface based on the interface name. For 188 example, it can detect that eth0 is a wired interface, and that wlan0 189 is a wireless interface. This is not true for a tunnel interface, 190 where the link parameters need to be configured explicitly. 192 For a wired interface, it will assume 'two-out-of-three' for 'metric- 193 algorithm', and 'split-horizon' set to true. On the other hand, for 194 a wireless interface it will assume 'etx' for 'metric-algorithm', and 195 'split-horizon' set to false. However, if the wired link is 196 connected to a wireless radio, the values can be overriden by setting 197 'metric-algorithm' to 'etx', and 'split-horizon' to false. 198 Similarly, an interface that is a metered 3G link, and used for 199 fallback connectivity needs much higher default time constants, e.g. 200 'mcast-hello-interval', and 'update-interval', in order to avoid 201 carrying control traffic as much as possible. 203 In addition to the modules used above, this module imports 204 definitions from Common YANG Data Types [RFC6991], and references 205 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using 206 HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram 207 Transport Layer Security Version 1.2 [RFC6347], The Blake2 208 Cryptographic Hash and Message Authentication Code (MAC) [RFC7693], 209 Babel Information Model [I-D.ietf-babel-information-model], The Babel 210 Routing Protocol [RFC8966], and MAC Authentication for Babel 211 [RFC8967]. 213 file "ietf-babel@2021-05-12.yang" 214 module ietf-babel { 215 yang-version 1.1; 216 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 217 prefix babel; 219 import ietf-yang-types { 220 prefix yang; 221 reference 222 "RFC 6991: Common YANG Data Types."; 223 } 224 import ietf-inet-types { 225 prefix inet; 226 reference 227 "RFC 6991: Common YANG Data Types."; 228 } 229 import ietf-interfaces { 230 prefix if; 231 reference 232 "RFC 8343: A YANG Data Model for Interface Management"; 233 } 234 import ietf-routing { 235 prefix rt; 236 reference 237 "RFC 8349: YANG Routing Management"; 238 } 240 organization 241 "IETF Babel routing protocol Working Group"; 243 contact 244 "WG Web: http://tools.ietf.org/wg/babel/ 245 WG List: babel@ietf.org 247 Editor: Mahesh Jethanandani 248 mjethanandani@gmail.com 249 Editor: Barbara Stark 250 bs7652@att.com"; 252 description 253 "This YANG module defines a model for the Babel routing 254 protocol. 256 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 257 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 258 'MAY', and 'OPTIONAL' in this document are to be interpreted as 259 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 260 they appear in all capitals, as shown here. 262 Copyright (c) 2021 IETF Trust and the persons identified as 263 authors of the code. All rights reserved. 265 Redistribution and use in source and binary forms, with or 266 without modification, is permitted pursuant to, and subject to 267 the license terms contained in, the Simplified BSD License set 268 forth in Section 4.c of the IETF Trust's Legal Provisions 269 Relating to IETF Documents 270 (https://trustee.ietf.org/license-info). 272 This version of this YANG module is part of RFC XXXX 273 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 274 for full legal notices."; 276 revision 2021-05-12 { 277 description 278 "Initial version."; 279 reference 280 "RFC XXXX: Babel YANG Data Model."; 281 } 283 /* 284 * Features 285 */ 287 feature two-out-of-three-supported { 288 description 289 "This implementation supports two-out-of-three metric 290 comp algorithm."; 291 } 293 feature etx-supported { 294 description 295 "This implementation supports Expected Transmission Count 296 (ETX) metric comp algorithm."; 297 } 299 feature mac-supported { 300 description 301 "This implementation supports MAC based security."; 302 reference 303 "RFC 8967: MAC authentication for Babel Routing 304 Protocol."; 305 } 307 feature dtls-supported { 308 description 309 "This implementation supports DTLS based security."; 310 reference 311 "RFC 8968: Babel Routing Protocol over Datagram 312 Transport Layer Security."; 313 } 315 feature hmac-sha256-supported { 316 description 317 "This implementation supports hmac-sha256 MAC algorithm."; 318 reference 319 "RFC 8967: MAC authentication for Babel Routing 320 Protocol."; 322 } 324 feature blake2s-supported { 325 description 326 "This implementation supports blake2s MAC algorithms. 327 Specifically, BLAKE2-128 is supported."; 328 reference 329 "RFC 8967: MAC authentication for Babel Routing 330 Protocol."; 331 } 333 feature x-509-supported { 334 description 335 "This implementation supports x-509 certificate type."; 336 reference 337 "RFC 8968: Babel Routing Protocol over Datagram 338 Transport Layer Security."; 339 } 341 feature raw-public-key-supported { 342 description 343 "This implementation supports raw-public-key certificate 344 type."; 345 reference 346 "RFC 8968: Babel Routing Protocol over Datagram 347 Transport Layer Security."; 348 } 350 /* 351 * Identities 352 */ 354 identity metric-comp-algorithms { 355 description 356 "Base identity from which all Babel metric comp algorithms 357 MUST be derived."; 358 } 360 identity two-out-of-three { 361 base metric-comp-algorithms; 362 if-feature "two-out-of-three-supported"; 363 description 364 "2-out-of-3 algorithm."; 365 reference 366 "RFC 8966: The Babel Routing Protocol, Section A.2.1."; 367 } 369 identity etx { 370 base metric-comp-algorithms; 371 if-feature "etx-supported"; 372 description 373 "Expected Transmission Count."; 374 reference 375 "RFC 8966: The Babel Routing Protocol, Section A.2.2."; 376 } 378 /* 379 * Babel MAC algorithms identities. 