idnits 2.17.1 draft-ietf-babel-yang-model-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1685 has weird spacing: '...ty-time yan...' == Line 1714 has weird spacing: '...-verify boo...' == Line 1719 has weird spacing: '...-string bin...' == Line 1722 has weird spacing: '...ication boo...' == Line 1725 has weird spacing: '...t-apply boo...' == (1 more instance...) -- The document date (15 August 2021) is 986 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-34) exists of draft-ietf-netconf-crypto-types-20 ** Downref: Normative reference to an Informational RFC: RFC 7693 ** Downref: Normative reference to an Informational RFC: RFC 9046 Summary: 2 errors (**), 0 flaws (~~), 8 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel Working Group M. Jethanandani 3 Internet-Draft Kloud Services 4 Intended status: Standards Track B. Stark 5 Expires: 16 February 2022 AT&T 6 15 August 2021 8 YANG Data Model for Babel 9 draft-ietf-babel-yang-model-11 11 Abstract 13 This document defines a data model for the Babel routing protocol. 14 The data model is defined using the YANG data modeling language. 16 Requirements Language 18 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 19 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 20 "OPTIONAL" in this document are to be interpreted as described in BCP 21 14 [RFC2119][RFC8174] when, and only when, they appear in all 22 capitals, as shown here. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at https://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on 16 February 2022. 41 Copyright Notice 43 Copyright (c) 2021 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 48 license-info) in effect on the date of publication of this document. 49 Please review these documents carefully, as they describe your rights 50 and restrictions with respect to this document. Code Components 51 extracted from this document must include Simplified BSD License text 52 as described in Section 4.e of the Trust Legal Provisions and are 53 provided without warranty as described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 59 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 60 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 62 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 63 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 64 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 65 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 31 66 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 31 67 4. Security Considerations . . . . . . . . . . . . . . . . . . . 31 68 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 69 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 70 6.1. Normative References . . . . . . . . . . . . . . . . . . 33 71 6.2. Informative References . . . . . . . . . . . . . . . . . 34 72 Appendix A. Tree Diagram and Example Configurations . . . . . . 35 73 A.1. Complete Tree Diagram . . . . . . . . . . . . . . . . . . 35 74 A.2. Statistics Gathering Enabled . . . . . . . . . . . . . . 37 75 A.3. Automatic Detection of Properties . . . . . . . . . . . . 38 76 A.4. Override Default Properties . . . . . . . . . . . . . . . 40 77 A.5. Configuring other Properties . . . . . . . . . . . . . . 41 78 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 80 1. Introduction 82 This document defines a data model for The Babel Routing Protocol 83 [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] and is 84 Network Management Datastore Architecture (NDMA) [RFC8342] 85 compatible. It is based on the Babel Information Model [RFC9046]. 86 The data model only includes data nodes that are useful for managing 87 Babel over IPv6. 89 1.1. Note to RFC Editor 91 Artwork in this document contains shorthand references to drafts in 92 progress. Please apply the following replacements and remove this 93 note before publication. 95 * "XXXX" --> the assigned RFC value for this draft both in this 96 draft and in the YANG models under the revision statement. 98 * Revision date in model, in the format 2021-08-17 needs to get 99 updated with the date the draft gets approved. The date also 100 needs to get reflected on the line with . 102 1.2. Tree Diagram Annotations 104 For a reference to the annotations used in tree diagrams included in 105 this draft, please see YANG Tree Diagrams [RFC8340]. 107 2. Babel Module 109 This document defines a YANG 1.1 [RFC7950] data model for the 110 configuration and management of Babel. The YANG module is based on 111 the Babel Information Model [RFC9046]. 113 2.1. Information Model 115 There are a few things that should be noted between the Babel 116 Information Model and this data module. The information model 117 mandates the definition of some of the attributes, e.g., 'babel- 118 implementation-version' or the 'babel-self-router-id'. These 119 attributes are marked as read-only objects in the information module 120 as well as in this data module. However, there is no way in the data 121 module to mandate that a read-only attribute be present. It is up to 122 the implementation of this data module to make sure that the 123 attributes that are marked read-only and are mandatory are indeed 124 present. 126 2.2. Tree Diagram 128 The following diagram illustrates a top level hierarchy of the model. 129 In addition to the version implemented by this device, the model 130 contains subtrees on 'constants', 'interfaces', 'mac-key-set', 131 'dtls', and 'routes'. 133 module: ietf-babel 135 augment /rt:routing/rt:control-plane-protocols 136 /rt:control-plane-protocol: 137 +--rw babel! 138 +--ro version? string 139 +--rw enable boolean 140 +--ro router-id? binary 141 +--ro seqno? uint16 142 +--rw statistics-enabled? boolean 143 +--rw constants 144 | ... 145 +--rw interfaces* [reference] 146 | ... 147 +--rw mac-key-set* [name] 148 | ... 149 +--rw dtls* [name] 150 | ... 151 +--ro routes* [prefix] 152 ... 154 The 'interfaces' subtree describes attributes such as the 'interface' 155 object that is being referenced, the type of link, e.g., wired, 156 wireless or tunnel, as enumerated by 'metric-algorithm' and 'split- 157 horizon' and whether the interface is enabled or not. 159 The 'constants' subtree describes the UDP port used for sending and 160 receiving Babel messages, and the multicast group used to send and 161 receive announcements on IPv6. 163 The 'routes' subtree describes objects such as the prefix for which 164 the route is advertised, a reference to the neighboring route, and 165 'next-hop' address. 167 Finally, for security two subtrees are defined to contain MAC keys 168 and DTLS certificates. The 'mac-key-set' subtree contains keys used 169 with the MAC security mechanism. The boolean flag 'default-apply' 170 indicates whether the set of MAC keys is automatically applied to new 171 interfaces. The 'dtls' subtree contains certificates used with DTLS 172 security mechanism. Similar to the MAC mechanism, the boolean flag 173 'default-apply' indicates whether the set of DTLS certificates is 174 automatically applied to new interfaces. 