draft-ietf-babel-information-model-08.txt   draft-ietf-babel-information-model-09.txt 
Babel routing protocol B. Stark Babel routing protocol B. Stark
Internet-Draft AT&T Internet-Draft AT&T
Intended status: Informational M. Jethanandani Intended status: Informational M. Jethanandani
Expires: February 4, 2020 VMware Expires: February 22, 2020 VMware
August 3, 2019 August 21, 2019
Babel Information Model Babel Information Model
draft-ietf-babel-information-model-08 draft-ietf-babel-information-model-09
Abstract Abstract
This Babel Information Model can be used to create data models under This Babel Information Model can be used to create data models under
various data modeling regimes. It allows a Babel implementation (via various data modeling regimes. It allows a Babel implementation (via
a management protocol or interface) to report on its current state a management protocol or interface) to report on its current state
and may allow some limited configuration of protocol constants. and may allow some limited configuration of protocol constants.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 4, 2020. This Internet-Draft will expire on February 22, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 17 skipping to change at page 2, line 17
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7
3.1. Definition of babel-information-obj . . . . . . . . . . . 7 3.1. Definition of babel-information-obj . . . . . . . . . . . 7
3.2. Definition of babel-constants-obj . . . . . . . . . . . . 8 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 8
3.3. Definition of babel-interfaces-obj . . . . . . . . . . . 9 3.3. Definition of babel-interfaces-obj . . . . . . . . . . . 9
3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 11 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 11
3.5. Definition of babel-neighbors-obj . . . . . . . . . . . . 12 3.5. Definition of babel-neighbors-obj . . . . . . . . . . . . 12
3.6. Definition of babel-nbr-stats-obj . . . . . . . . . . . . 13 3.6. Definition of babel-routes-obj . . . . . . . . . . . . . 14
3.7. Definition of babel-routes-obj . . . . . . . . . . . . . 14 3.7. Definition of babel-mac-key-sets-obj . . . . . . . . . . 15
3.8. Definition of babel-hmac-key-sets-obj . . . . . . . . . . 15 3.8. Definition of babel-mac-keys-obj . . . . . . . . . . . . 15
3.9. Definition of babel-hmac-keys-obj . . . . . . . . . . . . 16 3.9. Definition of babel-dtls-cert-sets-obj . . . . . . . . . 17
3.10. Definition of babel-dtls-cert-sets-obj . . . . . . . . . 17 3.10. Definition of babel-dtls-certs-obj . . . . . . . . . . . 17
3.11. Definition of babel-dtls-certs-obj . . . . . . . . . . . 17
4. Extending the Information Model . . . . . . . . . . . . . . . 18 4. Extending the Information Model . . . . . . . . . . . . . . . 18
5. Security Considerations . . . . . . . . . . . . . . . . . . . 18 5. Security Considerations . . . . . . . . . . . . . . . . . . . 18
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 19
7.1. Normative References . . . . . . . . . . . . . . . . . . 19 7.1. Normative References . . . . . . . . . . . . . . . . . . 19
7.2. Informative References . . . . . . . . . . . . . . . . . 20 7.2. Informative References . . . . . . . . . . . . . . . . . 20
Appendix A. Open Issues . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21
Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
Babel is a loop-avoiding distance-vector routing protocol defined in Babel is a loop-avoiding distance-vector routing protocol defined in
[I-D.ietf-babel-rfc6126bis]. [I-D.ietf-babel-hmac] defines a [I-D.ietf-babel-rfc6126bis]. [I-D.ietf-babel-hmac] defines a
security mechanism that allows Babel packets to be cryptographically security mechanism that allows Babel packets to be cryptographically
authenticated, and [I-D.ietf-babel-dtls] defines a security mechanism authenticated, and [I-D.ietf-babel-dtls] defines a security mechanism
that allows Babel packets to be encrypted. This document describes that allows Babel packets to be encrypted. This document describes
an information model for Babel (including implementations using one an information model for Babel (including implementations using one
of these security mechanisms) that can be used to create management or both of these security mechanisms) that can be used to create
protocol data models (such as a NETCONF [RFC6241] YANG [RFC7950] data management protocol data models (such as a NETCONF [RFC6241] YANG
model). [RFC7950] data model).
Due to the simplicity of the Babel protocol, most of the information Due to the simplicity of the Babel protocol, most of the information
model is focused on reporting Babel protocol operational state, and model is focused on reporting Babel protocol operational state, and
very little of that is considered mandatory to implement (contingent very little of that is considered mandatory to implement (for an
on a management protocol with Babel support being implemented). Some implementation claiming compliance with this information model).
parameters may be configurable. However, it is up to the Babel Some parameters may be configurable. However, it is up to the Babel
implementation whether to allow any of these to be configured within implementation whether to allow any of these to be configured within
its implementation. Where the implementation does not allow its implementation. Where the implementation does not allow
configuration of these parameters, it may still choose to expose them configuration of these parameters, it may still choose to expose them
as read-only. as read-only.
The Information Model is presented using a hierarchical structure. The Information Model is presented using a hierarchical structure.
This does not preclude a data model based on this Information Model This does not preclude a data model based on this Information Model
from using a referential or other structure. from using a referential or other structure.
1.1. Requirements Language 1.1. Requirements Language
skipping to change at page 4, line 30 skipping to change at page 4, line 26
The Information Model is hierarchically structured as follows: The Information Model is hierarchically structured as follows:
+-- babel-information +-- babel-information
+-- babel-implementation-version +-- babel-implementation-version
+-- babel-enable +-- babel-enable
+-- router-id +-- router-id
+-- self-seqno +-- self-seqno
+-- babel-metric-comp-algorithms +-- babel-metric-comp-algorithms
+-- babel-security-supported +-- babel-security-supported
+-- babel-hmac-algorithms +-- babel-mac-algorithms
+-- babel-dtls-cert-types +-- babel-dtls-cert-types
+-- babel-stats-enable +-- babel-stats-enable
+-- babel-stats-reset +-- babel-stats-reset
+-- babel-constants +-- babel-constants
| +-- babel-udp-port | +-- babel-udp-port
| +-- babel-mcast-group | +-- babel-mcast-group
+-- babel-interfaces +-- babel-interfaces
| +-- babel-interface-reference | +-- babel-interface-reference
| +-- babel-interface-enable | +-- babel-interface-enable
| +-- babel-interface-metric-algorithm | +-- babel-interface-metric-algorithm
| +-- babel-interface-split-horizon | +-- babel-interface-split-horizon
| +-- babel-mcast-hello-seqno | +-- babel-mcast-hello-seqno
| +-- babel-mcast-hello-interval | +-- babel-mcast-hello-interval
| +-- babel-update-interval | +-- babel-update-interval
| +-- babel-hmac-enable | +-- babel-mac-enable
| +-- babel-if-hmac-key-sets | +-- babel-if-mac-key-sets
| +-- babel-hmac-algorithm | +-- babel-mac-verify
| +-- babel-hmac-verify
| +-- babel-dtls-enable | +-- babel-dtls-enable
| +-- babel-if-dtls-cert-sets | +-- babel-if-dtls-cert-sets
| +-- babel-dtls-cached-info | +-- babel-dtls-cached-info
| +-- babel-dtls-cert-prefer | +-- babel-dtls-cert-prefer
| +-- babel-packet-log-enable | +-- babel-packet-log-enable
| +-- babel-packet-log | +-- babel-packet-log
| +-- babel-if-stats | +-- babel-if-stats
| | +-- babel-sent-mcast-hello | | +-- babel-sent-mcast-hello
| | +-- babel-sent-mcast-update | | +-- babel-sent-mcast-update
| | +-- babel-sent-ucast-hello
| | +-- babel-sent-ucast-update
| | +-- babel-sent-IHU
| | +-- babel-received-packets | | +-- babel-received-packets
| +-- babel-neighbors | +-- babel-neighbors
