idnits 2.17.00 (12 Aug 2021) /tmp/idnits31762/draft-ietf-babel-information-model-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 2 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 317 has weird spacing: '...set-obj rw b...' == Line 390 has weird spacing: '...address rw b...' == Line 421 has weird spacing: '...ats-obj ro b...' == Line 422 has weird spacing: '...bor-obj ro b...' == Line 531 has weird spacing: '... uint ro b...' == (11 more instances...) == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (11 March 2021) is 429 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0-9a-fA-F' is mentioned on line 590, but not defined Summary: 0 errors (**), 0 flaws (~~), 10 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Babel routing protocol B.H. Stark 3 Internet-Draft AT&T 4 Intended status: Informational M.J. Jethanandani 5 Expires: 12 September 2021 VMware 6 11 March 2021 8 Babel Information Model 9 draft-ietf-babel-information-model-14 11 Abstract 13 This Babel Information Model provides structured data elements for a 14 Babel implementation reporting its current state and may allow 15 limited configuration of some such data elements. This information 16 model can be used as a basis for creating data models under various 17 data modeling regimes. This information model only includes 18 parameters and parameter values useful for managing Babel over IPv6. 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on 12 September 2021. 37 Copyright Notice 39 Copyright (c) 2021 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 44 license-info) in effect on the date of publication of this document. 45 Please review these documents carefully, as they describe your rights 46 and restrictions with respect to this document. Code Components 47 extracted from this document must include Simplified BSD License text 48 as described in Section 4.e of the Trust Legal Provisions and are 49 provided without warranty as described in the Simplified BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 56 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 58 3.1. Definition of babel-information-obj . . . . . . . . . . . 7 59 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 9 60 3.3. Definition of babel-interface-obj . . . . . . . . . . . . 9 61 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 12 62 3.5. Definition of babel-neighbor-obj . . . . . . . . . . . . 13 63 3.6. Definition of babel-route-obj . . . . . . . . . . . . . . 14 64 3.7. Definition of babel-mac-key-set-obj . . . . . . . . . . . 16 65 3.8. Definition of babel-mac-key-obj . . . . . . . . . . . . . 16 66 3.9. Definition of babel-dtls-cert-set-obj . . . . . . . . . . 18 67 3.10. Definition of babel-dtls-cert-obj . . . . . . . . . . . . 18 68 4. Extending the Information Model . . . . . . . . . . . . . . . 19 69 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 71 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 73 8.1. Normative References . . . . . . . . . . . . . . . . . . 21 74 8.2. Informative References . . . . . . . . . . . . . . . . . 22 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 77 1. Introduction 79 Babel is a loop-avoiding distance-vector routing protocol defined in 80 [RFC8966]. [RFC8967] defines a security mechanism that allows Babel 81 packets to be cryptographically authenticated, and [RFC8968] defines 82 a security mechanism that allows Babel packets to be both 83 authenticated and encrypted. This document describes an information 84 model for Babel (including implementations using one or both of these 85 security mechanisms) that can be used to create management protocol 86 data models (such as a NETCONF [RFC6241] YANG [RFC7950] data model). 88 Due to the simplicity of the Babel protocol, most of the information 89 model is focused on reporting Babel protocol operational state, and 90 very little of that is considered mandatory to implement for an 91 implementation claiming compliance with this information model. Some 92 parameters may be configurable. However, it is up to the Babel 93 implementation whether to allow any of these to be configured within 94 its implementation. Where the implementation does not allow 95 configuration of these parameters, it MAY still choose to expose them 96 as read-only. 98 The Information Model is presented using a hierarchical structure. 99 This does not preclude a data model based on this Information Model 100 from using a referential or other structure. 102 This information model only includes parameters and parameter values 103 useful for managing Babel over IPv6. This model has no parameters or 104 values specific to operating Babel over IPv4, even though [RFC8966] 105 does define a multicast group for sending and listening to multicast 106 announcements on IPv4. There is less likelihood of breakage due to 107 inconsistent configuration and increased implementation simplicity if 108 Babel is operated always and only over IPv6. Running Babel over IPv6 109 requires IPv6 at the link layer and does not need advertised 110 prefixes, router advertisements or DHCPv6 to be present in the 111 network. Link-local IPv6 is widely supported among devices where 112 Babel is expected to be used. Note that Babel over IPv6 can be used 113 for configuration of both IPv4 and IPv6 routes. 