380 */ 382 identity mac-algorithms { 383 description 384 "Base identity for all Babel MAC algorithms."; 385 } 387 identity hmac-sha256 { 388 base mac-algorithms; 389 if-feature "mac-supported"; 390 if-feature "hmac-sha256-supported"; 391 description 392 "HMAC-SHA256 algorithm supported."; 393 reference 394 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 395 with IPsec."; 396 } 398 identity blake2s { 399 base mac-algorithms; 400 if-feature "mac-supported"; 401 if-feature "blake2s-supported"; 402 description 403 "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is 404 supported."; 405 reference 406 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 407 Authentication Code (MAC)."; 408 } 410 /* 411 * Babel Cert Types 412 */ 414 identity dtls-cert-types { 415 description 416 "Base identity for Babel DTLS certificate types."; 417 } 418 identity x-509 { 419 base dtls-cert-types; 420 if-feature "dtls-supported"; 421 if-feature "x-509-supported"; 422 description 423 "X.509 certificate type."; 424 } 426 identity raw-public-key { 427 base dtls-cert-types; 428 if-feature "dtls-supported"; 429 if-feature "raw-public-key-supported"; 430 description 431 "Raw Public Key type."; 432 } 434 /* 435 * Babel routing protocol identity. 436 */ 438 identity babel { 439 base rt:routing-protocol; 440 description 441 "Babel routing protocol"; 442 } 444 /* 445 * Groupings 446 */ 448 grouping routes { 449 list routes { 450 key "prefix"; 451 config false; 453 leaf prefix { 454 type inet:ip-prefix; 455 description 456 "Prefix (expressed in ip-address/prefix-length format) for 457 which this route is advertised."; 458 reference 459 "RFC ZZZZ: Babel Information Model, Section 3.6."; 460 } 462 leaf router-id { 463 type binary; 464 description 465 "router-id of the source router for which this route is 466 advertised."; 467 reference 468 "RFC ZZZZ: Babel Information Model, Section 3.6."; 469 } 471 leaf neighbor { 472 type leafref { 473 path "/rt:routing/rt:control-plane-protocols/" 474 + "rt:control-plane-protocol/babel/interfaces/" 475 + "neighbor-objects/neighbor-address"; 476 } 477 description 478 "Reference to the neighbor-objects entry for the neighbor 479 that advertised this route."; 480 reference 481 "RFC ZZZZ: Babel Information Model, Section 3.6."; 482 } 484 leaf received-metric { 485 type uint16; 486 description 487 "The metric with which this route was advertised by the 488 neighbor, or maximum value (infinity) to indicate the 489 route was recently retracted and is temporarily 490 unreachable. This metric will be 0 (zero) if the route 491 was not received from a neighbor but was generated 492 through other means. At least one of 493 calculated-metric or received-metric MUST be non-NULL."; 494 reference 495 "RFC ZZZZ: Babel Information Model, Section 3.6, 496 RFC 8966: The Babel Routing Protocol, Section 2.1."; 497 } 499 leaf calculated-metric { 500 type uint16; 501 description 502 "A calculated metric for this route. How the metric is 503 calculated is implementation-specific. Maximum value 504 (infinity) indicates the route was recently retracted 505 and is temporarily unreachable. At least one of 506 calculated-metric or received-metric MUST be non-NULL."; 507 reference 508 "RFC ZZZZ: Babel Information Model, Section 3.6, 509 RFC 8966: The Babel Routing Protocol, Section 2.1."; 510 } 512 leaf seqno { 513 type uint16; 514 description 515 "The sequence number with which this route was 516 advertised."; 517 reference 518 "RFC ZZZZ: Babel Information Model, Section 3.6."; 519 } 521 leaf next-hop { 522 type inet:ip-address; 523 description 524 "The next-hop address of this route. This will be empty if 525 this route has no next-hop address."; 526 reference 527 "RFC ZZZZ: Babel Information Model, Section 3.6."; 528 } 530 leaf feasible { 531 type boolean; 532 description 533 "A boolean flag indicating whether this route is 534 feasible."; 535 reference 536 "RFC ZZZZ: Babel Information Model, Section 3.6, 537 RFC 8966, The Babel Routing Protocol, Section 3.5.1."; 538 } 540 leaf selected { 541 type boolean; 542 description 543 "A boolean flag indicating whether this route is selected, 544 i.e., whether it is currently being used for forwarding 545 and is being advertised."; 546 reference 547 "RFC ZZZZ: Babel Information Model, Section 3.6."; 548 } 549 description 550 "A set of babel-route-obj objects. Includes received and 551 routes routes."; 552 reference 553 "RFC ZZZZ: Babel Information Model, Section 3.1."; 554 } 555 description 556 "Common grouping for routing used in RIB."; 557 } 559 /* 560 * Data model 561 */ 563 augment "/rt:routing/rt:control-plane-protocols/" 564 + "rt:control-plane-protocol" { 565 when "derived-from-or-self(rt:type, 'babel')" { 566 description 567 "Augmentation is valid only when the instance of routing type 568 is of type 'babel'."; 569 } 570 description 571 "Augment the routing module to support a common structure 572 between routing protocols."; 573 reference 574 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 575 2018."; 577 container babel { 578 presence "A Babel container."; 579 description 580 "Babel Information Objects."; 581 reference 582 "RFC ZZZZ: Babel Information Model, Section 