| | +-- babel-neighbor-address | | +-- babel-neighbor-address
| | +-- babel-hello-mcast-history | | +-- babel-hello-mcast-history
| | +-- babel-hello-ucast-history | | +-- babel-hello-ucast-history
| | +-- babel-txcost | | +-- babel-txcost
| | +-- babel-exp-mcast-hello-seqno | | +-- babel-exp-mcast-hello-seqno
| | +-- babel-exp-ucast-hello-seqno | | +-- babel-exp-ucast-hello-seqno
| | +-- babel-ucast-hello-seqno | | +-- babel-ucast-hello-seqno
| | +-- babel-ucast-hello-interval | | +-- babel-ucast-hello-interval
| | +-- babel-rxcost | | +-- babel-rxcost
| | +-- babel-cost | | +-- babel-cost
| | +-- babel-nbr-stats
| | | +-- babel-sent-ucast-hello
| | | +-- babel-sent-ucast-update
| | | +-- babel-sent-IHU
| | | +-- babel-received-hello
| | | +-- babel-received-update
| | | +-- babel-received-IHU
+-- babel-routes +-- babel-routes
| +-- babel-route-prefix | +-- babel-route-prefix
| +-- babel-route-prefix-length | +-- babel-route-prefix-length
| +-- babel-route-router-id | +-- babel-route-router-id
| +-- babel-route-neighbor | +-- babel-route-neighbor
| +-- babel-route-received-metric | +-- babel-route-received-metric
| +-- babel-route-calculated-metric | +-- babel-route-calculated-metric
| +-- babel-route-seqno | +-- babel-route-seqno
| +-- babel-route-next-hop | +-- babel-route-next-hop
| +-- babel-route-feasible | +-- babel-route-feasible
| +-- babel-route-selected | +-- babel-route-selected
+-- babel-hmac-key-sets +-- babel-mac-key-sets
| +-- babel-hmac-default-apply | +-- babel-mac-default-apply
| +-- babel-hmac-keys | +-- babel-mac-keys
| | +-- babel-hmac-key-name | | +-- babel-mac-key-name
| | +-- babel-hmac-key-use-sign | | +-- babel-mac-key-use-sign
| | +-- babel-hmac-key-use-verify | | +-- babel-mac-key-use-verify
| | +-- babel-hmac-key-value | | +-- babel-mac-key-value
| | +-- babel-mac-key-algorithm
| | +-- babel-mac-key-test
+-- babel-dtls-cert-sets +-- babel-dtls-cert-sets
| +-- babel-dtls-default-apply | +-- babel-dtls-default-apply
| +-- babel-dtls-certs | +-- babel-dtls-certs
| | +-- babel-cert-name | | +-- babel-cert-name
| | +-- babel-cert-value | | +-- babel-cert-value
| | +-- babel-cert-type | | +-- babel-cert-type
| | +-- babel-cert-private-key | | +-- babel-cert-private-key
| | +-- babel-cert-test | | +-- babel-cert-test
Most parameters are read-only. Following is a descriptive list of Most parameters are read-only. Following is a descriptive list of
the parameters that are not required to be read-only: the parameters that are not required to be read-only:
o enable/disable Babel o enable/disable Babel
o create/delete Babel MAC Key sets
o create/delete babel-hmac objects o create/delete Babel DTLS Certificate sets
o create/delete babel-dtls objects
o enable/disable statistics collection o enable/disable statistics collection
o Constant: UDP port o Constant: UDP port
o Constant: IPv6 multicast group o Constant: IPv6 multicast group
o Interface: Link type o Interface: Metric algorithm
o Interface: Split horizon
o Interface: enable/disable Babel on this interface o Interface: enable/disable Babel on this interface
o Interface: sets of HMAC keys o Interface: sets of MAC keys
o Interface: HMAC algorithm o Interface: MAC algorithm
o Interface: verify received HMAC packets o Interface: verify received MAC packets
o Interface: set of DTLS certificates o Interface: set of DTLS certificates
o Interface: use cached info extensions o Interface: use cached info extensions
o Interface: preferred order of certificate types o Interface: preferred order of certificate types
o Interface: enable/disable packet log o Interface: enable/disable packet log
o HMAC-keys: create/delete entries o MAC-keys: create/delete entries
o HMAC-keys: use to sign packets o MAC-keys: use to sign packets
o HMAC-keys: use to verify packets o MAC-keys: use to verify packets
o DTLS-certs: create/delete entries o DTLS-certs: create/delete entries
The following parameters are required to return no value when read: The following parameters are required to return no value when read:
o HMAC key values o MAC key values
o DTLS certificate values o DTLS certificate values
Note that this overview is intended simply to be informative and is Note that this overview is intended simply to be informative and is
not normative. If there is any discrepancy between this overview and not normative. If there is any discrepancy between this overview and
the detailed information model definitions in subsequent sections, the detailed information model definitions in subsequent sections,
the error is in this overview. the error is in this overview.
3. The Information Model 3. The Information Model
3.1. Definition of babel-information-obj 3.1. Definition of babel-information-obj
object { object {
string ro babel-implementation-version; string ro babel-implementation-version;
boolean rw babel-enable; boolean rw babel-enable;
binary ro babel-self-router-id; binary ro babel-self-router-id;
[uint ro babel-self-seqno;] [uint ro babel-self-seqno;]
string ro babel-metric-comp-algorithms<1..*>; string ro babel-metric-comp-algorithms<1..*>;
string ro babel-security-supported<0..*>; string ro babel-security-supported<0..*>;
[string ro babel-hmac-algorithms<1..*>;] [string ro babel-mac-algorithms<1..*>;]
[string ro babel-dtls-cert-types<1..*>;] [string ro babel-dtls-cert-types<1..*>;]
[boolean rw babel-stats-enable;] [boolean rw babel-stats-enable;]
[operation babel-stats-reset;] [operation babel-stats-reset;]
babel-constants-obj ro babel-constants; babel-constants-obj ro babel-constants;
babel-interfaces-obj ro babel-interfaces<0..*>; babel-interfaces-obj ro babel-interfaces<0..*>;
babel-routes-obj ro babel-routes<0..*>; babel-routes-obj ro babel-routes<0..*>;
[babel-hmac-obj rw babel-hmac<0..*>;] [babel-mac-key-sets-obj rw babel-mac-key-sets<0..*>;]
[babel-dtls-obj rw babel-dtls<0..*>;] [babel-dtls-cert-sets-obj rw babel-dtls-cert-sets<0..*>;]
} babel-information-obj; } babel-information-obj;
babel-implementation-version: The name and version of this babel-implementation-version: The name and version of this
implementation of the Babel protocol. implementation of the Babel protocol.
babel-enable: When written, it configures whether the protocol babel-enable: When written, it configures whether the protocol
should be enabled (true) or disabled (false). A read from the should be enabled (true) or disabled (false). A read from the
running or intended datastore indicates the configured running or intended datastore indicates the configured
administrative value of whether the protocol is enabled (true) or administrative value of whether the protocol is enabled (true) or
not (false). A read from the operational datastore indicates not (false). A read from the operational datastore indicates
whether the protocol is actually running (true) or not (i.e., it whether the protocol is actually running (true) or not (i.e., it
skipping to change at page 8, line 10 skipping to change at page 7, line 52
babel-self-router-id: The router-id used by this instance of the babel-self-router-id: The router-id used by this instance of the
Babel protocol to identify itself. [I-D.ietf-babel-rfc6126bis] Babel protocol to identify itself. [I-D.ietf-babel-rfc6126bis]
describes this as an arbitrary string of 8 octets. The router-id describes this as an arbitrary string of 8 octets. The router-id
value MUST NOT consist of all zeroes or all ones. value MUST NOT consist of all zeroes or all ones.
babel-self-seqno: The current sequence number included in route babel-self-seqno: The current sequence number included in route
updates for routes originated by this node. This is a 16-bit updates for routes originated by this node. This is a 16-bit
unsigned integer. unsigned integer.
babel-metric-comp-algorithms: List of supported cost computation babel-metric-comp-algorithms: List of supported cost computation
algorithms. Possible values include "2-out-of-3", and "ETX". algorithms. Possible values include "2-out-of-3", and "ETX". "2-
out-of-3" is described in [I-D.ietf-babel-rfc6126bis], section
A.2.1. "ETX" is described in [I-D.ietf-babel-rfc6126bis], section
A.2.2.
babel-security-supported: List of supported security mechanisms. babel-security-supported: List of supported security mechanisms.