115 1.1. Requirements Language 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described in 120 BCP014 [RFC2119] [RFC8174] when, and only when, they appear in all 121 capitals, as shown here. 123 1.2. Notation 125 This document uses a programming language-like notation to define the 126 properties of the objects of the information model. An optional 127 property is enclosed by square brackets, [ ], and a list property is 128 indicated by two numbers in angle brackets, , where m indicates 129 the minimal number of list elements, and n indicates the maximum 130 number of list elements. The symbol * for n means there are no 131 defined limits on the number of list elements. Each parameter and 132 object includes an indication of "ro" or "rw". "ro" means the 133 parameter or object is read-only. "rw" means it is read-write. For 134 an object, read-write means instances of the object can be created or 135 deleted. If an implementation is allowed to choose to implement a 136 "rw" parameter as read-only, this is noted in the parameter 137 description. 139 The object definitions use base types that are defined as follows: 141 binary A binary string (sequence of octets). 143 boolean A type representing a Boolean (true or false) value. 145 datetime A type representing a date and time using the Gregorian 146 calendar. The datetime format MUST conform to RFC 3339 147 [RFC3339] Section 5.6. 149 ip-address A type representing an IP address. This type supports 150 both IPv4 and IPv6 addresses. 152 operation A type representing a remote procedure call or other 153 action that can be used to manipulate data elements or 154 system behaviors. 156 reference A type representing a reference to another information or 157 data model element or to some other device resource. 159 string A type representing a human-readable string consisting of 160 a (possibly restricted) subset of Unicode and ISO/IEC 161 10646 [ISO.10646] characters. 163 uint A type representing an unsigned integer number. This 164 information model does not define a precision. 166 2. Overview 168 The Information Model is hierarchically structured as follows: 170 +-- babel-information 171 +-- babel-implementation-version 172 +-- babel-enable 173 +-- router-id 174 +-- self-seqno 175 +-- babel-metric-comp-algorithms 176 +-- babel-security-supported 177 +-- babel-mac-algorithms 178 +-- babel-dtls-cert-types 179 +-- babel-stats-enable 180 +-- babel-stats-reset 181 +-- babel-constants 182 | +-- babel-udp-port 183 | +-- babel-mcast-group 184 +-- babel-interfaces 185 | +-- babel-interface-reference 186 | +-- babel-interface-enable 187 | +-- babel-interface-metric-algorithm 188 | +-- babel-interface-split-horizon 189 | +-- babel-mcast-hello-seqno 190 | +-- babel-mcast-hello-interval 191 | +-- babel-update-interval 192 | +-- babel-mac-enable 193 | +-- babel-if-mac-key-sets 194 | +-- babel-mac-verify 195 | +-- babel-dtls-enable 196 | +-- babel-if-dtls-cert-sets 197 | +-- babel-dtls-cached-info 198 | +-- babel-dtls-cert-prefer 199 | +-- babel-packet-log-enable 200 | +-- babel-packet-log 201 | +-- babel-if-stats 202 | | +-- babel-sent-mcast-hello 203 | | +-- babel-sent-mcast-update 204 | | +-- babel-sent-ucast-hello 205 | | +-- babel-sent-ucast-update 206 | | +-- babel-sent-IHU 207 | | +-- babel-received-packets 208 | +-- babel-neighbors 209 | +-- babel-neighbor-address 210 | +-- babel-hello-mcast-history 211 | +-- babel-hello-ucast-history 212 | +-- babel-txcost 213 | +-- babel-exp-mcast-hello-seqno 214 | +-- babel-exp-ucast-hello-seqno 215 | +-- babel-ucast-hello-seqno 216 | +-- babel-ucast-hello-interval 217 | +-- babel-rxcost 218 | +-- babel-cost 219 +-- babel-routes 220 | +-- babel-route-prefix 221 | +-- babel-route-prefix-length 222 | +-- babel-route-router-id 223 | +-- babel-route-neighbor 224 | +-- babel-route-received-metric 225 | +-- babel-route-calculated-metric 226 | +-- babel-route-seqno 227 | +-- babel-route-next-hop 228 | +-- babel-route-feasible 229 | +-- babel-route-selected 230 +-- babel-mac-key-sets 231 | +-- babel-mac-default-apply 232 | +-- babel-mac-keys 233 | +-- babel-mac-key-name 234 | +-- babel-mac-key-use-send 235 | +-- babel-mac-key-use-verify 236 | +-- babel-mac-key-value 237 | +-- babel-mac-key-algorithm 238 | +-- babel-mac-key-test 239 +-- babel-dtls-cert-sets 240 +-- babel-dtls-default-apply 241 +-- babel-dtls-certs 242 +-- babel-cert-name 243 +-- babel-cert-value 244 +-- babel-cert-type 245 +-- babel-cert-private-key 247 Most parameters are read-only. Following is a descriptive list of 248 the parameters that are not required to be read-only: 250 * enable/disable Babel 252 * create/delete Babel MAC Key sets 254 * create/delete Babel Certificate sets 256 * enable/disable statistics collection 258 * Constant: UDP port 260 * Constant: IPv6 multicast group 262 * Interface: enable/disable Babel on this interface 264 * Interface: Metric algorithm 266 * Interface: Split horizon 268 * Interface: sets of MAC keys 270 * Interface: verify received MAC packets 272 * Interface: set of certificates for use with DTLS 274 * Interface: use cached info extensions 276 * Interface: preferred order of certificate types 278 * Interface: enable/disable packet log 279 * MAC-keys: create/delete entries 281 * MAC-keys: key used for sent packets 283 * MAC-keys: key used to verify packets 285 * DTLS-certs: create/delete entries 287 The following parameters are required to return no value when read: 289 * MAC key values 291 * DTLS private keys 293 Note that this overview is intended simply to be informative and is 294 not normative. If there is any discrepancy between this overview and 295 the detailed information model definitions in subsequent sections, 296 the error is in this overview. 