3."; 584 leaf version { 585 type string; 586 config false; 587 description 588 "The name and version of this implementation of the Babel 589 protocol."; 590 reference 591 "RFC ZZZZ: Babel Information Model, Section 3.1."; 592 } 594 leaf enable { 595 type boolean; 596 mandatory true; 597 description 598 "When written, it configures whether the protocol should be 599 enabled. A read from the or datastore 600 therefore indicates the configured administrative value of 601 whether the protocol is enabled or not. 603 A read from the datastore indicates whether 604 the protocol is actually running or not, i.e. it indicates 605 the operational state of the protocol."; 606 reference 607 "RFC ZZZZ: Babel Information Model, Section 3.1."; 608 } 610 leaf router-id { 611 type binary; 612 must '../enable = "true"'; 613 config false; 614 description 615 "Every Babel speaker is assigned a router-id, which is an 616 arbitrary string of 8 octets that is assumed to be unique 617 across the routing domain. 619 The router-id is valid only if the protocol is enabled, 620 at which time a non-zero value is assigned."; 621 reference 622 "RFC ZZZZ: Babel Information Model, Section 3.1, 623 RFC 8966: The Babel Routing Protocol, 624 Section 3."; 625 } 627 leaf seqno { 628 type uint16; 629 config false; 630 description 631 "Sequence number included in route updates for routes 632 originated by this node."; 633 reference 634 "RFC ZZZZ: Babel Information Model, Section 3.1."; 635 } 637 leaf stats-enable { 638 type boolean; 639 description 640 "Indicates whether statistics collection is enabled (true) 641 or disabled (false) on all interfaces. When enabled, 642 existing statistics values are not cleared and will be 643 incremented as new packets are counted."; 644 } 646 container constants { 647 description 648 "Babel Constants object."; 649 reference 650 "RFC ZZZZ: Babel Information Model, Section 3.1."; 652 leaf udp-port { 653 type inet:port-number; 654 default "6696"; 655 description 656 "UDP port for sending and receiving Babel messages. The 657 default port is 6696."; 658 reference 659 "RFC ZZZZ: Babel Information Model, Section 3.2."; 660 } 662 leaf mcast-group { 663 type inet:ip-address; 664 default "ff02::1:6"; 665 description 666 "Multicast group for sending and receiving multicast 667 announcements on IPv6."; 668 reference 669 "RFC ZZZZ: Babel Information Model, Section 3.2."; 670 } 671 } 673 list interfaces { 674 key "reference"; 676 description 677 "A set of Babel Interface objects."; 678 reference 679 "RFC ZZZZ: Babel Information Model, Section 3.3."; 681 leaf reference { 682 type if:interface-ref; 683 description 684 "References the name of the interface over which Babel 685 packets are sent and received."; 686 reference 687 "RFC ZZZZ: Babel Information Model, Section 3.3."; 688 } 690 leaf enable { 691 type boolean; 692 default "true"; 693 description 694 "If true, babel sends and receives messages on this 695 interface. If false, babel messages received on this 696 interface are ignored and none are sent."; 697 reference 698 "RFC ZZZZ: Babel Information Model, Section 3.3."; 699 } 701 leaf metric-algorithm { 702 type identityref { 703 base metric-comp-algorithms; 704 } 705 mandatory true; 706 description 707 "Indicates the metric computation algorithm used on this 708 interface. The value MUST be one of those identities 709 based on 'metric-comp-algorithms'."; 710 reference 711 "RFC ZZZZ: Babel Information Model, Section 3.3."; 712 } 714 leaf split-horizon { 715 type boolean; 716 description 717 "Indicates whether or not the split horizon optimization 718 is used when calculating metrics on this interface. 719 A value of true indicates split horizon optimization 720 is used."; 721 reference 722 "RFC ZZZZ: Babel Information Model, Section 3.3."; 723 } 725 leaf mcast-hello-seqno { 726 type uint16; 727 config false; 728 description 729 "The current sequence number in use for multicast hellos 730 sent on this interface."; 731 reference 732 "RFC ZZZZ: Babel Information Model, Section 3.3."; 733 } 735 leaf mcast-hello-interval { 736 type uint16; 737 units "centiseconds"; 738 description 739 "The current multicast hello interval in use for hellos 740 sent on this interface."; 741 reference 742 "RFC ZZZZ: Babel Information Model, Section 3.3."; 743 } 745 leaf update-interval { 746 type uint16; 747 units "centiseconds"; 748 description 749 "The current update interval in use for this interface. 750 Units are centiseconds."; 751 reference 752 "RFC ZZZZ: Babel Information Model, Section 3.3."; 753 } 754 leaf mac-enable { 755 type boolean; 756 description 757 "Indicates whether the MAC security mechanism is enabled 758 (true) or disabled (false)."; 759 reference 760 "RFC ZZZZ: Babel Information Model, Section 3.3."; 761 } 763 leaf-list mac-key-sets { 764 type leafref { 765 path "../../mac-key-set/name"; 766 } 767 description 768 "List of references to the mac entries that apply 769 to this interface. When an interface instance is 770 created, all mac instances with default-apply 'true' 771 will be included in this list."; 772 reference 773 "RFC ZZZZ: Babel Information Model, Section 3.3."; 774 } 776 leaf mac-verify { 777 type boolean; 778 description 779 "A Boolean flag indicating whether MACs in 780 incoming Babel packets are required to be present and 781 are verified. If this parameter is 'true', incoming 782 packets are required to have a valid MAC."; 783 reference 