176 2.3. YANG Module 178 This YANG module augments the YANG Routing Management [RFC8349] 179 module to provide a common framework for all routing subsystems. By 180 augmenting the module it provides a common building block for routes, 181 and Routing Information Bases (RIBs). It also has a reference to an 182 interface defined by A YANG Data Model for Interface Management 183 [RFC8343]. 185 A router running Babel routing protocol can sometimes determine the 186 parameters it needs to use for an interface based on the interface 187 name. For example, it can detect that eth0 is a wired interface, and 188 that wlan0 is a wireless interface. This is not true for a tunnel 189 interface, where the link parameters need to be configured 190 explicitly. 192 For a wired interface, it will assume 'two-out-of-three' for 'metric- 193 algorithm', and 'split-horizon' set to true. On the other hand, for 194 a wireless interface it will assume 'etx' for 'metric-algorithm', and 195 'split-horizon' set to false. However, if the wired link is 196 connected to a wireless radio, the values can be overriden by setting 197 'metric-algorithm' to 'etx', and 'split-horizon' to false. 198 Similarly, an interface that is a metered 3G link, and used for 199 fallback connectivity needs much higher default time constants, e.g., 200 'mcast-hello-interval', and 'update-interval', in order to avoid 201 carrying control traffic as much as possible. 203 In addition to the modules used above, this module imports 204 definitions from Common YANG Data Types [RFC6991], and references 205 HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using 206 HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec [RFC4868], 207 The Datagram Transport Layer Security (DTLS) Version 1.3 208 [I-D.ietf-tls-dtls13], The Blake2 Cryptographic Hash and Message 209 Authentication Code (MAC) [RFC7693], Babel Information Model 210 [RFC9046], The Babel Routing Protocol [RFC8966], YANG Data Types and 211 Groupings for Cryptography [I-D.ietf-netconf-crypto-types], Network 212 Configuration Access Control Model [RFC8341] and MAC Authentication 213 for Babel [RFC8967]. 215 file "ietf-babel@2021-08-17.yang" 216 module ietf-babel { 217 yang-version 1.1; 218 namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; 219 prefix babel; 221 import ietf-yang-types { 222 prefix yang; 223 reference 224 "RFC 6991: Common YANG Data Types."; 225 } 226 import ietf-inet-types { 227 prefix inet; 228 reference 229 "RFC 6991: Common YANG Data Types."; 230 } 231 import ietf-interfaces { 232 prefix if; 233 reference 234 "RFC 8343: A YANG Data Model for Interface Management"; 235 } 236 import ietf-routing { 237 prefix rt; 238 reference 239 "RFC 8349: YANG Routing Management"; 240 } 241 import ietf-crypto-types { 242 prefix ct; 243 reference 244 "I-D.ietf-netconf-crypto-types: YANG Data Types and Groupings 245 for Cryptographay."; 246 } 247 import ietf-netconf-acm { 248 prefix nacm; 249 reference 250 "RFC 8341: Network Configuration Access Control Model"; 251 } 253 organization 254 "IETF Babel routing protocol Working Group"; 256 contact 257 "WG Web: http://tools.ietf.org/wg/babel/ 258 WG List: babel@ietf.org 260 Editor: Mahesh Jethanandani 261 mjethanandani@gmail.com 262 Editor: Barbara Stark 263 bs7652@att.com"; 265 description 266 "This YANG module defines a model for the Babel routing 267 protocol. 269 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 270 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 271 'MAY', and 'OPTIONAL' in this document are to be interpreted as 272 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 273 they appear in all capitals, as shown here. 275 Copyright (c) 2021 IETF Trust and the persons identified as 276 authors of the code. All rights reserved. 278 Redistribution and use in source and binary forms, with or 279 without modification, is permitted pursuant to, and subject to 280 the license terms contained in, the Simplified BSD License set 281 forth in Section 4.c of the IETF Trust's Legal Provisions 282 Relating to IETF Documents 283 (https://trustee.ietf.org/license-info). 285 This version of this YANG module is part of RFC XXXX 286 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself 287 for full legal notices."; 289 revision 2021-08-17 { 290 description 291 "Initial version."; 292 reference 293 "RFC XXXX: Babel YANG Data Model."; 294 } 296 /* 297 * Features 298 */ 300 feature two-out-of-three-supported { 301 description 302 "This implementation supports the '2-out-of-3' 303 computation algorithm."; 304 } 306 feature etx-supported { 307 description 308 "This implementation supports the Expected Transmission Count 309 (ETX) metric computation algorithm."; 310 } 312 feature mac-supported { 313 description 314 "This implementation supports MAC-based security."; 315 reference 316 "RFC 8967: MAC authentication for Babel Routing 317 Protocol."; 318 } 319 feature dtls-supported { 320 description 321 "This implementation supports DTLS based security."; 322 reference 323 "RFC 8968: Babel Routing Protocol over Datagram 324 Transport Layer Security."; 325 } 327 feature hmac-sha256-supported { 328 description 329 "This implementation supports the HMAC-SHA256 MAC algorithm."; 330 reference 331 "RFC 8967: MAC authentication for Babel Routing 332 Protocol."; 333 } 335 feature blake2s-supported { 336 description 337 "This implementation supports BLAKE2s MAC algorithms."; 338 reference 339 "RFC 8967: MAC authentication for Babel Routing 340 Protocol."; 341 } 343 feature x-509-supported { 344 description 345 "This implementation supports the X.509 certificate type."; 346 reference 347 "RFC 8968: Babel Routing Protocol over Datagram 348 Transport Layer Security."; 349 } 351 feature raw-public-key-supported { 352 description 353 "This implementation supports the Raw Public Key certificate 354 type."; 355 reference 356 "RFC 8968: Babel Routing Protocol over Datagram 357 Transport Layer Security."; 358 } 360 /* 361 * Identities 362 */ 364 identity metric-comp-algorithms { 365 description 366 "Base identity from which all Babel metric computation 367 algorithms MUST be derived."; 368 } 370 identity two-out-of-three { 371 if-feature "two-out-of-three-supported"; 372 base metric-comp-algorithms; 373 description 374 "2-out-of-3 algorithm."; 375 reference 376 "RFC 8966: The Babel Routing Protocol, Section A.2.1."; 377 } 379 identity etx { 380 if-feature "etx-supported"; 381 base metric-comp-algorithms; 382 description 383 "Expected Transmission Count (ETX) metric computation 384 algorithm."; 385 reference 386 "RFC 8966: The Babel Routing Protocol, Section A.2.2."; 387 } 389 /* 390 * Babel MAC algorithms identities. 