298 3. The Information Model 300 3.1. Definition of babel-information-obj 302 object { 303 string ro babel-implementation-version; 304 boolean rw babel-enable; 305 binary ro babel-self-router-id; 306 [uint ro babel-self-seqno;] 307 string ro babel-metric-comp-algorithms<1..*>; 308 string ro babel-security-supported<0..*>; 309 [string ro babel-mac-algorithms<1..*>;] 310 [string ro babel-dtls-cert-types<1..*>;] 311 [boolean rw babel-stats-enable;] 312 [operation babel-stats-reset;] 313 babel-constants-obj ro babel-constants; 314 babel-interface-obj ro babel-interfaces<0..*>; 315 babel-route-obj ro babel-routes<0..*>; 316 [babel-mac-key-set-obj rw babel-mac-key-sets<0..*>;] 317 [babel-dtls-cert-set-obj rw babel-dtls-cert-sets<0..*>;] 318 } babel-information-obj; 320 babel-implementation-version: The name and version of this 321 implementation of the Babel protocol. 323 babel-enable: When written, it configures whether the protocol 324 should be enabled (true) or disabled (false). A read from the 325 running or intended datastore indicates the configured 326 administrative value of whether the protocol is enabled (true) or 327 not (false). A read from the operational datastore indicates 328 whether the protocol is actually running (true) or not (i.e., it 329 indicates the operational state of the protocol). A data model 330 that does not replicate parameters for running and operational 331 datastores can implement this as two separate parameters. An 332 implementation MAY choose to expose this parameter as read-only 333 ("ro"). 335 babel-self-router-id: The router-id used by this instance of the 336 Babel protocol to identify itself. [RFC8966] describes this as an 337 arbitrary string of 8 octets. 339 babel-self-seqno: The current sequence number included in route 340 updates for routes originated by this node. This is a 16-bit 341 unsigned integer. 343 babel-metric-comp-algorithms: List of supported cost computation 344 algorithms. Possible values include "2-out-of-3", and "ETX". "2- 345 out-of-3" is described in [RFC8966], section A.2.1. "ETX" is 346 described in [RFC8966], section A.2.2. 348 babel-security-supported: List of supported security mechanisms. 349 Possible values include "MAC" to indicate support of [RFC8967] and 350 "DTLS" to indicate support of [RFC8968]. 352 babel-mac-algorithms: List of supported MAC computation algorithms. 353 Possible values include "HMAC-SHA256", "BLAKE2s-128" to indicate 354 support for algorithms indicated in [RFC8967]. 356 babel-dtls-cert-types: List of supported certificate types. 357 Possible values include "X.509" and "RawPublicKey" to indicate 358 support for types indicated in [RFC8968]. 360 babel-stats-enable: Indicates whether statistics collection is 361 enabled (true) or disabled (false) on all interfaces. When 362 enabled, existing statistics values are not cleared and will be 363 incremented as new packets are counted. 365 babel-stats-reset: An operation that resets all babel-if-stats 366 parameters to zero. This operation has no input or output 367 parameters. 369 babel-constants: A babel-constants-obj object. 371 babel-interfaces: A set of babel-interface-obj objects. 373 babel-routes: A set of babel-route-obj objects. Contains the routes 374 known to this node. 376 babel-mac-key-sets: A set of babel-mac-key-set-obj objects. If this 377 object is implemented, it provides access to parameters related to 378 the MAC security mechanism. An implementation MAY choose to 379 expose this object as read-only ("ro"). 381 babel-dtls-cert-sets: A set of babel-dtls-cert-set-obj objects. If 382 this object is implemented, it provides access to parameters 383 related to the DTLS security mechanism. An implementation MAY 384 choose to expose this object as read-only ("ro"). 386 3.2. Definition of babel-constants-obj 388 object { 389 uint rw babel-udp-port; 390 [ip-address rw babel-mcast-group;] 391 } babel-constants-obj; 393 babel-udp-port: UDP port for sending and listening for Babel 394 packets. Default is 6696. An implementation MAY choose to expose 395 this parameter as read-only ("ro"). This is a 16-bit unsigned 396 integer. 398 babel-mcast-group: Multicast group for sending and listening to 399 multicast announcements on IPv6. Default is ff02::1:6. An 400 implementation MAY choose to expose this parameter as read-only 401 ("ro"). 403 3.3. Definition of babel-interface-obj 404 object { 405 reference ro babel-interface-reference; 406 [boolean rw babel-interface-enable;] 407 string rw babel-interface-metric-algorithm; 408 [boolean rw babel-interface-split-horizon;] 409 [uint ro babel-mcast-hello-seqno;] 410 [uint ro babel-mcast-hello-interval;] 411 [uint ro babel-update-interval;] 412 [boolean rw babel-mac-enable;] 413 [reference rw babel-if-mac-key-sets<0..