784 "RFC ZZZZ: Babel Information Model, Section 3.3."; 785 } 787 leaf dtls-enable { 788 type boolean; 789 description 790 "Indicates whether the DTLS security mechanism is enabled 791 (true) or disabled (false)."; 792 reference 793 "RFC ZZZZ: Babel Information Model, Section 3.3."; 794 } 796 leaf-list dtls-certs { 797 type leafref { 798 path "../../dtls/name"; 799 } 800 description 801 "List of references to the dtls entries that apply to 802 this interface. When an interface instance 803 is created, all dtls instances with default-apply 804 'true' will be included in this list."; 805 reference 806 "RFC ZZZZ: Babel Information Model, Section 3.3."; 807 } 809 leaf dtls-cached-info { 810 type boolean; 811 description 812 "Indicates whether the cached_info extension is included 813 in ClientHello and ServerHello packets. The extension 814 is included if the value is 'true'."; 815 reference 816 "RFC ZZZZ: Babel Information Model, Section 3.3. 817 RFC 8968: Babel Routing Protocol over 818 Datagram Transport Layer Security, Appendix A."; 819 } 821 leaf-list dtls-cert-prefer { 822 type leafref { 823 path "../../dtls/certs/type"; 824 } 825 ordered-by user; 826 description 827 "List of supported certificate types, in order of 828 preference. The values MUST be among those listed in 829 dtls-cert-types. This list is used to populate the 830 server_certificate_type extension in a Client Hello. 831 Values that are present in at least one instance in the 832 certs object under dtls of a referenced dtls instance 833 and that have a non-empty private-key will be used to 834 populate the client_certificate_type extension in a 835 Client Hello."; 836 reference 837 "RFC ZZZZ: Babel Information Model, Section 3.3 838 RFC 8968: Babel Routing Protocol over 839 Datagram Transport Layer Security, Appendix A."; 840 } 842 leaf packet-log-enable { 843 type boolean; 844 description 845 "If true, logging of babel packets received on this 846 interface is enabled; if false, babel packets are not 847 logged."; 848 reference 849 "RFC ZZZZ: Babel Information Model, Section 3.3."; 851 } 853 leaf packet-log { 854 type inet:uri; 855 config false; 856 description 857 "A reference or url link to a file that contains a 858 timestamped log of packets received and sent on 859 udp-port on this interface. The [libpcap] file 860 format with .pcap file extension SHOULD be supported for 861 packet log files. Logging is enabled / disabled by 862 packet-log-enable."; 863 reference 864 "RFC ZZZZ: Babel Information Model, Section 3.3."; 865 } 867 container stats { 868 config false; 869 description 870 "Statistics collection object for this interface."; 871 reference 872 "RFC ZZZZ: Babel Information Model, Section 3.3."; 874 leaf sent-mcast-hello { 875 type yang:counter32; 876 description 877 "A count of the number of multicast Hello packets sent 878 on this interface."; 879 reference 880 "RFC ZZZZ: Babel Information Model, Section 3.4."; 881 } 883 leaf sent-mcast-update { 884 type yang:counter32; 885 description 886 "A count of the number of multicast update packets sent 887 on this interface."; 888 reference 889 "RFC ZZZZ: Babel Information Model, Section 3.4."; 890 } 892 leaf sent-ucast-hello { 893 type yang:counter32; 894 description 895 "A count of the number of unicast Hello packets sent 896 on this interface."; 897 reference 898 "RFC ZZZZ: Babel Information Model, Section 3.6."; 900 } 902 leaf sent-ucast-update { 903 type yang:counter32; 904 description 905 "A count of the number of unicast update packets sent 906 on this interface."; 907 reference 908 "RFC ZZZZ: Babel Information Model, Section 3.6."; 909 } 911 leaf sent-ihu { 912 type yang:counter32; 913 description 914 "A count of the number of IHU packets sent on this 915 interface."; 916 reference 917 "RFC ZZZZ: Babel Information Model, Section 3.6."; 918 } 920 leaf received-packets { 921 type yang:counter32; 922 description 923 "A count of the number of Babel packets received on 924 this interface."; 925 reference 926 "RFC ZZZZ: Babel Information Model, Section 3.4."; 927 } 929 action reset { 930 description 931 "The information model [RFC ZZZZ] defines reset 932 action as a system-wide reset of Babel statistics. 933 In YANG the reset action is associated with the 934 container where the action is defined. In this case 935 the action is associated with the stats container 936 inside an interface. The action will therefore 937 reset statistics at an interface level. 939 Implementations that want to support a system-wide 940 reset of Babel statistics need to call this action 941 for every instance of the interface."; 943 input { 944 leaf reset-at { 945 type yang:date-and-time; 946 description 947 "The time when the reset was issued."; 949 } 950 } 952 output { 953 leaf reset-finished-at { 954 type yang:date-and-time; 955 description 956 "The time when the reset finished."; 957 } 958 } 959 } 960 } 962 list neighbor-objects { 963 key "neighbor-address"; 964 config false; 965 description 966 "A set of Babel Neighbor Object."; 967 reference 968 "RFC ZZZZ: Babel Information Model, Section 3.5."; 970 leaf neighbor-address { 971 type inet:ip-address; 972 description 973 "IPv4 or v6 address the neighbor sends packets from."; 974 reference 975 "RFC ZZZZ: Babel Information Model, Section 3.5."; 976 } 978 leaf hello-mcast-history { 979 type string; 980 description 981 "The multicast Hello history of whether or not the 982 multicast Hello packets