391 */ 393 identity mac-algorithms { 394 description 395 "Base identity for all Babel MAC algorithms."; 396 } 398 identity hmac-sha256 { 399 if-feature "mac-supported"; 400 if-feature "hmac-sha256-supported"; 401 base mac-algorithms; 402 description 403 "HMAC-SHA256 algorithm supported."; 404 reference 405 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 406 with IPsec."; 407 } 409 identity blake2s { 410 if-feature "mac-supported"; 411 if-feature "blake2s-supported"; 412 base mac-algorithms; 413 description 414 "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is 415 supported."; 416 reference 417 "RFC 7693: The BLAKE2 Cryptographic Hash and Message 418 Authentication Code (MAC)."; 419 } 421 /* 422 * Babel Cert Types 423 */ 425 identity dtls-cert-types { 426 description 427 "Base identity for Babel DTLS certificate types."; 428 } 430 identity x-509 { 431 if-feature "dtls-supported"; 432 if-feature "x-509-supported"; 433 base dtls-cert-types; 434 description 435 "X.509 certificate type."; 436 } 438 identity raw-public-key { 439 if-feature "dtls-supported"; 440 if-feature "raw-public-key-supported"; 441 base dtls-cert-types; 442 description 443 "Raw Public Key certificate type."; 444 } 446 /* 447 * Babel routing protocol identity. 448 */ 450 identity babel { 451 base rt:routing-protocol; 452 description 453 "Babel routing protocol"; 454 } 456 /* 457 * Groupings 458 */ 460 grouping routes { 461 list routes { 462 key "prefix"; 463 config false; 465 leaf prefix { 466 type inet:ip-prefix; 467 description 468 "Prefix (expressed in ip-address/prefix-length format) for 469 which this route is advertised."; 470 reference 471 "RFC 9046: Babel Information Model, Section 3.6."; 472 } 474 leaf router-id { 475 type binary { 476 length 8; 477 } 478 description 479 "router-id of the source router for which this route is 480 advertised."; 481 reference 482 "RFC 9046: Babel Information Model, Section 3.6."; 483 } 485 leaf neighbor { 486 type leafref { 487 path "/rt:routing/rt:control-plane-protocols/" 488 + "rt:control-plane-protocol/babel/interfaces/" 489 + "neighbor-objects/neighbor-address"; 490 } 491 description 492 "Reference to the neighbor-objects entry for the neighbor 493 that advertised this route."; 494 reference 495 "RFC 9046: Babel Information Model, Section 3.6."; 496 } 498 leaf received-metric { 499 type uint16; 500 description 501 "The metric with which this route was advertised by the 502 neighbor, or maximum value (infinity) to indicate the 503 route was recently retracted and is temporarily 504 unreachable. This metric will be NULL (no value) if the 505 route was not received from a neighbor but instead was 506 injected through means external to the Babel routing 507 protocol. At least one of calculated-metric or 508 received-metric MUST be non-NULL."; 509 reference 510 "RFC 9046: Babel Information Model, Section 3.6, 511 RFC 8966: The Babel Routing Protocol, Section 2.1."; 512 } 514 leaf calculated-metric { 515 type uint16; 516 description 517 "A calculated metric for this route. How the metric is 518 calculated is implementation-specific. Maximum value 519 (infinity) indicates the route was recently retracted 520 and is temporarily unreachable. At least one of 521 calculated-metric or received-metric MUST be non-NULL."; 522 reference 523 "RFC 9046: Babel Information Model, Section 3.6, 524 RFC 8966: The Babel Routing Protocol, Section 2.1."; 525 } 527 leaf seqno { 528 type uint16; 529 description 530 "The sequence number with which this route was 531 advertised."; 532 reference 533 "RFC 9046: Babel Information Model, Section 3.6."; 534 } 536 leaf next-hop { 537 type inet:ip-address; 538 description 539 "The next-hop address of this route. This will be NULL if 540 this route has no next-hop address."; 541 reference 542 "RFC 9046: Babel Information Model, Section 3.6."; 543 } 545 leaf feasible { 546 type boolean; 547 description 548 "A boolean flag indicating whether this route is 549 feasible."; 550 reference 551 "RFC 9046: Babel Information Model, Section 3.6, 552 RFC 8966, The Babel Routing Protocol, Section 3.5.1."; 553 } 555 leaf selected { 556 type boolean; 557 description 558 "A boolean flag indicating whether this route is selected, 559 i.e., whether it is currently being used for forwarding 560 and is being advertised."; 561 reference 562 "RFC 9046: Babel Information Model, Section 3.6."; 563 } 564 description 565 "A set of babel-route-obj objects. Contains routes known to 566 this node."; 567 reference 568 "RFC 9046: Babel Information Model, Section 3.1."; 569 } 570 description 571 "Common grouping for routing used in RIB."; 572 } 574 /* 575 * Data model 576 */ 578 augment "/rt:routing/rt:control-plane-protocols/" 579 + "rt:control-plane-protocol" { 580 when "derived-from-or-self(rt:type, 'babel')" { 581 description 582 "Augmentation is valid only when the instance of routing type 583 is of type 'babel'."; 584 } 585 description 586 "Augment the routing module to support a common structure 587 between routing protocols."; 588 reference 589 "YANG Routing Management, RFC 8349, Lhotka & Lindem, March 590 2018."; 592 container babel { 593 presence "A Babel container."; 594 description 595 "Babel Information Objects."; 596 reference 597 "RFC 9046: Babel Information Model, Section 3."; 599 leaf version { 600 type string; 601 config false; 602 description 603 "The name and version of this implementation of the Babel 604 protocol."; 605 reference 606 "RFC 9046: Babel Information Model, Section 3.1."; 608 } 610 leaf enable { 611 type boolean; 612 mandatory true; 613 description 614 "When written, it configures whether the protocol should be 615 enabled. A read from the or datastore 616 therefore indicates the configured administrative value of 617 whether the protocol is enabled or not. 619 A read from the datastore indicates whether 620 the protocol is actually running or not, i.e. it indicates 621 the operational state of the protocol."; 622 reference 623 "RFC 9046: Babel Information Model, Section 3.1."; 624 } 626 leaf router-id { 627 type binary; 628 must '../enable = "true"'; 629 config false; 630 description 631 "Every Babel speaker is assigned a router-id, which is an 632 arbitrary string of 8 octets that is assumed to be unique 633 across the routing domain. 635 The router-id is valid only if the protocol is enabled, 636 at which time a non-zero value is assigned."; 637 reference 638 "RFC 9046: Babel Information Model, Section 3.1, 639 RFC 8966: The Babel Routing Protocol, 640 Section 3."; 641 } 643 leaf seqno { 644 type uint16; 645 config false; 646 description 647 "Sequence number included in route updates for routes 648 originated by this node."; 649 reference 650 "RFC 9046: Babel Information Model, Section 3.1."; 651 } 653 leaf statistics-enabled { 654 type boolean; 655 description 656 "Indicates whether statistics collection is enabled (true) 657 or disabled (false) on all interfaces. On transition to 658 enabled, existing statistics values are not cleared and 659 will be incremented as new packets are counted."; 660 } 662 container constants { 663 description 664 "Babel Constants object."; 665 reference 666 "RFC 9046: Babel Information Model, Section 3.1."; 668 leaf udp-port { 669 type inet:port-number; 670 default "6696"; 671 description 672 "UDP port for sending and receiving Babel messages. The 673 default port is 6696."; 674 reference 675 "RFC 9046: Babel Information Model, Section 3.2."; 676 } 678 leaf mcast-group { 679 type inet:ip-address; 680 default "ff02::1:6"; 681 description 682 "Multicast group for sending and receiving multicast 683 announcements on IPv6."; 684 reference 685 "RFC 9046: Babel Information Model, Section 3.2."; 686 } 687 } 689 list interfaces { 690 