*>;] 414 [boolean rw babel-mac-verify;] 415 [boolean rw babel-dtls-enable;] 416 [reference rw babel-if-dtls-cert-sets<0..*>;] 417 [boolean rw babel-dtls-cached-info;] 418 [string rw babel-dtls-cert-prefer<0..*>;] 419 [boolean rw babel-packet-log-enable;] 420 [reference ro babel-packet-log;] 421 [babel-if-stats-obj ro babel-if-stats;] 422 babel-neighbor-obj ro babel-neighbors<0..*>; 423 } babel-interface-obj; 425 babel-interface-reference: Reference to an interface object that can 426 be used to send and receive IPv6 packets, as defined by the data 427 model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax 428 will be specific to the data model. If there is no set of 429 interface objects available, this should be a string that 430 indicates the interface name used by the underlying operating 431 system. 433 babel-interface-enable: When written, it configures whether the 434 protocol should be enabled (true) or disabled (false) on this 435 interface. A read from the running or intended datastore 436 indicates the configured administrative value of whether the 437 protocol is enabled (true) or not (false). A read from the 438 operational datastore indicates whether the protocol is actually 439 running (true) or not (i.e., it indicates the operational state of 440 the protocol). A data model that does not replicate parameters 441 for running and operational datastores can implement this as two 442 separate parameters. An implementation MAY choose to expose this 443 parameter as read-only ("ro"). 445 babel-interface-metric-algorithm: Indicates the metric computation 446 algorithm used on this interface. The value MUST be one of those 447 listed in the babel-information-obj babel-metric-comp-algorithms 448 parameter. An implementation MAY choose to expose this parameter 449 as read-only ("ro"). 451 babel-interface-split-horizon: Indicates whether or not the split 452 horizon optimization is used when calculating metrics on this 453 interface. A value of true indicates split horizon optimization 454 is used. Split horizon optimization is described in [RFC8966], 455 section 3.7.4. An implementation MAY choose to expose this 456 parameter as read-only ("ro"). 458 babel-mcast-hello-seqno: The current sequence number in use for 459 multicast Hellos sent on this interface. This is a 16-bit 460 unsigned integer. 462 babel-mcast-hello-interval: The current interval in use for 463 multicast Hellos sent on this interface. Units are centiseconds. 464 This is a 16-bit unsigned integer. 466 babel-update-interval: The current interval in use for all updates 467 (multicast and unicast) sent on this interface. Units are 468 centiseconds. This is a 16-bit unsigned integer. 470 babel-mac-enable: Indicates whether the MAC security mechanism is 471 enabled (true) or disabled (false). An implementation MAY choose 472 to expose this parameter as read-only ("ro"). 474 babel-if-mac-keys-sets: List of references to the babel-mac entries 475 that apply to this interface. When an interface instance is 476 created, all babel-mac-key-sets instances with babel-mac-default- 477 apply "true" will be included in this list. An implementation MAY 478 choose to expose this parameter as read-only ("ro"). 480 babel-mac-verify A Boolean flag indicating whether MACs in incoming 481 Babel packets are required to be present and are verified. If 482 this parameter is "true", incoming packets are required to have a 483 valid MAC. An implementation MAY choose to expose this parameter 484 as read-only ("ro"). 486 babel-dtls-enable: Indicates whether the DTLS security mechanism is 487 enabled (true) or disabled (false). An implementation MAY choose 488 to expose this parameter as read-only ("ro"). 490 babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- 491 sets entries that apply to this interface. When an interface 492 instance is created, all babel-dtls-cert-sets instances with 493 babel-dtls-default-apply "true" will be included in this list. An 494 implementation MAY choose to expose this parameter as read-only 495 ("ro"). 497 babel-dtls-cached-info: Indicates whether the cached_info extension 498 (see [RFC8968] Appendix A) is included in ClientHello and 499 ServerHello packets. The extension is included if the value is 500 "true". An implementation MAY choose to expose this parameter as 501 read-only ("ro"). 503 babel-dtls-cert-prefer: List of supported certificate types, in 504 order of preference. The values MUST be among those listed in the 505 babel-dtls-cert-types parameter. This list is used to populate 506 the server_certificate_type extension (see [RFC8968] Appendix A) 507 in a Client Hello. Values that are present in at least one 508 instance in the babel-dtls-certs object of a referenced babel-dtls 509 instance and that have a non-empty babel-cert-private-key will be 510 used to populate the client_certificate_type extension in a Client 511 Hello. 513 babel-packet-log-enable: Indicates whether packet logging is enabled 514 (true) or disabled (false) on this interface. 