Possible values include "HMAC" and "DTLS". Possible values include "MAC" and "DTLS".
babel-hmac-algorithms: List of supported HMAC computation babel-mac-algorithms: List of supported MAC computation algorithms.
algorithms. Possible values include "HMAC-SHA256", "BLAKE2s". Possible values include "HMAC-SHA256", "BLAKE2s".
babel-dtls-cert-types: List of supported DTLS certificate types. babel-dtls-cert-types: List of supported DTLS certificate types.
Possible values include "X.509" and "RawPublicKey". Possible values include "X.509" and "RawPublicKey".
babel-stats-enable: Indicates whether statistics collection is babel-stats-enable: Indicates whether statistics collection is
enabled (true) or disabled (false) on all interfaces, including enabled (true) or disabled (false) on all interfaces.
neighbor-specific statistics (babel-nbr-stats).
babel-stats-reset: An operation that resets all babel-if-stats and babel-stats-reset: An operation that resets all babel-if-stats
babel-nbr-stats parameters to zero. This operation has no input parameters to zero. This operation has no input or output
or output parameters. parameters.
babel-constants: A babel-constants-obj object. babel-constants: A babel-constants-obj object.
babel-interfaces: A set of babel-interface-obj objects. babel-interfaces: A set of babel-interface-obj objects.
babel-routes: A set of babel-route-obj objects. Contains the routes babel-routes: A set of babel-route-obj objects. Contains the routes
known to this node. known to this node.
babel-hmac: A babel-hmac-obj object. If this object is implemented, babel-mac-key-sets: A babel-mac-key-sets-obj object. If this object
it provides access to parameters related to the HMAC security is implemented, it provides access to parameters related to the
mechanism. An implementation MAY choose to expose this object as MAC security mechanism. An implementation MAY choose to expose
read-only ("ro"). this object as read-only ("ro").
babel-dtls: A babel-dtls-obj object. If this object is implemented, babel-dtls-cert-sets: A babel-dtls-cert-sets-obj object. If this
it provides access to parameters related to the DTLS security object is implemented, it provides access to parameters related to
mechanism. An implementation MAY choose to expose this object as the DTLS security mechanism. An implementation MAY choose to
read-only ("ro"). expose this object as read-only ("ro").
3.2. Definition of babel-constants-obj 3.2. Definition of babel-constants-obj
object { object {
uint rw babel-udp-port; uint rw babel-udp-port;
[ip-address rw babel-mcast-group;] [ip-address rw babel-mcast-group;]
} babel-constants-obj; } babel-constants-obj;
babel-udp-port: UDP port for sending and listening for Babel babel-udp-port: UDP port for sending and listening for Babel
packets. Default is 6696. An implementation MAY choose to expose packets. Default is 6696. An implementation MAY choose to expose
this parameter as read-only ("ro"). This is a 16-bit unsigned this parameter as read-only ("ro"). This is a 16-bit unsigned
integer. integer.
babel-mcast-group: Multicast group for sending and listening to babel-mcast-group: Multicast group for sending and listening to
multicast announcements on IPv6. Default is ff02:0:0:0:0:0:1:6. multicast announcements on IPv6. Default is ff02::1:6. An
An implementation MAY choose to expose this parameter as read-only implementation MAY choose to expose this parameter as read-only
("ro"). ("ro").
3.3. Definition of babel-interfaces-obj 3.3. Definition of babel-interfaces-obj
object { object {
reference ro babel-interface-reference; reference ro babel-interface-reference;
[boolean rw babel-interface-enable;] [boolean rw babel-interface-enable;]
string rw babel-interface-metric-algorithm; string rw babel-interface-metric-algorithm;
boolean rw babel-interface-split-horizon; [boolean rw babel-interface-split-horizon;]
[uint ro babel-mcast-hello-seqno;] [uint ro babel-mcast-hello-seqno;]
[uint ro babel-mcast-hello-interval;] [uint ro babel-mcast-hello-interval;]
[uint ro babel-update-interval;] [uint ro babel-update-interval;]
[boolean rw babel-hmac-enable;] [boolean rw babel-mac-enable;]
[reference rw babel-if-hmac-key-sets<0..*>;] [reference rw babel-if-mac-key-sets<0..*>;]
[string rw babel-hmac-algorithm;] [boolean rw babel-mac-verify;]
[boolean rw babel-hmac-verify;]
[boolean rw babel-dtls-enable;] [boolean rw babel-dtls-enable;]
[reference rw babel-if-dtls-cert-sets<0..*>;] [reference rw babel-if-dtls-cert-sets<0..*>;]
[boolean rw babel-dtls-cached-info;] [boolean rw babel-dtls-cached-info;]
[string rw babel-dtls-cert-prefer<0..*>;] [string rw babel-dtls-cert-prefer<0..*>;]
[boolean rw babel-packet-log-enable;] [boolean rw babel-packet-log-enable;]
[reference ro babel-packet-log;] [reference ro babel-packet-log;]
[babel-if-stats-obj ro babel-if-stats;] [babel-if-stats-obj ro babel-if-stats;]
babel-neighbors-obj ro babel-neighbors<0..*>; babel-neighbors-obj ro babel-neighbors<0..*>;
} babel-interfaces-obj; } babel-interfaces-obj;
babel-interface-reference: Reference to an IPv6 interface object as babel-interface-reference: Reference to an interface object that can
defined by the data model (e.g., YANG [RFC7950], BBF [TR-181]). be used to send and receive IPv6 packets, as defined by the data
Referencing syntax will be specific to the data model. If there model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax
is no set of interface objects available, this should be a string will be specific to the data model. If there is no set of
that indicates the interface name used by the underlying operating interface objects available, this should be a string that
indicates the interface name used by the underlying operating
system. system.
babel-interface-enable: When written, it configures whether the babel-interface-enable: When written, it configures whether the
protocol should be enabled (true) or disabled (false) on this protocol should be enabled (true) or disabled (false) on this
interface. A read from the running or intended datastore interface. A read from the running or intended datastore
indicates the configured administrative value of whether the indicates the configured administrative value of whether the
protocol is enabled (true) or not (false). A read from the protocol is enabled (true) or not (false). A read from the
operational datastore indicates whether the protocol is actually operational datastore indicates whether the protocol is actually
running (true) or not (i.e., it indicates the operational state of running (true) or not (i.e., it indicates the operational state of
the protocol). A data model that does not replicate parameters the protocol). A data model that does not replicate parameters
skipping to change at page 10, line 18 skipping to change at page 10, line 14
babel-interface-metric-algorithm: Indicates the metric computation babel-interface-metric-algorithm: Indicates the metric computation
algorithm used on this interface. The value MUST be one of those algorithm used on this interface. The value MUST be one of those
listed in the babel-information-obj babel-metric-comp-algorithms listed in the babel-information-obj babel-metric-comp-algorithms
parameter. An implementation MAY choose to expose this parameter parameter. An implementation MAY choose to expose this parameter
as read-only ("ro"). as read-only ("ro").
babel-interface-split-horizon: Indicates whether or not the split babel-interface-split-horizon: Indicates whether or not the split
horizon optimization is used when calculating metrics on this horizon optimization is used when calculating metrics on this
interface. A value of true indicates split horizon optimization interface. A value of true indicates split horizon optimization
is used. is used. Split horizon optimization is described in
[I-D.ietf-babel-rfc6126bis], section 3.7.4. An implementation MAY
choose to expose this parameter as read-only ("ro").
babel-mcast-hello-seqno: The current sequence number in use for babel-mcast-hello-seqno: The current sequence number in use for
multicast Hellos sent on this interface. This is a 16-bit multicast Hellos sent on this interface. This is a 16-bit
unsigned integer. unsigned integer.
babel-mcast-hello-interval: The current interval in use for babel-mcast-hello-interval: The current interval in use for
multicast Hellos sent on this interface. Units are centiseconds. multicast Hellos sent on this interface. Units are centiseconds.