prior to exp-mcast- 983 hello-seqno were received, with a '1' for the most 984 recent Hello placed in the most significant bit and 985 prior Hellos shifted right (with '0' bits placed 986 between prior Hellos and most recent Hello for any 987 not-received Hellos); represented as a string using 988 utf-8 encoded hex digits where a '1' bit = Hello 989 received and a '0' bit = Hello not received."; 990 reference 991 "RFC ZZZZ: Babel Information Model, Section 3.5."; 992 } 994 leaf hello-ucast-history { 995 type string; 996 description 997 "The unicast Hello history of whether or not the 998 unicast Hello packets prior to exp-ucast-hello-seqno 999 were received, with a '1' for the most 1000 recent Hello placed in the most significant bit and 1001 prior Hellos shifted right (with '0' bits placed 1002 between prior Hellos and most recent Hello for any 1003 not-received Hellos); represented as a string using 1004 utf-8 encoded hex digits where a '1' bit = Hello 1005 received and a '0' bit = Hello not received."; 1006 reference 1007 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1008 } 1010 leaf txcost { 1011 type int32; 1012 default "0"; 1013 description 1014 "Transmission cost value from the last IHU packet 1015 received from this neighbor, or maximum value 1016 (infinity) to indicate the IHU hold timer for this 1017 neighbor has expired description."; 1018 reference 1019 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1020 } 1022 leaf exp-mcast-hello-seqno { 1023 type uint16; 1024 default "0"; 1025 description 1026 "Expected multicast Hello sequence number of next Hello 1027 to be received from this neighbor; if multicast Hello 1028 packets are not expected, or processing of multicast 1029 packets is not enabled, this MUST be NULL."; 1030 reference 1031 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1032 } 1034 leaf exp-ucast-hello-seqno { 1035 type uint16; 1036 default "0"; 1037 description 1038 "Expected unicast Hello sequence number of next Hello 1039 to be received from this neighbor; if unicast Hello 1040 packets are not expected, or processing of unicast 1041 packets is not enabled, this MUST be NULL."; 1042 reference 1043 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1044 } 1045 leaf ucast-hello-seqno { 1046 type uint16; 1047 default "0"; 1048 description 1049 "The current sequence number in use for unicast Hellos 1050 sent to this neighbor. If unicast Hellos are not being 1051 sent, this MUST be NULL."; 1052 reference 1053 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1054 } 1056 leaf ucast-hello-interval { 1057 type uint16; 1058 units "centiseconds"; 1059 description 1060 "The current interval in use for unicast hellos sent to 1061 this neighbor. Units are centiseconds."; 1062 reference 1063 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1064 } 1066 leaf rxcost { 1067 type uint16; 1068 description 1069 "Reception cost calculated for this neighbor. This 1070 value is usually derived from the Hello history, which 1071 may be combined with other data, such as statistics 1072 maintained by the link layer. The rxcost is sent to a 1073 neighbor in each IHU."; 1074 reference 1075 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1076 } 1078 leaf cost { 1079 type int32; 1080 description 1081 "Link cost is computed from the values maintained in 1082 the neighbor table. The statistics kept in the 1083 neighbor table about the reception of Hellos, and the 1084 txcost computed from received IHU packets."; 1085 reference 1086 "RFC ZZZZ: Babel Information Model, Section 3.5."; 1087 } 1088 } 1089 } 1091 list mac-key-set { 1092 key "name"; 1093 description 1094 "A mac key set object. If this object is implemented, it 1095 provides access to parameters related to the MAC security 1096 mechanism."; 1097 reference 1098 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1100 leaf name { 1101 type string; 1102 description 1103 "A string that uniquely identifies the mac object."; 1104 } 1106 leaf default-apply { 1107 type boolean; 1108 description 1109 "A Boolean flag indicating whether this object 1110 instance is applied to all new interfaces, by default. 1111 If 'true', this instance is applied to new babel- 1112 interfaces instances at the time they are created, 1113 by including it in the mac-key-sets list under 1114 interfaces. If 'false', this instance is not applied 1115 to new interfaces instances when they are created."; 1116 reference 1117 "RFC ZZZZ: Babel Information Model, Section 3.7."; 1118 } 1120 list keys { 1121 key "name"; 1122 min-elements 1; 1123 description 1124 "A set of keys objects."; 1125 reference 1126 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1128 leaf name { 1129 type string; 1130 description 1131 "A unique name for this MAC key that can be used to 1132 identify the key in this object instance, since the 1133 key value is not allowed to be read. This value can 1134 only be provided when this instance is created, and is 1135 not subsequently writable."; 1136 reference 1137 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1138 } 1140 leaf use-send { 1141 type boolean; 1142 mandatory true; 1143 description 1144 "Indicates whether this key value is used to compute a 1145 MAC and include that MAC in the sent Babel packet. A 1146 MAC for sent packets is computed using this key if the 1147 value is 'true'. If the value is 'false', this key is 1148 not used to compute a MAC to include in sent