516 babel-packet-log: A reference or url link to a file that contains a 517 timestamped log of packets received and sent on babel-udp-port on 518 this interface. The [libpcap] file format with .pcap file 519 extension SHOULD be supported for packet log files. Logging is 520 enabled / disabled by babel-packet-log-enable. Implementations 521 will need to carefully manage and limit memory used by packet 522 logs. 524 babel-if-stats: Statistics collection object for this interface. 526 babel-neighbors: A set of babel-neighbor-obj objects. 528 3.4. Definition of babel-if-stats-obj 530 object { 531 uint ro babel-sent-mcast-hello; 532 uint ro babel-sent-mcast-update; 533 uint ro babel-sent-ucast-hello; 534 uint ro babel-sent-ucast-update; 535 uint ro babel-sent-IHU; 536 uint ro babel-received-packets; 537 } babel-if-stats-obj; 539 babel-sent-mcast-hello: A count of the number of multicast Hello 540 packets sent on this interface. 542 babel-sent-mcast-update: A count of the number of multicast update 543 packets sent on this interface. 545 babel-sent-ucast-hello: A count of the number of unicast Hello 546 packets sent on this interface. 548 babel-sent-ucast-update: A count of the number of unicast update 549 packets sent on this interface. 551 babel-sent-IHU: A count of the number of IHU packets sent on this 552 interface. 554 babel-received-packets: A count of the number of Babel packets 555 received on this interface. 557 3.5. Definition of babel-neighbor-obj 559 object { 560 ip-address ro babel-neighbor-address; 561 [binary ro babel-hello-mcast-history;] 562 [binary ro babel-hello-ucast-history;] 563 uint ro babel-txcost; 564 uint ro babel-exp-mcast-hello-seqno; 565 uint ro babel-exp-ucast-hello-seqno; 566 [uint ro babel-ucast-hello-seqno;] 567 [uint ro babel-ucast-hello-interval;] 568 [uint ro babel-rxcost;] 569 [uint ro babel-cost;] 570 } babel-neighbor-obj; 572 babel-neighbor-address: IPv4 or IPv6 address the neighbor sends 573 packets from. 575 babel-hello-mcast-history: The multicast Hello history of whether or 576 not the multicast Hello packets prior to babel-exp-mcast-hello- 577 seqno were received. A binary sequence where the most recently 578 received Hello is expressed as a "1" placed in the left-most bit, 579 with prior bits shifted right (and "0" bits placed between prior 580 Hello bits and most recent Hello for any not-received Hellos). 581 This value should be displayed using hex digits ([0-9a-fA-F]). 582 See [RFC8966], section A.1. 584 babel-hello-ucast-history: The unicast Hello history of whether or 585 not the unicast Hello packets prior to babel-exp-ucast-hello-seqno 586 were received. A binary sequence where the most recently received 587 Hello is expressed as a "1" placed in the left-most bit, with 588 prior bits shifted right (and "0" bits placed between prior Hello 589 bits and most recent Hello for any not-received Hellos). This 590 value should be displayed using hex digits ([0-9a-fA-F]). See 591 [RFC8966], section A.1. 593 babel-txcost: Transmission cost value from the last IHU packet 594 received from this neighbor, or maximum value to indicate the IHU 595 hold timer for this neighbor has expired. See [RFC8966], section 596 3.4.2. This is a 16-bit unsigned integer. 598 babel-exp-mcast-hello-seqno: Expected multicast Hello sequence 599 number of next Hello to be received from this neighbor. If 600 multicast Hello packets are not expected, or processing of 601 multicast packets is not enabled, this MUST be NULL. This is a 602 16-bit unsigned integer; if the data model uses zero (0) to 603 represent NULL values for unsigned integers, the data model MAY 604 use a different data type that allows differentiation between zero 605 (0) and NULL. 607 babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number 608 of next Hello to be received from this neighbor. If unicast Hello 609 packets are not expected, or processing of unicast packets is not 610 enabled, this MUST be NULL. This is a 16-bit unsigned integer; if 611 the data model uses zero (0) to represent NULL values for unsigned 612 integers, the data model MAY use a different data type that allows 613 differentiation between zero (0) and NULL. 615 babel-ucast-hello-seqno: The current sequence number in use for 616 unicast Hellos sent to this neighbor. If unicast Hellos are not 617 being sent, this MUST be NULL. This is a 16-bit unsigned integer; 618 if the data model uses zero (0) to represent NULL values for 619 unsigned integers, the data model MAY use a different data type 620 that allows differentiation between zero (0) and NULL. 622 babel-ucast-hello-interval: The current interval in use for unicast 623 Hellos sent to this neighbor. Units are centiseconds. This is a 624 16-bit unsigned integer. 626 babel-rxcost: Reception cost calculated for this neighbor. This 627 value is usually derived from the Hello history, which may be 628 combined with other data, such as statistics maintained by the 629 link layer. The rxcost is sent to a neighbor in each IHU. See 630 [RFC8966], section 3.4.3. This is a 16-bit unsigned integer. 632 babel-cost: The link cost, as computed from the values maintained in 633 the neighbor table: the statistics kept in the neighbor table 634 about the reception of Hellos, and the txcost computed from 635 received IHU packets. This is a 16-bit unsigned integer. 