This is a 16-bit unsigned integer. This is a 16-bit unsigned integer.
babel-update-interval: The current interval in use for all updates babel-update-interval: The current interval in use for all updates
(multicast and unicast) sent on this interface. Units are (multicast and unicast) sent on this interface. Units are
centiseconds. This is a 16-bit unsigned integer. centiseconds. This is a 16-bit unsigned integer.
babel-hmac-enable: Indicates whether the HMAC security mechanism is babel-mac-enable: Indicates whether the MAC security mechanism is
enabled (true) or disabled (false). An implementation MAY choose enabled (true) or disabled (false). An implementation MAY choose
to expose this parameter as read-only ("ro"). to expose this parameter as read-only ("ro").
babel-if-hmac-keys-sets: List of references to the babel-hmac babel-if-mac-keys-sets: List of references to the babel-mac entries
entries that apply to this interface. When an interface instance that apply to this interface. When an interface instance is
is created, all babel-hmac-key-sets instances with babel-hmac- created, all babel-mac-key-sets instances with babel-mac-default-
default-apply "true" will be included in this list. An apply "true" will be included in this list. An implementation MAY
implementation MAY choose to expose this parameter as read-only choose to expose this parameter as read-only ("ro").
("ro").
babel-hmac-algorithm The name of the HMAC algorithm used on this
interface. The value MUST be the same as one of the enumerations
listed in the babel-hmac-algorithms parameter. An implementation
MAY choose to expose this parameter as read-only ("ro").
babel-hmac-verify A Boolean flag indicating whether HMAC hashes in babel-mac-verify A Boolean flag indicating whether MAC hashes in
incoming Babel packets are required to be present and are incoming Babel packets are required to be present and are
verified. If this parameter is "true", incoming packets are verified. If this parameter is "true", incoming packets are
required to have a valid HMAC hash. An implementation MAY choose required to have a valid MAC hash. An implementation MAY choose
to expose this parameter as read-only ("ro"). to expose this parameter as read-only ("ro").
babel-dtls-enable: Indicates whether the DTLS security mechanism is babel-dtls-enable: Indicates whether the DTLS security mechanism is
enabled (true) or disabled (false). An implementation MAY choose enabled (true) or disabled (false). An implementation MAY choose
to expose this parameter as read-only ("ro"). to expose this parameter as read-only ("ro").
babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- babel-if-dtls-cert-sets: List of references to the babel-dtls-cert-
sets entries that apply to this interface. When an interface sets entries that apply to this interface. When an interface
instance is created, all babel-dtls-cert-sets instances with instance is created, all babel-dtls-cert-sets instances with
babel-dtls-default-apply "true" will be included in this list. An babel-dtls-default-apply "true" will be included in this list. An
skipping to change at page 11, line 50 skipping to change at page 11, line 40
babel-if-stats: Statistics collection object for this interface. babel-if-stats: Statistics collection object for this interface.
babel-neighbors: A set of babel-neighbors-obj objects. babel-neighbors: A set of babel-neighbors-obj objects.
3.4. Definition of babel-if-stats-obj 3.4. Definition of babel-if-stats-obj
object { object {
uint ro babel-sent-mcast-hello; uint ro babel-sent-mcast-hello;
uint ro babel-sent-mcast-update; uint ro babel-sent-mcast-update;
uint ro babel-sent-ucast-hello;
uint ro babel-sent-ucast-update;
uint ro babel-sent-IHU;
uint ro babel-received-packets; uint ro babel-received-packets;
} babel-if-stats-obj; } babel-if-stats-obj;
babel-sent-mcast-hello: A count of the number of multicast Hello babel-sent-mcast-hello: A count of the number of multicast Hello
packets sent on this interface. packets sent on this interface.
babel-sent-mcast-update: A count of the number of multicast update babel-sent-mcast-update: A count of the number of multicast update
packets sent on this interface. packets sent on this interface.
babel-sent-ucast-hello: A count of the number of unicast Hello
packets sent on this interface.
babel-sent-ucast-update: A count of the number of unicast update
packets sent on this interface.
babel-sent-IHU: A count of the number of IHU packets sent on this
interface.
babel-received-packets: A count of the number of Babel packets babel-received-packets: A count of the number of Babel packets
received on this interface. received on this interface.
3.5. Definition of babel-neighbors-obj 3.5. Definition of babel-neighbors-obj
object { object {
ip-address ro babel-neighbor-address; ip-address ro babel-neighbor-address;
[binary ro babel-hello-mcast-history;] [binary ro babel-hello-mcast-history;]
[binary ro babel-hello-ucast-history;] [binary ro babel-hello-ucast-history;]
uint ro babel-txcost; uint ro babel-txcost;
uint ro babel-exp-mcast-hello-seqno; uint ro babel-exp-mcast-hello-seqno;
uint ro babel-exp-ucast-hello-seqno; uint ro babel-exp-ucast-hello-seqno;
[uint ro babel-ucast-hello-seqno;] [uint ro babel-ucast-hello-seqno;]
[uint ro babel-ucast-hello-interval;] [uint ro babel-ucast-hello-interval;]
[uint ro babel-rxcost;] [uint ro babel-rxcost;]
[uint ro babel-cost;] [uint ro babel-cost;]
[babel-nbr-stats-obj ro babel-nbr-stats;]
} babel-neighbors-obj; } babel-neighbors-obj;
babel-neighbor-address: IPv4 or IPv6 address the neighbor sends babel-neighbor-address: IPv4 or IPv6 address the neighbor sends
packets from. packets from.
babel-hello-mcast-history: The multicast Hello history of whether or babel-hello-mcast-history: The multicast Hello history of whether or
not the multicast Hello packets prior to babel-exp-mcast-hello- not the multicast Hello packets prior to babel-exp-mcast-hello-
seqno were received. A binary sequence where the most recently seqno were received. A binary sequence where the most recently
received Hello is expressed as a "1" placed in the left-most bit, received Hello is expressed as a "1" placed in the left-most bit,
with prior bits shifted right (and "0" bits placed between prior with prior bits shifted right (and "0" bits placed between prior
skipping to change at page 13, line 11 skipping to change at page 13, line 14
babel-txcost: Transmission cost value from the last IHU packet babel-txcost: Transmission cost value from the last IHU packet
received from this neighbor, or maximum value to indicate the IHU received from this neighbor, or maximum value to indicate the IHU
hold timer for this neighbor has expired. See hold timer for this neighbor has expired. See
[I-D.ietf-babel-rfc6126bis], section 3.4.2. This is a 16-bit [I-D.ietf-babel-rfc6126bis], section 3.4.2. This is a 16-bit
unsigned integer. unsigned integer.
babel-exp-mcast-hello-seqno: Expected multicast Hello sequence babel-exp-mcast-hello-seqno: Expected multicast Hello sequence
number of next Hello to be received from this neighbor. If number of next Hello to be received from this neighbor. If
multicast Hello packets are not expected, or processing of multicast Hello packets are not expected, or processing of
multicast packets is not enabled, this MUST be 0. This is a multicast packets is not enabled, this MUST be NULL. This is a
16-bit unsigned integer. 16-bit unsigned integer; if the data model uses zero (0) to
represent NULL values for unsigned integers, the data model MAY
use a different data type that allows differentiation between zero
(0) and NULL.
babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number
of next Hello to be received from this neighbor. If unicast Hello of next Hello to be received from this neighbor. If unicast Hello
packets are not expected, or processing of unicast packets is not packets are not expected, or processing of unicast packets is not
enabled, this MUST be 0. This is a 16-bit unsigned integer. enabled, this MUST be NULL. This is a 16-bit unsigned integer; if
the data model uses zero (0) to represent NULL values for unsigned
integers, the data model MAY use a different data type that allows
differentiation between zero (0) and NULL.
babel-ucast-hello-seqno: The current sequence number in use for babel-ucast-hello-seqno: The current sequence number in use for
unicast Hellos sent to this neighbor. This is a 16-bit unsigned unicast Hellos sent to this neighbor. If unicast Hellos are not
integer. being sent, this MUST be NULL. This is a 16-bit unsigned integer;
if the data model uses zero (0) to represent NULL values for
unsigned integers, the data model MAY use a different data type
that allows differentiation between zero (0) and NULL.
babel-ucast-hello-interval: The current interval in use for unicast babel-ucast-hello-interval: The current interval in use for unicast
Hellos sent to this neighbor. Units are centiseconds. This is a Hellos sent to this neighbor. Units are centiseconds. This is a
16-bit unsigned integer. 16-bit unsigned integer.
babel-rxcost: Reception cost calculated for this neighbor. This babel-rxcost: Reception cost calculated for this neighbor. This
value is usually derived from the Hello history, which may be value is usually derived from the Hello history, which may be
combined with other data, such as statistics maintained by the combined with other data, such as statistics maintained by the
link layer. The rxcost is sent to a neighbor in each IHU. See link layer. The rxcost is sent to a neighbor in each IHU. See
[I-D.ietf-babel-rfc6126bis], section 3.4.3. This is a 16-bit [I-D.ietf-babel-rfc6126bis], section 3.4.3. This is a 16-bit
unsigned integer. unsigned integer.
babel-cost: Link cost is computed from the values maintained in the babel-cost: The link cost, as computed from the values maintained in
neighbor table: the statistics kept in the neighbor table about the neighbor table: the statistics kept in the neighbor table
the reception of Hellos, and the txcost computed from received IHU about the reception of Hellos, and the txcost computed from
packets. This is a 16-bit unsigned integer. received IHU packets. This is a 16-bit unsigned integer.
babel-nbr-stats: Statistics collection object for this neighbor.