Babel 1149 packets."; 1150 reference 1151 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1152 } 1154 leaf use-verify { 1155 type boolean; 1156 mandatory true; 1157 description 1158 "Indicates whether this key value is used to verify 1159 incoming Babel packets. This key is used to verify 1160 incoming packets if the value is 'true'. If the value 1161 is 'false', no MAC is computed from this key for 1162 comparing an incoming packet."; 1163 reference 1164 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1165 } 1167 leaf value { 1168 type binary; 1169 mandatory true; 1170 description 1171 "The value of the MAC key. An implementation MUST NOT 1172 allow this parameter to be read. This can be done by 1173 always providing an empty string, or through 1174 permissions, or other means. This value MUST be 1175 provided when this instance is created, and is not 1176 subsequently writable. 1178 This value is of a length suitable for the associated 1179 babel-mac-key-algorithm. If the algorithm is based on 1180 the HMAC construction [RFC2104], the length MUST be 1181 between 0 and an upper limit that is at least the size 1182 of the output length (where 'HMAC-SHA256' output 1183 length is 32 octets as described in [RFC4868]). Longer 1184 lengths MAY be supported but are not necessary if the 1185 management system has the ability to generate a 1186 suitably random value (e.g., by randomly generating a 1187 value or by using a key derivation technique as 1188 recommended in [RFC8967] Security Considerations). If 1189 the algorithm is 'BLAKE2s-128', the length MUST be 1190 between 0 and 32 bytes inclusive as specified by 1191 [RFC7693]."; 1192 reference 1193 "RFC ZZZZ: Babel Information Model, Section 3.8, 1194 RFC 2104: HMAC: Keyed-Hashing for Message 1195 Authentication 1196 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1197 HMAC-SHA-512 with IPsec, 1198 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1199 Authentication Code (MAC). 1200 RFC 8967: MAC Authentication for Babel."; 1201 } 1203 leaf algorithm { 1204 type identityref { 1205 base mac-algorithms; 1206 } 1207 mandatory true; 1208 description 1209 "The name of the MAC algorithm used with this key. The 1210 value MUST be the same as one of the enumerations 1211 listed in the mac-algorithms parameter."; 1212 reference 1213 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1214 } 1216 action test { 1217 description 1218 "An operation that allows the MAC key and MAC 1219 algorithm to be tested to see if they produce an 1220 expected outcome. Input to this operation are a 1221 binary string and a calculated MAC (also in the 1222 format of a binary string) for the binary string. 1223 The implementation is expected to create a MAC over 1224 the binary string using the value and algorithm. 1225 The output of this operation is a binary indication 1226 that the calculated MAC matched the input MAC (true) 1227 or the MACs did not match (false)."; 1228 reference 1229 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1231 input { 1232 leaf test-string { 1233 type binary; 1234 mandatory true; 1235 description 1236 "Input to this operation is a binary string. 1238 The implementation is expected to create 1239 a MAC over this string using the value and 1240 the algorithm defined as part of the 1241 mac-key-set."; 1242 reference 1243 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1244 } 1246 leaf mac { 1247 type binary; 1248 mandatory true; 1249 description 1250 "Input to this operation includes a MAC. 1251 The implementation is expected to calculate a MAC 1252 over the string using the value and algorithm of 1253 this key object and compare its calculated MAC to 1254 this input MAC."; 1255 reference 1256 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1257 } 1258 } 1260 output { 1261 leaf indication { 1262 type boolean; 1263 mandatory true; 1264 description 1265 "The output of this operation is a binary 1266 indication that the calculated MAC matched the 1267 input MAC (true) or the MACs did not match 1268 (false)."; 1269 reference 1270 "RFC ZZZZ: Babel Information Model, Section 3.8."; 1271 } 1272 } 1273 } 1274 } 1275 } 1277 list dtls { 1278 key "name"; 1280 description 1281 "A dtls object. If this object is implemented, 1282 it provides access to parameters related to the DTLS 1283 security mechanism."; 1284 reference 1285 "RFC ZZZZ: Babel Information Model, Section 3.9"; 1287 leaf name { 1288 type string; 1289 description 1290 "A string that uniquely identifies a dtls object."; 1291 } 1293 leaf default-apply { 1294 type boolean; 1295 mandatory true; 1296 description 1297 "A Boolean flag indicating whether this object 1298 instance is applied to all new interfaces, by default. 1299 If 'true', this instance is applied to new interfaces 1300 instances at the time they are created, by including it 1301 in the dtls-certs list under interfaces. If 'false', 1302 this instance is not applied to new interfaces 1303 instances when they are created."; 1304 reference 1305 "RFC ZZZZ: Babel Information Model, Section 3.9."; 1306 } 1308 list certs { 1309 key "name"; 1311 min-elements 1; 1312 description 1313 "A set of cert objects. This contains 1314 both certificates for this implementation to present 1315 for authentication, and to accept from others. 