637 3.6. Definition of babel-route-obj 638 object { 639 ip-address ro babel-route-prefix; 640 uint ro babel-route-prefix-length; 641 binary ro babel-route-router-id; 642 reference ro babel-route-neighbor; 643 uint ro babel-route-received-metric; 644 uint ro babel-route-calculated-metric; 645 uint ro babel-route-seqno; 646 ip-address ro babel-route-next-hop; 647 boolean ro babel-route-feasible; 648 boolean ro babel-route-selected; 649 } babel-route-obj; 651 babel-route-prefix: Prefix (expressed in IP address format) for 652 which this route is advertised. 654 babel-route-prefix-length: Length of the prefix for which this route 655 is advertised. 657 babel-route-router-id: The router-id of the router that originated 658 this route. 660 babel-route-neighbor: Reference to the babel-neighbors entry for the 661 neighbor that advertised this route. 663 babel-route-received-metric: The metric with which this route was 664 advertised by the neighbor, or maximum value to indicate the route 665 was recently retracted and is temporarily unreachable (see 666 Section 3.5.5 of [RFC8966]). This metric will be NULL if the 667 route was not received from a neighbor but was generated through 668 other means. At least one of babel-route-calculated-metric and 669 babel-route-received-metric MUST be non-NULL. Having both be non- 670 NULL is expected for a route that is received and subsequently 671 advertised. This is a 16-bit unsigned integer; if the data model 672 uses zero (0) to represent NULL values for unsigned integers, the 673 data model MAY use a different data type that allows 674 differentiation between zero (0) and NULL. 676 babel-route-calculated-metric: A calculated metric for this route. 678 How the metric is calculated is implementation-specific. Maximum 679 value indicates the route was recently retracted and is 680 temporarily unreachable (see Section 3.5.5 of [RFC8966]). At 681 least one of babel-route-calculated-metric and babel-route- 682 received-metric MUST be non-NULL. Having both be non-NULL is 683 expected for a route that is received and subsequently advertised. 684 This is a 16-bit unsigned integer; if the data model uses zero (0) 685 to represent NULL values for unsigned integers, the data model MAY 686 use a different data type that allows differentiation between zero 687 (0) and NULL. 689 babel-route-seqno: The sequence number with which this route was 690 advertised. This is a 16-bit unsigned integer. 692 babel-route-next-hop: The next-hop address of this route. This will 693 be empty if this route has no next-hop address. 695 babel-route-feasible: A Boolean flag indicating whether this route 696 is feasible, as defined in Section 3.5.1 of [RFC8966]). 698 babel-route-selected: A Boolean flag indicating whether this route 699 is selected (i.e., whether it is currently being used for 700 forwarding and is being advertised). 702 3.7. Definition of babel-mac-key-set-obj 704 object { 705 boolean rw babel-mac-default-apply; 706 babel-mac-key-obj rw babel-mac-keys<0..*>; 707 } babel-mac-key-set-obj; 709 babel-mac-default-apply: A Boolean flag indicating whether this 710 object instance is applied to all new babel-interface instances, 711 by default. If "true", this instance is applied to new babel- 712 interfaces instances at the time they are created, by including it 713 in the babel-if-mac-key-sets list. If "false", this instance is 714 not applied to new babel-interfaces instances when they are 715 created. An implementation MAY choose to expose this parameter as 716 read-only ("ro"). 718 babel-mac-keys: A set of babel-mac-key-obj objects. 720 3.8. Definition of babel-mac-key-obj 721 object { 722 string rw babel-mac-key-name; 723 boolean rw babel-mac-key-use-send; 724 boolean rw babel-mac-key-use-verify; 725 binary -- babel-mac-key-value; 726 string rw babel-mac-key-algorithm; 727 [operation babel-mac-key-test;] 728 } babel-mac-key-obj; 730 babel-mac-key-name: A unique name for this MAC key that can be used 731 to identify the key in this object instance, since the key value 732 is not allowed to be read. This value MUST NOT be empty and can 733 only be provided when this instance is created (i.e., it is not 734 subsequently writable). The value MAY be auto-generated if not 735 explicitly supplied when the instance is created. 737 babel-mac-key-use-send: Indicates whether this key value is used to 738 compute a MAC and include that MAC in the sent Babel packet. A 739 MAC for sent packets is computed using this key if the value is 740 "true". If the value is "false", this key is not used to compute 741 a MAC to include in sent Babel packets. An implementation MAY 742 choose to expose this parameter as read-only ("ro"). 744 babel-mac-key-use-verify: Indicates whether this key value is used 745 to verify incoming Babel packets. This key is used to verify 746 incoming packets if the value is "true". If the value is "false", 747 no MAC is computed from this key for comparing with the MAC in an 748 incoming packet. An implementation MAY choose to expose this 749 parameter as read-only ("ro"). 