key "reference"; 692 description 693 "A set of Babel Interface objects."; 694 reference 695 "RFC 9046: Babel Information Model, Section 3.3."; 697 leaf reference { 698 type if:interface-ref; 699 description 700 "References the name of the interface over which Babel 701 packets are sent and received."; 702 reference 703 "RFC 9046: Babel Information Model, Section 3.3."; 705 } 707 leaf enable { 708 type boolean; 709 default "true"; 710 description 711 "If true, babel sends and receives messages on this 712 interface. If false, babel messages received on this 713 interface are ignored and none are sent."; 714 reference 715 "RFC 9046: Babel Information Model, Section 3.3."; 716 } 718 leaf metric-algorithm { 719 type identityref { 720 base metric-comp-algorithms; 721 } 722 mandatory true; 723 description 724 "Indicates the metric computation algorithm used on this 725 interface. The value MUST be one of those identities 726 based on 'metric-comp-algorithms'."; 727 reference 728 "RFC 9046: Babel Information Model, Section 3.3."; 729 } 731 leaf split-horizon { 732 type boolean; 733 description 734 "Indicates whether or not the split horizon optimization 735 is used when calculating metrics on this interface. 736 A value of true indicates the split horizon optimization 737 is used."; 738 reference 739 "RFC 9046: Babel Information Model, Section 3.3."; 740 } 742 leaf mcast-hello-seqno { 743 type uint16; 744 config false; 745 description 746 "The current sequence number in use for multicast hellos 747 sent on this interface."; 748 reference 749 "RFC 9046: Babel Information Model, Section 3.3."; 750 } 752 leaf mcast-hello-interval { 753 type uint16; 754 units "centiseconds"; 755 description 756 "The current multicast hello interval in use for hellos 757 sent on this interface."; 758 reference 759 "RFC 9046: Babel Information Model, Section 3.3."; 760 } 762 leaf update-interval { 763 type uint16; 764 units "centiseconds"; 765 description 766 "The current update interval in use for this interface. 767 Units are centiseconds."; 768 reference 769 "RFC 9046: Babel Information Model, Section 3.3."; 770 } 772 leaf mac-enable { 773 type boolean; 774 description 775 "Indicates whether the MAC security mechanism is enabled 776 (true) or disabled (false)."; 777 reference 778 "RFC 9046: Babel Information Model, Section 3.3."; 779 } 781 leaf-list mac-key-sets { 782 type leafref { 783 path "../../mac-key-set/name"; 784 } 785 description 786 "List of references to the MAC entries that apply 787 to this interface. When an interface instance is 788 created, all MAC instances with default-apply 'true' 789 will be included in this list."; 790 reference 791 "RFC 9046: Babel Information Model, Section 3.3."; 792 } 794 leaf mac-verify { 795 type boolean; 796 description 797 "A Boolean flag indicating whether MACs in 798 incoming Babel packets are required to be present and 799 are verified. If this parameter is 'true', incoming 800 packets are required to have a valid MAC."; 802 reference 803 "RFC 9046: Babel Information Model, Section 3.3."; 804 } 806 leaf dtls-enable { 807 type boolean; 808 description 809 "Indicates whether the DTLS security mechanism is enabled 810 (true) or disabled (false)."; 811 reference 812 "RFC 9046: Babel Information Model, Section 3.3."; 813 } 815 leaf-list dtls-certs { 816 type leafref { 817 path "../../dtls/name"; 818 } 819 description 820 "List of references to the dtls entries that apply to 821 this interface. When an interface instance 822 is created, all dtls instances with default-apply 823 'true' will be included in this list."; 824 reference 825 "RFC 9046: Babel Information Model, Section 3.3."; 826 } 828 leaf dtls-cached-info { 829 type boolean; 830 description 831 "Indicates whether the cached_info extension is enabled. 832 The extension is enabled for inclusion in ClientHello 833 and ServerHello messages if the value is 'true'."; 834 reference 835 "RFC 9046: Babel Information Model, Section 3.3. 836 RFC 8968: Babel Routing Protocol over 837 Datagram Transport Layer Security, Appendix A."; 838 } 840 leaf-list dtls-cert-prefer { 841 type leafref { 842 path "../../dtls/certs/type"; 843 } 844 ordered-by user; 845 description 846 "List of supported certificate types, in order of 847 preference. The values MUST be the 'type' attribute 848 in the list 'certs' of the list 'dtls' 849 (../../dtls/certs/type). This list is used to populate 850 the server_certificate_type extension in a ClientHello. 851 Values that are present in at least one instance in the 852 certs object under dtls of a referenced dtls instance 853 and that have a non-empty private-key will be used to 854 populate the client_certificate_type extension in a 855 ClientHello."; 856 reference 857 "RFC 9046: Babel Information Model, Section 3.3 858 RFC 8968: Babel Routing Protocol over 859 Datagram Transport Layer Security, Appendix A."; 860 } 862 leaf packet-log-enable { 863 type boolean; 864 description 865 "If true, logging of babel packets received on this 866 interface is enabled; if false, babel packets are not 867 logged."; 868 reference 869 "RFC 9046: Babel Information Model, Section 3.3."; 870 } 872 leaf packet-log { 873 type inet:uri; 874 config false; 875 description 876 "A reference or url link to a file that contains a 877 timestamped log of packets received and sent on 878 udp-port on this interface. The [libpcap] file 879 format with .pcap file extension SHOULD be supported for 880 packet log files. Logging is enabled / disabled by 881 packet-log-enable."; 882 reference 883 "RFC 9046: Babel Information Model, Section 3.3."; 884 } 886 container statistics { 887 config false; 888 description 889 "Statistics collection object for this interface."; 890 reference 891 "RFC 9046: Babel Information Model, Section 3.3."; 893 leaf discontinuity-time { 894 type yang:date-and-time; 895 mandatory true; 896 description 897 "The time on the most recent occasion at which any one 898 or more of counters suffered a discontinuity. If no 899 such discontinuities have occurred since the last 900 re-initialization of the local management subsystem, 901 then this node contains the time the local management 902 subsystem re-initialized itself."; 903 } 905 leaf sent-mcast-hello { 906 type yang:counter32; 907 description 908 "A count of the number of multicast Hello packets sent 909 on this interface."; 910 reference 911 "RFC 9046: Babel Information Model, Section 3.4."; 912 } 914 leaf sent-mcast-update { 915 type yang:counter32; 916 description 917 "A count of the number of multicast update packets sent 918 on this interface."; 919 reference 920 "RFC 9046: Babel Information Model, Section 3.4."; 921 } 923 leaf sent-ucast-hello { 924 type yang:counter32; 925 description 926 "A count of the number of unicast Hello packets sent 927 on this interface."; 928 reference 929 "RFC 9046: Babel Information Model, Section 3.6."; 930 } 932 leaf sent-ucast-update { 933 type yang:counter32; 934 description 935 "A count of the number of unicast update packets sent 936 on this interface."; 937 reference 938 "RFC 9046: Babel Information Model, Section 3.6."; 939 } 941 leaf sent-ihu { 942 type yang:counter32; 943 description 944 "A count of the number of IHU packets sent on this 945 interface."; 947 reference 948 "RFC 9046: Babel Information Model, Section 3.6."; 949 } 951 leaf received-packets { 952 type yang:counter32; 953 description 954 "A count of the number of Babel packets received on 955 this interface."; 956 reference 957 "RFC 9046: Babel Information Model, Section 3.4."; 958 } 960 action reset { 961 description 962 "The information model [RFC 9046] defines reset 963 action as a system-wide reset of Babel statistics. 