1316 Certificates with a non-empty private-key 1317 can be presented by this implementation for 1318 authentication."; 1319 reference 1320 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1322 leaf name { 1323 type string; 1324 description 1325 "A unique name for this certificate that can be 1326 used to identify the certificate in this object 1327 instance, since the value is too long to be useful 1328 for identification. This value MUST NOT be empty 1329 and can only be provided when this instance is created 1330 (i.e., it is not subsequently writable)."; 1331 reference 1332 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1333 } 1334 leaf value { 1335 type string; 1336 mandatory true; 1337 description 1338 "The certificate in PEM format [RFC7468]. This 1339 value can only be provided when this instance is 1340 created, and is not subsequently writable."; 1341 reference 1342 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1343 } 1345 leaf type { 1346 type identityref { 1347 base dtls-cert-types; 1348 } 1349 mandatory true; 1350 description 1351 "The name of the certificate type of this object 1352 instance. The value MUST be the same as one of the 1353 enumerations listed in the dtls-cert-types 1354 parameter. This value can only be provided when this 1355 instance is created, and is not subsequently 1356 writable."; 1357 reference 1358 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1359 } 1361 leaf private-key { 1362 type binary; 1363 mandatory true; 1364 description 1365 "The value of the private key. If this is non-empty, 1366 this certificate can be used by this implementation to 1367 provide a certificate during DTLS handshaking. An 1368 implementation MUST NOT allow this parameter to be 1369 read. This can be done by always providing an empty 1370 string, or through permissions, or other means. This 1371 value can only be provided when this instance is 1372 created, and is not subsequently writable."; 1373 reference 1374 "RFC ZZZZ: Babel Information Model, Section 3.10."; 1375 } 1376 } 1377 } 1378 uses routes; 1379 } 1380 } 1381 } 1382 1384 3. IANA Considerations 1386 This document registers one URIs and one YANG module. 1388 3.1. URI Registrations 1390 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1392 3.2. YANG Module Name Registration 1394 This document registers one YANG module in the YANG Module Names 1395 registry YANG [RFC6020]. 1397 Name:ietf-babel 1398 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1399 prefix: babel 1400 reference: RFC XXXX 1402 4. Security Considerations 1404 The YANG module specified in this document defines a schema for data 1405 that is designed to be accessed via network management protocol such 1406 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1407 is the secure transport layer and the mandatory-to-implement secure 1408 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1409 the mandatory-to-implement secure transport is TLS [RFC8446]. 1411 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1412 to restrict access for particular NETCONF users to a pre-configured 1413 subset of all available NETCONF protocol operations and content. 1415 There are a number of data nodes defined in the YANG module which are 1416 writable/created/deleted (i.e., config true, which is the default). 1417 These data nodes may be considered sensitive or vulnerable in some 1418 network environments. Write operations (e.g., ) to 1419 these data nodes without proper protection can have a negative effect 1420 on network operations. These are the subtrees and data nodes and 1421 their sensitivity/vulnerability from a config true perspective: 1423 'babel': This container includes an 'enable' parameter that can be 1424 used to enable or disable use of Babel on a router 1426 'babel/constants': This container includes configuration parameters 1427 that can prevent reachability if misconfigured. 1429 'babel/interfaces': This leaf-list has configuration parameters that 1430 can enable/disable security mechanisms and change performance 1431 characteristics of the Babel protocol. 1433 'babel/hmac' and 'babel/dtls': These contain security credentials 1434 that influence whether packets are trusted. 1436 Some of the readable data or config false nodes in this YANG module 1437 may be considered sensitive or vulnerable in some network 1438 environments. It is thus important to control read access (e.g., via 1439 get, get-config, or notification) to these data nodes. These are the 1440 subtrees and data nodes and their sensitivity/vulnerability from a 1441 config false perpective: 1443 'babel': Access to the information in the various nodes can disclose 1444 the network topology. Additionally, the routes used by a network 1445 device may be used to mount a subsequent attack on traffic traversing 1446 the network device. 1448 'babel/hmac' and 'babel/dtls': These contain security credentials, 1449 include private credentials of the router. 1451 Some of the RPC operations in this YANG module may be considered 1452 sensitive or vulnerable in some network environments. It is thus 1453 important to control access to these operations. These are the 1454 operations and their sensitivity/vulnerability from a RPC operation 1455 perspective: 1457 This model does not define any RPC operations. 1459 5. Acknowledgements 1461 Juliusz Chroboczek provided most of the example configurations for 1462 babel that are shown in the Appendix. 1464 6. References 1466 6.1. Normative References 1468 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1469 Requirement Levels", BCP 14, RFC 2119, 1470 DOI 10.17487/RFC2119, March 1997, 1471 . 