751 babel-mac-key-value: The value of the MAC key. An implementation 752 MUST NOT allow this parameter to be read. This can be done by 753 always providing an empty string when read, or through 754 permissions, or other means. This value MUST be provided when 755 this instance is created, and is not subsequently writable. This 756 value is of a length suitable for the associated babel-mac-key- 757 algorithm. If the algorithm is based on the HMAC construction 758 [RFC2104], the length MUST be between 0 and an upper limit that is 759 at least the size of the output length (where "HMAC-SHA256" output 760 length is 32 octets as described in [RFC4868]). Longer lengths 761 MAY be supported but are not necessary if the management system 762 has the ability to generate a suitably random value (e.g., by 763 randomly generating a value or by using a key derivation technique 764 as recommended in [RFC8967] Security Considerations). If the 765 algorithm is "BLAKE2s-128", the length MUST be between 0 and 32 766 bytes inclusive as specified by [RFC7693]. 768 babel-mac-key-algorithm The name of the MAC algorithm used with this 769 key. The value MUST be the same as one of the enumerations listed 770 in the babel-mac-algorithms parameter. An implementation MAY 771 choose to expose this parameter as read-only ("ro"). 773 babel-mac-key-test: An operation that allows the MAC key and MAC 774 algorithm to be tested to see if they produce an expected outcome. 775 Input to this operation are a binary string and a calculated MAC 776 (also in the format of a binary string) for the binary string. 777 The implementation is expected to create a MAC over the binary 778 string using the babel-mac-key-value and the babel-mac-key- 779 algorithm. The output of this operation is a Boolean indication 780 that the calculated MAC matched the input MAC (true) or the MACs 781 did not match (false). 783 3.9. Definition of babel-dtls-cert-set-obj 785 object { 786 boolean rw babel-dtls-default-apply; 787 babel-dtls-cert-obj rw babel-dtls-certs<0..*>; 788 } babel-dtls-cert-set-obj; 790 babel-dtls-default-apply: A Boolean flag indicating whether this 791 object instance is applied to all new babel-interface instances, 792 by default. If "true", this instance is applied to new babel- 793 interfaces instances at the time they are created, by including it 794 in the babel-interface-dtls-certs list. If "false", this instance 795 is not applied to new babel-interfaces instances when they are 796 created. An implementation MAY choose to expose this parameter as 797 read-only ("ro"). 799 babel-dtls-certs: A set of babel-dtls-cert-obj objects. This 800 contains both certificates for this implementation to present for 801 authentication, and to accept from others. Certificates with a 802 non-empty babel-cert-private-key can be presented by this 803 implementation for authentication. 805 3.10. Definition of babel-dtls-cert-obj 807 object { 808 string rw babel-cert-name; 809 string rw babel-cert-value; 810 string rw babel-cert-type; 811 binary -- babel-cert-private-key; 812 } babel-dtls-cert-obj; 814 babel-cert-name: A unique name for this certificate that can be used 815 to identify the certificate in this object instance, since the 816 value is too long to be useful for identification. This value 817 MUST NOT be empty and can only be provided when this instance is 818 created (i.e., it is not subsequently writable). The value MAY be 819 auto-generated if not explicitly supplied when the instance is 820 created. 822 babel-cert-value: The certificate in PEM format [RFC7468]. This 823 value MUST be provided when this instance is created, and is not 824 subsequently writable. 826 babel-cert-type: The name of the certificate type of this object 827 instance. The value MUST be the same as one of the enumerations 828 listed in the babel-dtls-cert-types parameter. This value can 829 only be provided when this instance is created, and is not 830 subsequently writable. 832 babel-cert-private-key: The value of the private key. If this is 833 non-empty, this certificate can be used by this implementation to 834 provide a certificate during DTLS handshaking. An implementation 835 MUST NOT allow this parameter to be read. This can be done by 836 always providing an empty string when read, or through 837 permissions, or other means. This value can only be provided when 838 this instance is created, and is not subsequently writable. 840 4. Extending the Information Model 842 Implementations MAY extend this information model with other 843 parameters or objects. For example, an implementation MAY choose to 844 expose Babel route filtering rules by adding a route filtering object 845 with parameters appropriate to how route filtering is done in that 846 implementation. The precise means used to extend the information 847 model would be specific to the data model the implementation uses to 848 expose this information. 850 5. Security Considerations 852 This document defines a set of information model objects and 853 parameters that may be exposed to be visible from other devices, and 854 some of which may be configured. Securing access to and ensuring the 855 integrity of this data is in scope of and the responsibility of any 856 data model derived from this information model. Specifically, any 857 YANG [RFC7950] data model is expected to define security exposure of 858 the various parameters, and a [TR-181] data model will be secured by 859 the mechanisms defined for the management protocol used to transport 860 it. 862 Misconfiguration (whether unintentional or malicious) can prevent 863 reachability or cause poor network performance (increased latency, 864 jitter, etc.). Misconfiguration of security credentials can cause a 865 denial of service condition for the Babel routing protocol. The 866 information in this model discloses network topology, which can be 867 used to mount subsequent attacks on traffic traversing the network. 