964 In YANG the reset action is associated with the 965 container where the action is defined. In this case 966 the action is associated with the statistics container 967 inside an interface. The action will therefore 968 reset statistics at an interface level. 970 Implementations that want to support a system-wide 971 reset of Babel statistics need to call this action 972 for every instance of the interface."; 974 input { 975 leaf reset-at { 976 type yang:date-and-time; 977 description 978 "The time when the reset was issued."; 979 } 980 } 982 output { 983 leaf reset-finished-at { 984 type yang:date-and-time; 985 description 986 "The time when the reset finished."; 987 } 988 } 989 } 990 } 992 list neighbor-objects { 993 key "neighbor-address"; 994 config false; 995 description 996 "A set of Babel Neighbor Object."; 997 reference 998 "RFC 9046: Babel Information Model, Section 3.5."; 1000 leaf neighbor-address { 1001 type inet:ip-address; 1002 description 1003 "IPv4 or v6 address the neighbor sends packets from."; 1004 reference 1005 "RFC 9046: Babel Information Model, Section 3.5."; 1006 } 1008 leaf hello-mcast-history { 1009 type string; 1010 description 1011 "The multicast Hello history of whether or not the 1012 multicast Hello packets prior to exp-mcast- 1013 hello-seqno were received, with a '1' for the most 1014 recent Hello placed in the most significant bit and 1015 prior Hellos shifted right (with '0' bits placed 1016 between prior Hellos and most recent Hello for any 1017 not-received Hellos); represented as a string of 1018 utf-8 encoded hex digits. A bit that is set indicates 1019 that the corresponding Hello was received, and a bit 1020 that is cleared indicates that the corresponding Hello 1021 was not received."; 1022 reference 1023 "RFC 9046: Babel Information Model, Section 3.5."; 1024 } 1026 leaf hello-ucast-history { 1027 type string; 1028 description 1029 "The unicast Hello history of whether or not the 1030 unicast Hello packets prior to exp-ucast-hello-seqno 1031 were received, with a '1' for the most 1032 recent Hello placed in the most significant bit and 1033 prior Hellos shifted right (with '0' bits placed 1034 between prior Hellos and most recent Hello for any 1035 not-received Hellos); represented as a string using 1036 utf-8 encoded hex digits where a '1' bit = Hello 1037 received and a '0' bit = Hello not received."; 1038 reference 1039 "RFC 9046: Babel Information Model, Section 3.5."; 1040 } 1042 leaf txcost { 1043 type int32; 1044 default "0"; 1045 description 1046 "Transmission cost value from the last IHU packet 1047 received from this neighbor, or maximum value 1048 (infinity) to indicate the IHU hold timer for this 1049 neighbor has expired description."; 1050 reference 1051 "RFC 9046: Babel Information Model, Section 3.5."; 1052 } 1054 leaf exp-mcast-hello-seqno { 1055 type uint16; 1056 description 1057 "Expected multicast Hello sequence number of next Hello 1058 to be received from this neighbor; if multicast Hello 1059 packets are not expected, or processing of multicast 1060 packets is not enabled, this MUST be NULL."; 1061 reference 1062 "RFC 9046: Babel Information Model, Section 3.5."; 1063 } 1065 leaf exp-ucast-hello-seqno { 1066 type uint16; 1067 default "0"; 1068 description 1069 "Expected unicast Hello sequence number of next Hello 1070 to be received from this neighbor; if unicast Hello 1071 packets are not expected, or processing of unicast 1072 packets is not enabled, this MUST be NULL."; 1073 reference 1074 "RFC 9046: Babel Information Model, Section 3.5."; 1075 } 1077 leaf ucast-hello-seqno { 1078 type uint16; 1079 default "0"; 1080 description 1081 "The current sequence number in use for unicast Hellos 1082 sent to this neighbor. If unicast Hellos are not being 1083 sent, this MUST be NULL."; 1084 reference 1085 "RFC 9046: Babel Information Model, Section 3.5."; 1086 } 1088 leaf ucast-hello-interval { 1089 type uint16; 1090 units "centiseconds"; 1091 description 1092 "The current interval in use for unicast hellos sent to 1093 this neighbor. Units are centiseconds."; 1094 reference 1095 "RFC 9046: Babel Information Model, Section 3.5."; 1096 } 1098 leaf rxcost { 1099 type uint16; 1100 description 1101 "Reception cost calculated for this neighbor. This 1102 value is usually derived from the Hello history, which 1103 may be combined with other data, such as statistics 1104 maintained by the link layer. The rxcost is sent to a 1105 neighbor in each IHU."; 1106 reference 1107 "RFC 9046: Babel Information Model, Section 3.5."; 1108 } 1110 leaf cost { 1111 type int32; 1112 description 1113 "Link cost is computed from the values maintained in 1114 the neighbor table. The statistics kept in the 1115 neighbor table about the reception of Hellos, and the 1116 txcost computed from received IHU packets."; 1117 reference 1118 "RFC 9046: Babel Information Model, Section 3.5."; 1119 } 1120 } 1121 } 1123 list mac-key-set { 1124 key "name"; 1126 description 1127 "A MAC key set object. If this object is implemented, it 1128 provides access to parameters related to the MAC security 1129 mechanism."; 1130 reference 1131 "RFC 9046: Babel Information Model, Section 3.7."; 1133 leaf name { 1134 type string; 1135 description 1136 "A string that uniquely identifies the MAC object."; 1137 } 1138 leaf default-apply { 1139 type boolean; 1140 description 1141 "A Boolean flag indicating whether this object 1142 instance is applied to all new interfaces, by default. 1143 If 'true', this instance is applied to new babel- 1144 interfaces instances at the time they are created, 1145 by including it in the mac-key-sets list under 1146 the interface. If 'false', this instance is not applied 1147 to new interface instances when they are created."; 1148 reference 1149 "RFC 9046: Babel Information Model, Section 3.7."; 1150 } 1152 list keys { 1153 key "name"; 1154 min-elements 1; 1155 description 1156 "A set of keys objects."; 1157 reference 1158 "RFC 9046: Babel Information Model, Section 3.8."; 1160 leaf name { 1161 type string; 1162 description 1163 "A unique name for this MAC key that can be used to 1164 identify the key in this object instance, since the 1165 key value is not allowed to be read. This value can 1166 only be provided when this instance is created, and is 1167 not subsequently writable."; 1168 reference 1169 "RFC 9046: Babel Information Model, Section 3.8."; 1170 } 1172 leaf use-send { 1173 type boolean; 1174 mandatory true; 1175 description 1176 "Indicates whether this key value is used to compute a 1177 MAC and include that MAC in the sent Babel packet. A 1178 