1473 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1474 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1475 DOI 10.17487/RFC4868, May 2007, 1476 . 1478 [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer 1479 Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, 1480 January 2012, . 1482 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1483 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1484 . 1486 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1487 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1488 . 1490 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1491 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1492 May 2017, . 1494 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1495 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1496 . 1498 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1499 Routing Management (NMDA Version)", RFC 8349, 1500 DOI 10.17487/RFC8349, March 2018, 1501 . 1503 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 1504 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 1505 . 1507 [RFC8967] Dô, C., Kolodziejak, W., and J. Chroboczek, "MAC 1508 Authentication for the Babel Routing Protocol", RFC 8967, 1509 DOI 10.17487/RFC8967, January 2021, 1510 . 1512 6.2. Informative References 1514 [I-D.ietf-babel-information-model] 1515 Stark, B. and M. Jethanandani, "Babel Information Model", 1516 Work in Progress, Internet-Draft, draft-ietf-babel- 1517 information-model-14, 11 March 2021, 1518 . 1521 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1522 Hashing for Message Authentication", RFC 2104, 1523 DOI 10.17487/RFC2104, February 1997, 1524 . 1526 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1527 the Network Configuration Protocol (NETCONF)", RFC 6020, 1528 DOI 10.17487/RFC6020, October 2010, 1529 . 1531 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1532 and A. Bierman, Ed., "Network Configuration Protocol 1533 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1534 . 1536 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1537 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1538 . 1540 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1541 Cryptographic Hash and Message Authentication Code (MAC)", 1542 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1543 . 1545 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1546 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1547 . 1549 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1550 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1551 . 1553 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1554 Access Control Model", STD 91, RFC 8341, 1555 DOI 10.17487/RFC8341, March 2018, 1556 . 1558 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1559 and R. Wilton, "Network Management Datastore Architecture 1560 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1561 . 1563 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1564 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1565 . 1567 Appendix A. An Appendix 1569 This section is devoted to examples that demonstrate how Babel can be 1570 configured. 1572 A.1. Statistics Gathering Enabled 1574 In this example, interface eth0 is being configured for routing 1575 protocol Babel, and statistics gathering is enabled. For security, 1576 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1577 the key value provided, and every received Babel packet is verified 1578 with the same key value. 1580 1581 1582 1584 1585 eth0 1586 ianaift:ethernetCsmacd 1587 true 1588 1589 1590 1592 1593 1594 babel:babel 1597 1598 name:babel 1599 1601 true 1602 true 1603 1604 eth0 1605 two-out-of-three 1606 true 1607 1608 1609 hmac-sha256 1610 1611 hmac-sha256-keys 1612 true 1613 true 1614 base64encodedvalue== 1615 hmac-sha256 1616 1617 1618 1619 1620 1621 1622 1624 A.2. Automatic Detection of Properties 1625 1635 1636 1637 1639 1640 eth0 1641 ianaift:ethernetCsmacd 1642 true 1643 1644 1645 wlan0 1646 ianaift:ieee80211 1647 true 1648 1649 1650 1652 1653 1654 babel:babel 1657 1658 name:babel 1659 1661 true 1662 1663 eth0 1664 true 1665 two-out-of-three 1666 true 1667 1668 1669 wlan0 1670 true 1671 etx 1672 false 1674 1675 1676 1677 1678 1679 1681 A.3. Override Default Properties 1683 1701 1702 1703 1705 1706 eth0 1707 ianaift:ethernetCsmacd 1708 true 1709 1710 1711 eth1 1712 ianaift:ethernetCsmacd 1713 true 1714 1715 1716 tun0 1717 ianaift:tunnel 1718 true 1719 1720 1721 1723 1724 1725 babel:babel 1728 1729 name:babel 1730 1732 true 1733 1734 eth0 1735 true 1736 two-out-of-three 1737 true 1738 1739 1740 eth1 1741 true 1742 etx 1743 false 1744 1745 1746 tun0 1747 true 1748 two-out-of-three 1749 true 1750 1751 1752 1753 1754 1755 1757 A.4. Configuring other Properties 1759 1769 1770 1771 1773 1774 eth0 1775 ianaift:ethernetCsmacd 1776 true 1777 1778 1779 ppp0 1780 ianaift:ppp 1781 true 1782 1783 1784 1786 1787 1788 babel:babel 1791 1792 name:babel 1793 1795 true 1796 1797 eth0 1798 true 1799 two-out-of-three 1800 true 1801 1802 1803 ppp0 1804 true 1805 30 1806 120 1807 two-out-of-three 1808 1809 1810 1811 1812 1813 1815 Authors' Addresses 1816 Mahesh Jethanandani 1817 Kloud Services 1818 California 1819 United States of America 1821 Email: mjethanandani@gmail.com 1823 Barbara Stark 1824 AT&T 1825 Atlanta, GA 1826 United States of America 1828 Email: barbara.stark@att.com