3.6. Definition of babel-nbr-stats-obj
object {
uint ro babel-sent-ucast-hello;
uint ro babel-sent-ucast-update;
uint ro babel-sent-IHU;
uint ro babel-received-hello;
uint ro babel-received-update;
uint ro babel-received-IHU;
} babel-nbr-stats-obj;
babel-sent-ucast-hello: A count of the number of unicast Hello
packets sent to this neighbor.
babel-sent-ucast-update: A count of the number of unicast update
packets sent to this neighbor.
babel-sent-IHU: A count of the number of IHU packets sent to this
neighbor.
babel-received-hello: A count of the number of Hello packets
received from this neighbor.
babel-received-update: A count of the number of update packets
received from this neighbor.
babel-received-IHU: A count of the number of IHU packets received
from this neighbor.
3.7. Definition of babel-routes-obj 3.6. Definition of babel-routes-obj
object { object {
ip-address ro babel-route-prefix; ip-address ro babel-route-prefix;
uint ro babel-route-prefix-length; uint ro babel-route-prefix-length;
binary ro babel-route-router-id; binary ro babel-route-router-id;
string ro babel-route-neighbor; string ro babel-route-neighbor;
uint ro babel-route-received-metric; uint ro babel-route-received-metric;
uint ro babel-route-calculated-metric; uint ro babel-route-calculated-metric;
uint ro babel-route-seqno; uint ro babel-route-seqno;
ip-address ro babel-route-next-hop; ip-address ro babel-route-next-hop;
boolean ro babel-route-feasible; boolean ro babel-route-feasible;
boolean ro babel-route-selected; boolean ro babel-route-selected;
} babel-routes-obj; } babel-routes-obj;
babel-route-prefix: Prefix (expressed in IP address format) for babel-route-prefix: Prefix (expressed in IP address format) for
which this route is advertised. which this route is advertised.
babel-route-prefix-length: Length of the prefix for which this route babel-route-prefix-length: Length of the prefix for which this route
is advertised. is advertised.
babel-route-router-id: router-id of the source router for which this babel-route-router-id: The router-id of the router that originated
route is advertised. this route.
babel-route-neighbor: Reference to the babel-neighbors entry for the babel-route-neighbor: Reference to the babel-neighbors entry for the
neighbor that advertised this route. neighbor that advertised this route.
babel-route-received-metric: The metric with which this route was babel-route-received-metric: The metric with which this route was
advertised by the neighbor, or maximum value to indicate the route advertised by the neighbor, or maximum value to indicate the route
was recently retracted and is temporarily unreachable (see was recently retracted and is temporarily unreachable (see
Section 3.5.5 of [I-D.ietf-babel-rfc6126bis]). This metric will Section 3.5.5 of [I-D.ietf-babel-rfc6126bis]). This metric will
be 0 (zero) if the route was not received from a neighbor but was be NULL if the route was not received from a neighbor but was
generated through other means. At least one of babel-route- generated through other means. At least one of babel-route-
calculated-metric and babel-route-received-metric MUST be non- calculated-metric and babel-route-received-metric MUST be non-
zero. Having both be non-zero is expected for a route that is NULL. Having both be non-NULL is expected for a route that is
received and subsequently advertised. This is a 16-bit unsigned received and subsequently advertised. This is a 16-bit unsigned
integer; if the data model uses zero (0) to represent NULL values integer; if the data model uses zero (0) to represent NULL values
for unsigned integers, the data model may use a different data for unsigned integers, the data model MAY use a different data
type that allows differentiation between zero (0) and NULL. type that allows differentiation between zero (0) and NULL.
babel-route-calculated-metric: A calculated metric for this route. babel-route-calculated-metric: A calculated metric for this route.
How the metric is calculated is implementation-specific. Maximum How the metric is calculated is implementation-specific. Maximum
value indicates the route was recently retracted and is value indicates the route was recently retracted and is
temporarily unreachable (see Section 3.5.5 of temporarily unreachable (see Section 3.5.5 of
[I-D.ietf-babel-rfc6126bis]). At least one of babel-route- [I-D.ietf-babel-rfc6126bis]). At least one of babel-route-
calculated-metric and babel-route-received-metric MUST be non- calculated-metric and babel-route-received-metric MUST be non-
zero. Having both be non-zero is expected for a route that is NULL. Having both be non-NULL is expected for a route that is
received and subsequently advertised. This is a 16-bit unsigned received and subsequently advertised. This is a 16-bit unsigned
integer; but it may be represented by a data model as a signed integer; if the data model uses zero (0) to represent NULL values
integer for schemas that use 0 (zero) to represent NULL with for unsigned integers, the data model MAY use a different data
unsigned integers and use negative numbers to represent NULL with type that allows differentiation between zero (0) and NULL.
signed integers.
babel-route-seqno: The sequence number with which this route was babel-route-seqno: The sequence number with which this route was
advertised. This is a 16-bit unsigned integer. advertised. This is a 16-bit unsigned integer.
babel-route-next-hop: The next-hop address of this route. This will babel-route-next-hop: The next-hop address of this route. This will
be empty if this route has no next-hop address. be empty if this route has no next-hop address.
babel-route-feasible: A Boolean flag indicating whether this route babel-route-feasible: A Boolean flag indicating whether this route
is feasible, as defined in Section 3.5.1 of is feasible, as defined in Section 3.5.1 of
[I-D.ietf-babel-rfc6126bis]). [I-D.ietf-babel-rfc6126bis]).
babel-route-selected: A Boolean flag indicating whether this route babel-route-selected: A Boolean flag indicating whether this route
is selected (i.e., whether it is currently being used for is selected (i.e., whether it is currently being used for
forwarding and is being advertised). forwarding and is being advertised).
3.8. Definition of babel-hmac-key-sets-obj 3.7. Definition of babel-mac-key-sets-obj
object { object {
boolean rw babel-hmac-default-apply; boolean rw babel-mac-default-apply;
babel-hmac-keys-obj rw babel-hmac-keys<0..*>; babel-mac-keys-obj rw babel-mac-keys<0..*>;
} babel-hmac-obj; } babel-mac-obj;
babel-hmac-default-apply: A Boolean flag indicating whether this babel-mac-default-apply: A Boolean flag indicating whether this
babel-hmac instance is applied to all new babel-interface babel-mac instance is applied to all new babel-interface
instances, by default. If "true", this instance is applied to new instances, by default. If "true", this instance is applied to new
babel-interfaces instances at the time they are created, by babel-interfaces instances at the time they are created, by
including it in the babel-interface-hmac-keys list. If "false", including it in the babel-interface-mac-keys list. If "false",
this instance is not applied to new babel-interfaces instances this instance is not applied to new babel-interfaces instances
when they are created. An implementation MAY choose to expose when they are created. An implementation MAY choose to expose
this parameter as read-only ("ro"). this parameter as read-only ("ro").
babel-hmac-keys: A set of babel-hmac-keys-obj objects. babel-mac-keys: A set of babel-mac-keys-obj objects.