MAC for sent packets is computed using this key if the 1179 value is 'true'. If the value is 'false', this key is 1180 not used to compute a MAC to include in sent Babel 1181 packets."; 1182 reference 1183 "RFC 9046: Babel Information Model, Section 3.8."; 1184 } 1185 leaf use-verify { 1186 type boolean; 1187 mandatory true; 1188 description 1189 "Indicates whether this key value is used to verify 1190 incoming Babel packets. This key is used to verify 1191 incoming packets if the value is 'true'. If the value 1192 is 'false', no MAC is computed from this key for 1193 comparing an incoming packet."; 1194 reference 1195 "RFC 9046: Babel Information Model, Section 3.8."; 1196 } 1198 leaf value { 1199 nacm:default-deny-all; 1200 type binary; 1201 mandatory true; 1202 description 1203 "The value of the MAC key. 1205 This value is of a length suitable for the associated 1206 babel-mac-key-algorithm. If the algorithm is based on 1207 the HMAC construction [RFC2104], the length MUST be 1208 between 0 and an upper limit that is at least the size 1209 of the output length (where 'HMAC-SHA256' output 1210 length is 32 octets as described in [RFC4868]). Longer 1211 lengths MAY be supported but are not necessary if the 1212 management system has the ability to generate a 1213 suitably random value (e.g., by randomly generating a 1214 value or by using a key derivation technique as 1215 recommended in [RFC8967] Security Considerations). If 1216 the algorithm is 'BLAKE2s-128', the length MUST be 1217 between 0 and 32 bytes inclusive as specified by 1218 [RFC7693]."; 1219 reference 1220 "RFC 9046: Babel Information Model, Section 3.8, 1221 RFC 2104: HMAC: Keyed-Hashing for Message 1222 Authentication 1223 RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and 1224 HMAC-SHA-512 with IPsec, 1225 RFC 7693: The BLAKE2 Cryptographic Hash and Message 1226 Authentication Code (MAC). 1227 RFC 8967: MAC Authentication for Babel."; 1228 } 1230 leaf algorithm { 1231 type identityref { 1232 base mac-algorithms; 1234 } 1235 mandatory true; 1236 description 1237 "The MAC algorithm used with this key. The 1238 value MUST be one of the identities 1239 listed with the base of 'mac-algorithms'."; 1240 reference 1241 "RFC 9046: Babel Information Model, Section 3.8."; 1242 } 1244 action test { 1245 description 1246 "An operation that allows the MAC key and MAC 1247 algorithm to be tested to see if they produce an 1248 expected outcome. Input to this operation are a 1249 binary string and a calculated MAC (also in the 1250 format of a binary string) for the binary string. 1251 The implementation is expected to create a MAC over 1252 the binary string using the value and algorithm. 1253 The output of this operation is a binary indication 1254 that the calculated MAC matched the input MAC (true) 1255 or the MACs did not match (false)."; 1256 reference 1257 "RFC 9046: Babel Information Model, Section 3.8."; 1259 input { 1260 leaf test-string { 1261 type binary; 1262 mandatory true; 1263 description 1264 "Input to this operation is a binary string. 1265 The implementation is expected to create 1266 a MAC over this string using the value and 1267 the algorithm defined as part of the 1268 mac-key-set."; 1269 reference 1270 "RFC 9046: Babel Information Model, Section 3.8."; 1271 } 1273 leaf mac { 1274 type binary; 1275 mandatory true; 1276 description 1277 "Input to this operation includes a MAC. 1278 The implementation is expected to calculate a MAC 1279 over the string using the value and algorithm of 1280 this key object and compare its calculated MAC to 1281 this input MAC."; 1283 reference 1284 "RFC 9046: Babel Information Model, Section 3.8."; 1285 } 1286 } 1288 output { 1289 leaf indication { 1290 type boolean; 1291 mandatory true; 1292 description 1293 "The output of this operation is a binary 1294 indication that the calculated MAC matched the 1295 input MAC (true) or the MACs did not match 1296 (false)."; 1297 reference 1298 "RFC 9046: Babel Information Model, Section 3.8."; 1299 } 1300 } 1301 } 1302 } 1303 } 1305 list dtls { 1306 key "name"; 1308 description 1309 "A dtls object. If this object is implemented, 1310 it provides access to parameters related to the DTLS 1311 security mechanism."; 1312 reference 1313 "RFC 9046: Babel Information Model, Section 3.9"; 1315 leaf name { 1316 type string; 1317 description 1318 "A string that uniquely identifies a dtls object."; 1319 } 1321 leaf default-apply { 1322 type boolean; 1323 mandatory true; 1324 description 1325 "A Boolean flag indicating whether this object 1326 instance is applied to all new interfaces, by default. 1327 If 'true', this instance is applied to new interfaces 1328 instances at the time they are created, by including it 1329 in the dtls-certs list under the interface. If 'false', 1330 this instance is not applied to new interface 1331 instances when they are created."; 1332 reference 1333 "RFC 9046: Babel Information Model, Section 3.9."; 1334 } 1336 list certs { 1337 key "name"; 1339 min-elements 1; 1340 description 1341 "A set of cert objects. This contains 1342 both certificates for this implementation to present 1343 for authentication, and to accept from others. 1344 Certificates with a non-empty private-key 1345 can be presented by this implementation for 1346 authentication."; 1347 reference 1348 "RFC 9046: Babel Information Model, Section 3.10."; 1350 leaf name { 1351 type string; 1352 description 1353 "A unique name for this certificate that can be 1354 used to identify the certificate in this object 1355 instance, since the value is too long to be useful 1356 for identification. This value MUST NOT be empty 1357 and can only be provided when this instance is created 1358 (i.e., it is not subsequently writable)."; 1359 reference 1360 "RFC 9046: Babel Information Model, Section 3.10."; 1361 } 1363 leaf value { 1364 nacm:default-deny-write; 1365 type string; 1366 mandatory true; 1367 description 1368 "The certificate in PEM format [RFC7468]. This 1369 value can only be provided when this instance is 1370 created, and is not subsequently writable."; 1371 reference 1372 "RFC 9046: Babel Information Model, Section 3.10."; 1373 } 1375 leaf type { 1376 nacm:default-deny-write; 1377 type identityref { 1378 base dtls-cert-types; 1380 } 1381 mandatory true; 1382 description 1383 "The certificate type of this object instance. 1384 The value MUST be the same as one of the 1385 identities listed with the base 'dtls-cert-types'. 1386 This value can only be provided when this 1387 instance is created, and is not subsequently 1388 writable."; 1389 reference 1390 "RFC 9046: Babel Information Model, Section 3.10."; 1391 } 1393 leaf private-key { 1394 nacm:default-deny-all; 1395 type binary; 1396 mandatory true; 1397 description 1398 "The value of the private key. If this is non-empty, 1399 this certificate can be used by this implementation to 1400 provide a certificate during DTLS handshaking."; 1401 reference 1402 "RFC 9046: Babel Information Model, Section 3.10."; 1403 } 1405 leaf algorithm { 1406 nacm:default-deny-write; 1407 type identityref { 1408 base ct:private-key-format; 1409 } 1410 mandatory true; 1411 description 1412 "Identifies the algorithm identity with which the 1413 private-key has been encoded. This value can only be 1414 provided when this instance is created, and is not 1415 subsequently writable."; 1416 } 1417 } 1418 } 1419 uses routes; 1420 } 1421 } 1422 } 1423 1425 3. IANA Considerations 1427 This document registers a URI and a YANG module. 