869 This information model defines objects that can allow credentials 870 (for this device, for trusted devices, and for trusted certificate 871 authorities) to be added and deleted. Public keys may be exposed 872 through this model. This model requires that private keys and MAC 873 keys never be exposed. Certificates used by [RFC8968] 874 implementations use separate parameters to model the public parts 875 (including the public key) and the private key. 877 MAC keys are allowed to be as short as zero-length. This is useful 878 for testing. Network operators are RECOMMENDED to follow current 879 best practices for key length and generation of keys related to the 880 MAC algorithm associated with the key. Short (and zero-length) keys 881 are highly susceptible to brute force attacks and therefore SHOULD 882 NOT be used. See the Security Considerations section of [RFC8967] 883 for additional considerations related to MAC keys. The fifth 884 paragraph of [RFC8967] Security Considerations makes some specific 885 key value recommendations that should be noted. It says that if it 886 is necessary to derive keys from a human-readable passphrase, "only 887 the derived keys should be communicated to the routers" and "the 888 original passphrase itself should be kept on the host used to perform 889 the key generation" (which would be the management system in the case 890 of a remote management protocol). It also recommends that keys 891 "should have a length of 32 octets (both for HMAC-SHA256 and 892 BLAKE2s), and be chosen randomly". 894 This information model uses key sets and certification sets to 895 provide a means of grouping keys and certificates. This makes it 896 easy to use a different set per interface, the same set for one or 897 more interfaces, have a default set in case a new interface is 898 instantiated and to change keys and certificates as needed. 900 6. IANA Considerations 902 This document has no IANA actions. 904 7. Acknowledgements 906 Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Antonin 907 Decimo, Acee Lindem, and Carsten Bormann have been very helpful in 908 refining this information model. 910 The language in the Notation section was mostly taken from [RFC8193]. 912 8. References 914 8.1. Normative References 916 [ISO.10646] 917 International Organization for Standardization, 918 "Information Technology - Universal Multiple-Octet Coded 919 Character Set (UCS)", ISO Standard 10646:2014, 2014. 921 [libpcap] Wireshark, "Libpcap File Format", 2015, 922 . 925 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- 926 Hashing for Message Authentication", RFC 2104, 927 DOI 10.17487/RFC2104, February 1997, 928 . 930 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 931 Requirement Levels", BCP 14, RFC 2119, 932 DOI 10.17487/RFC2119, March 1997, 933 . 935 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 936 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 937 . 939 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 940 384, and HMAC-SHA-512 with IPsec", RFC 4868, 941 DOI 10.17487/RFC4868, May 2007, 942 . 944 [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, 945 PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, 946 April 2015, . 948 [RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2 949 Cryptographic Hash and Message Authentication Code (MAC)", 950 RFC 7693, DOI 10.17487/RFC7693, November 2015, 951 . 953 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 954 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 955 May 2017, . 957 [RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing 958 Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021, 959 . 961 [RFC8967] Dô, C., Kolodziejak, W., and J. Chroboczek, "MAC 962 Authentication for the Babel Routing Protocol", RFC 8967, 963 DOI 10.17487/RFC8967, January 2021, 964 . 966 [RFC8968] Décimo, A., Schinazi, D., and J. Chroboczek, "Babel 967 Routing Protocol over Datagram Transport Layer Security", 968 RFC 8968, DOI 10.17487/RFC8968, January 2021, 969 . 971 8.2. Informative References 973 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 974 and A. Bierman, Ed., "Network Configuration Protocol 975 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 976 . 978 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 979 RFC 7950, DOI 10.17487/RFC7950, August 2016, 980 . 982 [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. 983 Schoenwaelder, "Information Model for Large-Scale 984 Measurement Platforms (LMAPs)", RFC 8193, 985 DOI 10.17487/RFC8193, August 2017, 986 . 988 [TR-181] Broadband Forum, "Device Data Model", 989 . 991 Authors' Addresses 993 Barbara Stark 994 AT&T 995 Atlanta, GA, 996 United States of America 998 Email: barbara.stark@att.com 999 Mahesh Jethanandani 1000 VMware 1001 California 1002 United States of America 1004 Email: mjethanandani@gmail.com