3.9. Definition of babel-hmac-keys-obj 3.8. Definition of babel-mac-keys-obj
object { object {
string rw babel-hmac-key-name; string rw babel-mac-key-name;
boolean rw babel-hmac-key-use-sign; boolean rw babel-mac-key-use-sign;
boolean rw babel-hmac-key-use-verify; boolean rw babel-mac-key-use-verify;
binary -- babel-hmac-key-value; binary -- babel-mac-key-value;
[operation babel-hmac-key-test;] string rw babel-mac-key-algorithm;
} babel-hmac-keys-obj; [operation babel-mac-key-test;]
} babel-mac-keys-obj;
babel-hmac-key-name: A unique name for this HMAC key that can be babel-mac-key-name: A unique name for this MAC key that can be used
used to identify the key in this object instance, since the key to identify the key in this object instance, since the key value
value is not allowed to be read. This value MUST NOT be empty and is not allowed to be read. This value MUST NOT be empty and can
can only be provided when this instance is created (i.e., it is only be provided when this instance is created (i.e., it is not
not subsequently writable). The value MAY be auto-generated if subsequently writable). The value MAY be auto-generated if not
not explicitly supplied when the instance is created. explicitly supplied when the instance is created.
babel-key-use-sign: Indicates whether this key value is used to sign babel-key-use-sign: Indicates whether this key value is used to sign
sent Babel packets. Sent packets are signed using this key if the sent Babel packets. Sent packets are signed using this key if the
value is "true". If the value is "false", this key is not used to value is "true". If the value is "false", this key is not used to
sign sent Babel packets. An implementation MAY choose to expose sign sent Babel packets. An implementation MAY choose to expose
this parameter as read-only ("ro"). this parameter as read-only ("ro").
babel-key-use-verify: Indicates whether this key value is used to babel-key-use-verify: Indicates whether this key value is used to
verify incoming Babel packets. This key is used to verify verify incoming Babel packets. This key is used to verify
incoming packets if the value is "true". If the value is "false", incoming packets if the value is "true". If the value is "false",
no HMAC is computed from this key for comparing an incoming no MAC is computed from this key for comparing an incoming packet.
packet. An implementation MAY choose to expose this parameter as An implementation MAY choose to expose this parameter as read-only
read-only ("ro"). ("ro").
babel-key-value: The value of the HMAC key. An implementation MUST babel-key-value: The value of the MAC key. An implementation MUST
NOT allow this parameter to be read. This can be done by always NOT allow this parameter to be read. This can be done by always
providing an empty string, or through permissions, or other means. providing an empty string when read, or through permissions, or
This value MUST be provided when this instance is created, and is other means. This value MUST be provided when this instance is
not subsequently writable. created, and is not subsequently writable. This value is of a
length suitable for the associated babel-mac-key-algorithm. If
the algorithm is based on the HMAC construction [RFC2104], the
length MUST be between 0 and the block size of the underlying hash
inclusive (where "HMAC-SHA256" block size is 64 bytes as described
in [RFC4868]). If the algorithm is "BLAKE2s", the length MUST be
between 0 and 32 bytes inclusive, as described in [RFC7693].
babel-hmac-test: An operation that allows the HMAC key and hash babel-mac-key-algorithm The name of the MAC algorithm used with this
key. The value MUST be the same as one of the enumerations listed
in the babel-mac-algorithms parameter. An implementation MAY
choose to expose this parameter as read-only ("ro").
babel-mac-test: An operation that allows the MAC key and hash
algorithm to be tested to see if they produce an expected outcome. algorithm to be tested to see if they produce an expected outcome.
Input to this operation MUST be a non-empty binary string. The Input to this operation is a binary string. The implementation is
implementation is expected to create a hash of this string using expected to create a hash of this string using the babel-mac-key-
the babel-hmac-key-value and the babel-hmac-algorithm. The output value and the babel-mac-algorithm. The output of this operation
of this operation is the resulting hash, as a binary string. is the resulting hash, as a binary string.
3.10. Definition of babel-dtls-cert-sets-obj 3.9. Definition of babel-dtls-cert-sets-obj
object { object {
boolean rw babel-dtls-default-apply; boolean rw babel-dtls-default-apply;
babel-dtls-certs-obj rw babel-dtls-certs<0..*>; babel-dtls-certs-obj rw babel-dtls-certs<0..*>;
} babel-dtls-obj; } babel-dtls-obj;
babel-dtls-default-apply: A Boolean flag indicating whether this babel-dtls-default-apply: A Boolean flag indicating whether this
babel-dtls instance is applied to all new babel-interface babel-dtls instance is applied to all new babel-interface
instances, by default. If "true", this instance is applied to new instances, by default. If "true", this instance is applied to new
babel-interfaces instances at the time they are created, by babel-interfaces instances at the time they are created, by
skipping to change at page 17, line 29 skipping to change at page 17, line 27
this instance is not applied to new babel-interfaces instances this instance is not applied to new babel-interfaces instances
when they are created. An implementation MAY choose to expose when they are created. An implementation MAY choose to expose
this parameter as read-only ("ro"). this parameter as read-only ("ro").
babel-dtls-certs: A set of babel-dtls-keys-obj objects. This babel-dtls-certs: A set of babel-dtls-keys-obj objects. This
contains both certificates for this implementation to present for contains both certificates for this implementation to present for
authentication, and to accept from others. Certificates with a authentication, and to accept from others. Certificates with a
non-empty babel-cert-private-key can be presented by this non-empty babel-cert-private-key can be presented by this
implementation for authentication. implementation for authentication.
3.11. Definition of babel-dtls-certs-obj 3.10. Definition of babel-dtls-certs-obj
object { object {
string rw babel-cert-name; string rw babel-cert-name;
string rw babel-cert-value; string rw babel-cert-value;
string rw babel-cert-type; string rw babel-cert-type;
binary -- babel-cert-private-key; binary -- babel-cert-private-key;
[operation babel-cert-test;] [operation babel-cert-test;]
} babel-dtls-certs-obj; } babel-dtls-certs-obj;
babel-cert-name: A unique name for this DTLS certificate that can be babel-cert-name: A unique name for this DTLS certificate that can be
skipping to change at page 18, line 15 skipping to change at page 18, line 11
babel-cert-type: The name of the certificate type of this object babel-cert-type: The name of the certificate type of this object
instance. The value MUST be the same as one of the enumerations instance. The value MUST be the same as one of the enumerations
listed in the babel-dtls-cert-types parameter. This value can listed in the babel-dtls-cert-types parameter. This value can
only be provided when this instance is created, and is not only be provided when this instance is created, and is not
subsequently writable. subsequently writable.
babel-cert-private-key: The value of the private key. If this is babel-cert-private-key: The value of the private key. If this is
non-empty, this certificate can be used by this implementation to non-empty, this certificate can be used by this implementation to
provide a certificate during DTLS handshaking. An implementation provide a certificate during DTLS handshaking. An implementation
MUST NOT allow this parameter to be read. This can be done by MUST NOT allow this parameter to be read. This can be done by
always providing an empty string, or through permissions, or other always providing an empty string when read, or through
means. This value can only be provided when this instance is permissions, or other means. This value can only be provided when
created, and is not subsequently writable. this instance is created, and is not subsequently writable.
babel-cert-test: An operation that allows a hash of the provided babel-cert-test: An operation that allows a hash of the provided
input string to be created using the certificate public key and input string to be created using the certificate public key and
the SHA-256 hash algorithm. Input to this operation MUST be a the SHA-256 hash algorithm. Input to this operation is a binary
non-empty binary string. The output of this operation is the string. The output of this operation is the resulting hash, as a
resulting hash, as a binary string. binary string.
4. Extending the Information Model 4. Extending the Information Model
Implementations MAY extend this information model with other Implementations MAY extend this information model with other
parameters or objects. For example, an implementation MAY choose to parameters or objects. For example, an implementation MAY choose to
expose Babel route filtering rules by adding a route filtering object expose Babel route filtering rules by adding a route filtering object
with parameters appropriate to how route filtering is done in that with parameters appropriate to how route filtering is done in that
implementation. The precise means used to extend the information implementation. The precise means used to extend the information
model would be specific to the data model the implementation uses to model would be specific to the data model the implementation uses to
expose this information. expose this information.
skipping to change at page 18, line 47 skipping to change at page 18, line 43
This document defines a set of information model objects and This document defines a set of information model objects and
parameters that may be exposed to be visible from other devices, and parameters that may be exposed to be visible from other devices, and
some of which may be configured. Securing access to and ensuring the some of which may be configured. Securing access to and ensuring the
integrity of this data is in scope of and the responsibility of any integrity of this data is in scope of and the responsibility of any
data model derived from this information model. Specifically, any data model derived from this information model. Specifically, any
YANG [RFC7950] data model is expected to define security exposure of YANG [RFC7950] data model is expected to define security exposure of
the various parameters, and a [TR-181] data model will be secured by the various parameters, and a [TR-181] data model will be secured by
the mechanisms defined for the management protocol used to transport the mechanisms defined for the management protocol used to transport
it. it.