1429 3.1. URI Registrations 1431 URI: urn:ietf:params:xml:ns:yang:ietf-babel 1433 3.2. YANG Module Name Registration 1435 This document registers a YANG module in the YANG Module Names 1436 registry YANG [RFC6020]. 1438 Name:ietf-babel 1439 Namespace: urn:ietf:params:xml:ns:yang:ietf-babel 1440 prefix: babel 1441 reference: RFC XXXX 1443 4. Security Considerations 1445 The YANG module specified in this document defines a schema for data 1446 that is designed to be accessed via network management protocol such 1447 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1448 is the secure transport layer and the mandatory-to-implement secure 1449 transport is SSH [RFC6242]. The lowest RESTCONF layer is HTTPS, and 1450 the mandatory-to-implement secure transport is TLS [RFC8446]. 1452 The NETCONF Access Control Model (NACM [RFC8341]) provides the means 1453 to restrict access for particular NETCONF users to a pre-configured 1454 subset of all available NETCONF protocol operations and content. 1456 The security considerations outlined here are specific to the YANG 1457 data model, and do not cover security considerations of the Babel 1458 protocol or its security mechanisms in The Babel Routing Protocol 1459 [RFC8966], MAC Authentication for the Babel Routing Protocol 1460 [RFC8967], and Babel Routing Protocol over Data Transport Layer 1461 Security [RFC8968]. Each of these has its own Security 1462 Considerations section for considerations that are specific to it. 1464 There are a number of data nodes defined in the YANG module which are 1465 writable/created/deleted (i.e., config true, which is the default). 1466 These data nodes may be considered sensitive or vulnerable in some 1467 network environments. Write operations (e.g., ) to 1468 these data nodes without proper protection can have a negative effect 1469 on network operations. These are the subtrees and data nodes and 1470 their sensitivity/vulnerability from a config true perspective: 1472 'babel': This container includes an 'enable' parameter that can be 1473 used to enable or disable use of Babel on a router 1475 'babel/constants': This container includes configuration parameters 1476 that can prevent reachability if misconfigured. 1478 'babel/interfaces': This leaf-list has configuration parameters that 1479 can enable/disable security mechanisms and change performance 1480 characteristics of the Babel protocol. 1482 'babel/hmac' and 'babel/dtls': These contain security credentials 1483 that influence whether incoming packets are trusted, and whether 1484 outgoing packets are produced in a way such that the receiver will 1485 treat them as trusted. 1487 Some of the readable data or config false nodes in this YANG module 1488 may be considered sensitive or vulnerable in some network 1489 environments. It is thus important to control read access (e.g., via 1490 get, get-config, or notification) to these data nodes. These are the 1491 subtrees and data nodes and their sensitivity/vulnerability from a 1492 config false perpective: 1494 'babel': Access to the information in the various nodes can disclose 1495 the network topology. Additionally, the routes used by a network 1496 device may be used to mount a subsequent attack on traffic traversing 1497 the network device. 1499 'babel/hmac' and 'babel/dtls': These contain security credentials, 1500 including private credentials of the router; however it is required 1501 that these values not be readable. 1503 Some of the RPC operations in this YANG module may be considered 1504 sensitive or vulnerable in some network environments. It is thus 1505 important to control access to these operations. These are the 1506 operations and their sensitivity/vulnerability from a RPC operation 1507 perspective: 1509 This model defines two actions. Resetting the statistics within an 1510 interface container would be visible to any monitoring processes, 1511 which should be designed to account for the possibility of such a 1512 reset. The "test" action allows for validation that a MAC key and 1513 MAC algorithm have been properly configured. The MAC key is a 1514 sensitive piece of information, and it is important to prevent an 1515 attacker that does not know the MAC key from being able to determine 1516 the MAC value by trying different input parameters. The "test" 1517 action has been designed to not reveal such information directly. 1518 Such information might also be revealed indirectly, due to side 1519 channels such as the time it takes to produce a response to the 1520 action. Implementations SHOULD use a constant-time comparison 1521 between the input mac and the locally generated MAC value for 1522 comparison, in order to avoid such side channel leakage. 1524 5. Acknowledgements 1526 Juliusz Chroboczek provided most of the example configurations for 1527 babel that are shown in the Appendix. 1529 6. References 1531 6.1. Normative References 1533 [I-D.ietf-netconf-crypto-types] 1534 Watsen, K., "YANG Data Types and Groupings for 1535 Cryptography", Work in Progress, Internet-Draft, draft- 1536 ietf-netconf-crypto-types-20, 18 May 2021, 1537 . 1540 [I-D.ietf-tls-dtls13] 1541 Rescorla, E., Tschofenig, H., and N. Modadugu, "The 1542 Datagram Transport Layer Security (DTLS) Protocol Version 1543 1.3", Work in Progress, Internet-Draft, draft-ietf-tls- 1544 dtls13-43, 30 April 2021, . 1547 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1548 Requirement Levels", BCP 14, RFC 2119, 1549 DOI 10.17487/RFC2119, March 1997, 1550 . 1552 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 1553 384, and HMAC-SHA-512 with IPsec", RFC 4868, 1554 DOI 10.17487/RFC4868, May 2007, 1555 . 1557 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 1558 RFC 6991, DOI 10.17487/RFC6991, July 2013, 1559 . 1561 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 1562 Cryptographic Hash and Message Authentication Code (MAC)", 1563 RFC 7693, DOI 10.17487/RFC7693, November 2015, 1564 . 1566 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 1567 RFC 7950, DOI 10.17487/RFC7950, August 2016, 1568 . 1570 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1571 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1572 May 2017, . 1574 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 1575 Access Control Model", STD 91, RFC 8341, 1576 DOI 10.17487/RFC8341, March 2018, 1577 . 1579 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 1580 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 1581 . 1583 [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for 1584 Routing Management (NMDA Version)", RFC 8349, 1585 DOI 10.17487/RFC8349, March 2018, 1586 . 1588 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 1589 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 1590 . 