Misconfiguration (whether unintentional or malicious) can prevent
reachability or cause poor network performance (increased latency,
jitter, etc.). The information in this model discloses network
topology, which can be used to mount subsequent attacks on traffic
traversing the network.
This information model defines objects that can allow credentials This information model defines objects that can allow credentials
(for this device, for trusted devices, and for trusted certificate (for this device, for trusted devices, and for trusted certificate
authorities) to be added and deleted. Public keys and shared secrets authorities) to be added and deleted. Public keys may be exposed
may be exposed through this model. This model requires that private through this model. This model requires that private keys never be
keys never be exposed. The Babel security mechanisms that make use exposed. The Babel security mechanisms that make use of these
of these credentials (e.g., [I-D.ietf-babel-dtls], credentials (e.g., [I-D.ietf-babel-dtls], [I-D.ietf-babel-hmac])
identify what credentials can be used with those mechanisms.
[I-D.ietf-babel-hmac]) are expected to define what credentials can be MAC keys are allowed to be as short as zero-length. This is useful
used with those mechanisms. for testing. Network operators are advised to follow current best
practices for key length and generation of keys related to the MAC
algorithm associated with the key. Short (and zero-length) keys and
keys that make use of only alphanumeric characters are highly
susceptible to brute force attacks.
6. Acknowledgements 6. Acknowledgements
Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Acee Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Acee
Lindem, and Carsten Bormann have been very helpful in refining this Lindem, and Carsten Bormann have been very helpful in refining this
information model. information model.
The language in the Notation section was mostly taken from [RFC8193]. The language in the Notation section was mostly taken from [RFC8193].
7. References 7. References
7.1. Normative References 7.1. Normative References
[I-D.ietf-babel-rfc6126bis] [I-D.ietf-babel-rfc6126bis]
Chroboczek, J. and D. Schinazi, "The Babel Routing Chroboczek, J. and D. Schinazi, "The Babel Routing
Protocol", draft-ietf-babel-rfc6126bis-11 (work in Protocol", draft-ietf-babel-rfc6126bis-14 (work in
progress), June 2019. progress), August 2019.
[libpcap] Wireshark, "Libpcap File Format", 2015, [libpcap] Wireshark, "Libpcap File Format", 2015,
<https://wiki.wireshark.org/Development/ <https://wiki.wireshark.org/Development/
LibpcapFileFormat>. LibpcapFileFormat>.
[RFC0020] Cerf, V., "ASCII format for network interchange", STD 80,
RFC 20, DOI 10.17487/RFC0020, October 1969,
<https://www.rfc-editor.org/info/rfc20>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX, [RFC7468] Josefsson, S. and S. Leonard, "Textual Encodings of PKIX,
PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468, PKCS, and CMS Structures", RFC 7468, DOI 10.17487/RFC7468,
April 2015, <https://www.rfc-editor.org/info/rfc7468>. April 2015, <https://www.rfc-editor.org/info/rfc7468>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References 7.2. Informative References
[I-D.ietf-babel-dtls] [I-D.ietf-babel-dtls]
Decimo, A., Schinazi, D., and J. Chroboczek, "Babel Decimo, A., Schinazi, D., and J. Chroboczek, "Babel
Routing Protocol over Datagram Transport Layer Security", Routing Protocol over Datagram Transport Layer Security",
draft-ietf-babel-dtls-07 (work in progress), July 2019. draft-ietf-babel-dtls-09 (work in progress), August 2019.
[I-D.ietf-babel-hmac] [I-D.ietf-babel-hmac]
Do, C., Kolodziejak, W., and J. Chroboczek, "HMAC Do, C., Kolodziejak, W., and J. Chroboczek, "MAC
authentication for the Babel routing protocol", draft- authentication for the Babel routing protocol", draft-
ietf-babel-hmac-08 (work in progress), July 2019. ietf-babel-hmac-10 (work in progress), August 2019.
[ISO.10646] [ISO.10646]
International Organization for Standardization, International Organization for Standardization,
"Information Technology - Universal Multiple-Octet Coded "Information Technology - Universal Multiple-Octet Coded
Character Set (UCS)", ISO Standard 10646:2014, 2014. Character Set (UCS)", ISO Standard 10646:2014, 2014.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>.
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
<https://www.rfc-editor.org/info/rfc3339>. <https://www.rfc-editor.org/info/rfc3339>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-
Specifications: ABNF", STD 68, RFC 5234, 384, and HMAC-SHA-512 with IPsec", RFC 4868,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC4868, May 2007,
<https://www.rfc-editor.org/info/rfc5234>. <https://www.rfc-editor.org/info/rfc4868>.
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed.,
and A. Bierman, Ed., "Network Configuration Protocol and A. Bierman, Ed., "Network Configuration Protocol
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011,
<https://www.rfc-editor.org/info/rfc6241>. <https://www.rfc-editor.org/info/rfc6241>.
[RFC7693] Saarinen, M-J., Ed. and J-P. Aumasson, "The BLAKE2
Cryptographic Hash and Message Authentication Code (MAC)",
RFC 7693, DOI 10.17487/RFC7693, November 2015,
<https://www.rfc-editor.org/info/rfc7693>.
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language",
RFC 7950, DOI 10.17487/RFC7950, August 2016, RFC 7950, DOI 10.17487/RFC7950, August 2016,
<https://www.rfc-editor.org/info/rfc7950>. <https://www.rfc-editor.org/info/rfc7950>.
[RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J.
Schoenwaelder, "Information Model for Large-Scale Schoenwaelder, "Information Model for Large-Scale
Measurement Platforms (LMAPs)", RFC 8193, Measurement Platforms (LMAPs)", RFC 8193,
DOI 10.17487/RFC8193, August 2017, DOI 10.17487/RFC8193, August 2017,
<https://www.rfc-editor.org/info/rfc8193>. <https://www.rfc-editor.org/info/rfc8193>.
[TR-181] Broadband Forum, "Device Data Model", [TR-181] Broadband Forum, "Device Data Model",
<http://cwmp-data-models.broadband-forum.org/>. <http://cwmp-data-models.broadband-forum.org/>.
Appendix A. Open Issues
All open issues have been closed.
Closed Issues:
1. See minutes of IETF 104 for discussion of issues that led to
changes noted for 2019-07-08
2. HMAC spec adds other parameters to neighbor table. Check these
to see if any need to be readable or writable. / None were
identified.
3. Actions to add and delete HMAC and DTLS credentials, and
parameters that allow credential to be identified without
allowing access to private credential info. Will have separate
sub-tables for HMAC and DTLS credentials. / Instead, there is a
normative statement that the parameter values must never be
supplied when read.
4. Consider the following statistics: under interface object: sent
multicast Hello, sent updates, received Babel messages; under
neighbor object: sent unicast Hello, sent updates, sent IHU,
received Hello, received updates, received IHUs. Would also
need to enable/disable stats and clear stats.
5. Message log (optional to implement) is still in. Support for
the libpcap file format is "SHOULD".
6. Single security table with (optional) reference to interfaces
that security mechanism applies to. / This actually became
separate objects for DTLS and HMAC.
7. Should ABNF be normative in IANA Considerations section?
Decision was to leave it as is.
8. I want to get rid of the security log, because all Babel
messages (which should be defined as all messages to/from the
udp-port) are be logged by message-log. I don't like message
log as it is. I think if logging is enabled it should just
write to a text file. This will mean there also needs to be a
means of downloading/reading the log file. Closed by having
single log for all messages to/from udp port and log is
represented by a string that can be reference to filename or
some other part of the overall data model (depends on data
model).
9. Check description of enable parameters to make sure ok for YANG
and TR-181. Closed by updating description to be useful for
YANG and TR-181, using language consistent with YANG
descriptions. Done.