1592 [RFC8967] Do, C., Kolodziejak, W., and J. Chroboczek, "MAC 1593 Authentication for the Babel Routing Protocol", RFC 8967, 1594 DOI 10.17487/RFC8967, January 2021, 1595 . 1597 [RFC8968] Decimo, A., Schinazi, D., and J. Chroboczek, "Babel 1598 Routing Protocol over Datagram Transport Layer Security", 1599 RFC 8968, DOI 10.17487/RFC8968, January 2021, 1600 . 1602 [RFC9046] Stark, B. and M. Jethanandani, "Babel Information Model", 1603 RFC 9046, DOI 10.17487/RFC9046, June 2021, 1604 . 1606 6.2. Informative References 1608 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 1609 Hashing for Message Authentication", RFC 2104, 1610 DOI 10.17487/RFC2104, February 1997, 1611 . 1613 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1614 the Network Configuration Protocol (NETCONF)", RFC 6020, 1615 DOI 10.17487/RFC6020, October 2010, 1616 . 1618 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1619 and A. Bierman, Ed., "Network Configuration Protocol 1620 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1621 . 1623 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1624 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1625 . 1627 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 1628 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 1629 . 1631 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 1632 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 1633 . 1635 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1636 and R. Wilton, "Network Management Datastore Architecture 1637 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 1638 . 1640 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 1641 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 1642 . 1644 Appendix A. Tree Diagram and Example Configurations 1646 This section is devoted to including a complete tree diagram and 1647 examples that demonstrate how Babel can be configured. 1649 A.1. Complete Tree Diagram 1651 This section includes the complete tree diagram for the Babel YANG 1652 module. 1654 module: ietf-babel 1656 augment /rt:routing/rt:control-plane-protocols 1657 /rt:control-plane-protocol: 1658 +--rw babel! 1659 +--ro version? string 1660 +--rw enable boolean 1661 +--ro router-id? binary 1662 +--ro seqno? uint16 1663 +--rw statistics-enabled? boolean 1664 +--rw constants 1665 | +--rw udp-port? inet:port-number 1666 | +--rw mcast-group? inet:ip-address 1667 +--rw interfaces* [reference] 1668 | +--rw reference if:interface-ref 1669 | +--rw enable? boolean 1670 | +--rw metric-algorithm identityref 1671 | +--rw split-horizon? boolean 1672 | +--ro mcast-hello-seqno? uint16 1673 | +--rw mcast-hello-interval? uint16 1674 | +--rw update-interval? uint16 1675 | +--rw mac-enable? boolean 1676 | +--rw mac-key-sets* -> ../../mac-key-set/name 1677 | +--rw mac-verify? boolean 1678 | +--rw dtls-enable? boolean 1679 | +--rw dtls-certs* -> ../../dtls/name 1680 | +--rw dtls-cached-info? boolean 1681 | +--rw dtls-cert-prefer* -> ../../dtls/certs/type 1682 | +--rw packet-log-enable? boolean 1683 | +--ro packet-log? inet:uri 1684 | +--ro statistics 1685 | | +--ro discontinuity-time yang:date-and-time 1686 | | +--ro sent-mcast-hello? yang:counter32 1687 | | +--ro sent-mcast-update? yang:counter32 1688 | | +--ro sent-ucast-hello? yang:counter32 1689 | | +--ro sent-ucast-update? yang:counter32 1690 | | +--ro sent-ihu? yang:counter32 1691 | | +--ro received-packets? yang:counter32 1692 | | +---x reset 1693 | | +---w input 1694 | | | +---w reset-at? yang:date-and-time 1695 | | +--ro output 1696 | | +--ro reset-finished-at? yang:date-and-time 1697 | +--ro neighbor-objects* [neighbor-address] 1698 | +--ro neighbor-address inet:ip-address 1699 | +--ro hello-mcast-history? string 1700 | +--ro hello-ucast-history? string 1701 | +--ro txcost? int32 1702 | +--ro exp-mcast-hello-seqno? uint16 1703 | +--ro exp-ucast-hello-seqno? uint16 1704 | +--ro ucast-hello-seqno? uint16 1705 | +--ro ucast-hello-interval? uint16 1706 | +--ro rxcost? uint16 1707 | +--ro cost? int32 1708 +--rw mac-key-set* [name] 1709 | +--rw name string 1710 | +--rw default-apply? boolean 1711 | +--rw keys* [name] 1712 | +--rw name string 1713 | +--rw use-send boolean 1714 | +--rw use-verify boolean 1715 | +--rw value binary 1716 | +--rw algorithm identityref 1717 | +---x test 1718 | +---w input 1719 | | +---w test-string binary 1720 | | +---w mac binary 1721 | +--ro output 1722 | +--ro indication boolean 1723 +--rw dtls* [name] 1724 | +--rw name string 1725 | +--rw default-apply boolean 1726 | +--rw certs* [name] 1727 | +--rw name string 1728 | +--rw value string 1729 | +--rw type identityref 1730 | +--rw private-key binary 1731 | +--rw algorithm identityref 1732 +--ro routes* [prefix] 1733 +--ro prefix inet:ip-prefix 1734 +--ro router-id? binary 1735 +--ro neighbor? leafref 1736 +--ro received-metric? uint16 1737 +--ro calculated-metric? uint16 1738 +--ro seqno? uint16 1739 +--ro next-hop? inet:ip-address 1740 +--ro feasible? boolean 1741 +--ro selected? boolean 1743 A.2. Statistics Gathering Enabled 1745 In this example, interface eth0 is being configured for routing 1746 protocol Babel, and statistics gathering is enabled. For security, 1747 HMAC-SHA256 is supported. Every sent Babel packets is signed with 1748 the key value provided, and every received Babel packet is verified 1749 with the same key value. 1751 1752 1754 1755 eth0 1756 ianaift:ethernetCsmacd 1757 true 1758 1759 1760 1762 1763 1764 babel:babel 1767 name:babel 1768 1770 true 1771 true 1772 1773 eth0 1774 two-out-of-three 1775 true 1776 1777 1778 hmac-sha256 1779 1780 hmac-sha256-keys 1781 true 1782 true 1783 base64encodedvalue== 1784 hmac-sha256 1785 1786 1787 1788 1789 1790 1792 A.3. Automatic Detection of Properties 1793 1803 1804 1806 1807 eth0 1808 ianaift:ethernetCsmacd 1809 true 1810 1811 1812 wlan0 1813 ianaift:ieee80211 1814 true 1815 1816 1817 1819 1820 1821 babel:babel 1824 name:babel 1825 1827 true 1828 1829 eth0 1830 true 1831 two-out-of-three 1832 true 1833 1834 1835 wlan0 1836 true 1837 etx 1838 false 1839 1840 1842 1843 1844 1846 A.4. Override Default Properties 1848 1866 1867 1869 1870 eth0 1871 ianaift:ethernetCsmacd 1872 true 1873 1874 1875 eth1 1876 ianaift:ethernetCsmacd 1877 true 1878 1879 1880 tun0 1881 ianaift:tunnel 1882 true 1883 1884 1885 1887 1888 1889 babel:babel 1892 name:babel 1893 1895 true 1896 1897 eth0 1898 true 1899 two-out-of-three 1900 true 1901 1902 1903 eth1 1904 true 1905 etx 1906 false 1907 1908 1909 tun0 1910 true 1911 two-out-of-three 1912 true 1913 1914 1915 1916 1917 1919 A.5. Configuring other Properties 1921 1931 1932 1934 1935 eth0 1936 ianaift:ethernetCsmacd 1937 true 1939 1940 1941 ppp0 1942 ianaift:ppp 1943 true 1944 1945 1946 1948 1949 1950 babel:babel 1953 name:babel 1954 1956 true 1957 1958 eth0 1959 true 1960 two-out-of-three 1961 true 1962 1963 1964 ppp0 1965 true 1966 30 1967 120 1968 two-out-of-three 1969 1970 1971 1972 1973 1975 Authors' Addresses 1977 Mahesh Jethanandani 1978 Kloud Services 1979 California 1980 United States of America 1982 Email: mjethanandani@gmail.com 1983 Barbara Stark 1984 AT&T 1985 Atlanta, GA 1986 United States of America 1988 Email: barbara.stark@att.com