10. Distinguish signed and unsigned integers? All integers are
unsigned and size is mentioned in description of each uint
parameter.
11. Datatype of the router-id: Closed by introducing binary datatype
and using that for router-id
12. babel-neighbor-address as IPv6-only: Closed by leaving as is
(IPv4 and IPv6)
13. babel-implementation-version includes the name of the
implementation: Closed by adding "name" to description
14. Delete external-cost?: Closed by deleting.
15. Would it be useful to define some parameters for reporting
statistics or logs? [2 logs are now included. If others are
needed they need to be proposed. See Open Issues for additional
thoughts on logs and statistics.]
16. Closed by defining base64 type and using it for all router IDs:
"babel-self-router-id: Should this be an opaque 64-bit value
instead of int?"
17. Closed as "No": Do we need a registry for the supported security
mechanisms? [Given the current limited set, and unlikelihood of
massive expansion, I don't think so. But we can if someone
wants it.]
18. This draft must be reviewed against draft-ietf-babel-rfc6126bis.
[I feel like this has been adequately done, but I could be
wrong.]
19. babel-interfaces-obj: Juliusz:"This needs further discussion, I
fear some of these are implementation details." [In the absence
of discussion, the current model stands. Note that all but
link-type and the neighbors sub-object are optional. If an
implementation does not have any of the optional elements then
it simply doesn't have them and that's fine.]
20. Would it be useful to define some parameters specifically for
security anomalies? [The 2 logs should be useful in identifying
security anomalies. If more is needed, someone needs to
propose.]
21. I created a basic security model. It's useful for single (or
no) active security mechanism (e.g., just HMAC, just DTLS, or
neither); but not multiple active (both HMAC and DTLS -- which
is not the same as HMAC of DTLS and would just mean that HMAC
would be used on all unencrypted messages -- but right now the
model doesn't allow for configuring HMAC of unencrypted messages
for routers without DTLS, while DTLS is used if possible). OK?
[No-one said otherwise.]
22. babel-external-cost may need more work. [if no comment, it will
be left as is]
23. babel-hello-[mu]cast-history: the Hello history is formated as
16 bits, per A.1 of 6126bis. Is that a too implementation
specific? [We also now have an optional-to-implement log of
received messages, and I made these optional. So maybe this is
ok?]
24. rxcost, txcost, cost: is it ok to model as integers, since
6126bis 2.1 says costs and metrics need not be integers. [I
have them as integers unless someone insists on something else.]
25. For the security log, should it also log whether the credentials
were considered ok? [Right now it doesn't and I think that's ok
because if you log Hellos it was ok and if you don't it wasn't.]
26. Should Babel link types have an IANA registry? [Agreed to do
this at IETF 102.]
Appendix B. Change Log
Individual Drafts:
v00 2016-07-07 EBD: Initial individual draft version
v01 2017-03-13: Addressed comments received in 2016-07-15 email from
J. Chroboczek
Working group drafts:
v00 2017-07-03: Addressed points noted with "oops" in
https://www.ietf.org/proceedings/98/slides/slides-98-babel-babel-
information-model-00.pdf
v01 2018-01-02: Removed item from issue list that was agreed (in
Prague) not to be an issue. Added description of data types under
Notation section, and used these in all data types. Added babel-
security and babel-trust.
v02 2018-04-05:
* changed babel-version description to babel-implementation-
version
* replace optional babel-interface-seqno with optional babel-
mcast-hello-seqno and babel-ucast-hello-seqno
* replace optional babel-interface-hello-interval with optional
babel-mcast-hello-interval and babel-ucast-hello-interval
* remove babel-request-trigger-ack
* remove "babel-router-id: router-id of the neighbor"; note that
parameter had previously been removed but description had
accidentally not been removed
* added an optional "babel-cost" field to babel-neighbors object,
since the spec does not define how exactly the cost is computed
from rxcost/txcost
* deleted babel-source-garbage-collection-time
* change babel-lossy-link to babel-link-type and make this an
enumeration; added at top level babel-supported-link-types so
which are supported by this implementation can be reported
* changes to babel-security-obj to allow self credentials to be
one or more instances of a credential object. Allowed trusted
credentials to include CA credentials; made some parameter name
changes
* updated references and Introduction
* added Overview section
* deleted babel-sources-obj
* added feasible Boolean to routes
* added section to briefly describe extending the information
model.
* deleted babel-route-neighbor
* tried to make definition of babel-interface-reference clearer
* added security and message logs
v03 2018-05-31:
* added reference to RFC 8174 (update to RFC 2119 on key words)
* applied edits to Introduction text per Juliusz email of
2018-04-06
* Deleted sentence in definition of "int" data type that said it
was also used for enumerations. Changed all enumerations to
strings. The only enumerations were for link types, which are
now "ethernet", "wireless", "tunnel", and "other".
* deleted [ip-address babel-mcast-group-ipv4;]
* babel-external-cost description changed
* babel-security-self-cred: Added "any private key component of a
credential MUST NOT be readable;"
* hello-history parameters put recent Hello in most significant
bit and length of parameter is not constrained.
* babel-hello-seqno in neighbors-obj changed to babel-exp-mcast-
hello-seqno and babel-exp-ucast-hello-seqno
* added babel-route-neighbor back again. It was mistakenly
deleted
* changed babel-route-metric and babel-route-announced-metric to
babel-route-received-metric and babel-route-calculated-metric
* changed model of security object to put list of supported
mechanisms at top level and separate security object per
mechanism. This caused some other changes to the security
object
v04 2018-10-15:
* changed babel-mcast-group-ipv6 to babel-mcast-group
* link type parameters changed to point to newly defined registry
* babel-ucast-hello-interval moved to neighbor object
* babel-ucast-hello-seqno moved to neighbor object
* babel-neighbor-ihu-interval deleted
* in log descriptions, included statement that there SHOULD be
ability to clear logs
* added IANA registry for link types
* added "ro" and "rw" to tables for read-write and read-only
* added metric computation parameter to interface
v05 2019-01-15:
* security modeled with single table under information-obj and
references to interfaces that instance applies to
* changed int to uint because all integers in model were
unsigned; added size of integer to description of each uint
parameter
* deleted log object and made single message log that points to
file or other data model object used to maintain logs
* deleted babel-credentials; there are no more "common" objects;
hmac keys and DTLS certificates are more explicitly modeled
* changed definition of babel-security-supported
* added parameters for HMAC and DTLS
* added statistics
* changed all instances of "message" to "packet"
v06 2019-07-08:
* changed Link Type registry in IANA considerations to Lik
Property Types
* changed direction of reference for HMAC and DTLS objects to be
from interface to these objects
* provided DTLS certificate objects with a unique name
* changed received and calculated metric descriptions to make
clear that it is ok to have both
* constrained interface reference to only IPv6 interfaces
v07 2019-07-22:
* babel-dtls-enable and babel-hmac-enable moved to interfaces and
made rw
* renamed babel-dtls and babel-hmac to babel-dtls-cert-sets and
babel-hmac-key-sets and references to them from interfaces are
babel-if-dtls-cert-sets and babel-if-hmac-key-sets
* https://github.com/bhstark2/babel-information-model/issues/16
with nits
* https://github.com/bhstark2/babel-information-model/issues/14
addressing parameters not allowed to be empty/null
* https://github.com/bhstark2/babel-information-model/issues/18
on IANA link properties table
v08 2019-08-04:
* Deleted IANA Considerations section
* Deleted babel-supported-link-properties and babel-link-
properties in all places3
* Made babel-interface-metric-algorithm rw
* Added boolean rw babel-interface-split-horizon parameter
* Replaced the "k-out-of-j" enumeration for expression of
algorithmic capabilities with "2-out-of-3"
* Calculated and received metrics datatype can be signed int if
needed to represent NULL value
Authors' Addresses Authors' Addresses
Barbara Stark Barbara Stark
AT&T AT&T
Atlanta, GA Atlanta, GA
US US
Email: barbara.stark@att.com Email: barbara.stark@att.com
Mahesh Jethanandani Mahesh Jethanandani
VMware VMware
California California
US US
Email: mjethanandani@gmail.com Email: mjethanandani@gmail.com
 End of changes. 84 change blocks. 
550 lines changed or deleted 234 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/