draft-ietf-babel-yang-model-06.txt   draft-ietf-babel-yang-model-07.txt 
Babel Working Group M. Jethanandani Babel Working Group M. Jethanandani
Internet-Draft Kloud Services Internet-Draft Kloud Services
Intended status: Standards Track B. Stark Intended status: Standards Track B. Stark
Expires: December 30, 2020 AT&T Expires: August 1, 2021 AT&T
June 28, 2020 January 28, 2021
YANG Data Model for Babel YANG Data Model for Babel
draft-ietf-babel-yang-model-06 draft-ietf-babel-yang-model-07
Abstract Abstract
This document defines a data model for the Babel routing protocol. This document defines a data model for the Babel routing protocol.
The data model is defined using the YANG data modeling language. The data model is defined using the YANG data modeling language.
Requirements Language Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 30, 2020. This Internet-Draft will expire on August 1, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 23 skipping to change at page 2, line 23
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2 1.1. Note to RFC Editor . . . . . . . . . . . . . . . . . . . 2
1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3 1.2. Tree Diagram Annotations . . . . . . . . . . . . . . . . 3
2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Babel Module . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3 2.1. Information Model . . . . . . . . . . . . . . . . . . . . 3
2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3
2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 4
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 29
3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29 3.1. URI Registrations . . . . . . . . . . . . . . . . . . . . 29
3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29 3.2. YANG Module Name Registration . . . . . . . . . . . . . . 29
4. Security Considerations . . . . . . . . . . . . . . . . . . . 29 4. Security Considerations . . . . . . . . . . . . . . . . . . . 30
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 30 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 30 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.1. Normative References . . . . . . . . . . . . . . . . . . 30 6.1. Normative References . . . . . . . . . . . . . . . . . . 31
6.2. Informative References . . . . . . . . . . . . . . . . . 31 6.2. Informative References . . . . . . . . . . . . . . . . . 32
Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 32 Appendix A. An Appendix . . . . . . . . . . . . . . . . . . . . 33
A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 32 A.1. Statistics Gathering Enabled . . . . . . . . . . . . . . 33
A.2. Automatic Detection of Properties . . . . . . . . . . . . 34 A.2. Automatic Detection of Properties . . . . . . . . . . . . 35
A.3. Override Default Properties . . . . . . . . . . . . . . . 35 A.3. Override Default Properties . . . . . . . . . . . . . . . 36
A.4. Configuring other Properties . . . . . . . . . . . . . . 36 A.4. Configuring other Properties . . . . . . . . . . . . . . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 38 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
This document defines a data model for the Babel routing protocol This document defines a data model for the Babel routing protocol
[I-D.ietf-babel-rfc6126bis]. The data model is defined using YANG [RFC8966]. The data model is defined using YANG 1.1 [RFC7950] data
1.1 [RFC7950] data modeling language and is Network Management modeling language and is Network Management Datastore Architecture
Datastore Architecture (NDMA) [RFC8342] compatible. It is based on (NDMA) [RFC8342] compatible. It is based on the Babel Information
the Babel Information Model [I-D.ietf-babel-information-model]. Model [I-D.ietf-babel-information-model].
1.1. Note to RFC Editor 1.1. Note to RFC Editor
Artwork in this document contains shorthand references to drafts in Artwork in this document contains shorthand references to drafts in
progress. Please apply the following replacements and remove this progress. Please apply the following replacements and remove this
note before publication. note before publication.
o "XXXX" --> the assigned RFC value for this draft both in this o "XXXX" --> the assigned RFC value for this draft both in this
draft and in the YANG models under the revision statement. draft and in the YANG models under the revision statement.
o "ZZZZ" --> the assigned RFC value for Babel Information Model o "ZZZZ" --> the assigned RFC value for Babel Information Model
[I-D.ietf-babel-information-model] [I-D.ietf-babel-information-model]
o Revision date in model, in the format 2020-06-28 needs to get o Revision date in model, in the format 2021-01-26 needs to get
updated with the date the draft gets approved. The date also updated with the date the draft gets approved. The date also
needs to get reflected on the line with <CODE BEGINS>. needs to get reflected on the line with <CODE BEGINS>.
1.2. Tree Diagram Annotations 1.2. Tree Diagram Annotations
For a reference to the annotations used in tree diagrams included in For a reference to the annotations used in tree diagrams included in
this draft, please see YANG Tree Diagrams [RFC8340]. this draft, please see YANG Tree Diagrams [RFC8340].
2. Babel Module 2. Babel Module
skipping to change at page 4, line 18 skipping to change at page 4, line 18
+--rw babel! +--rw babel!
+--ro version? string +--ro version? string
+--rw enable boolean +--rw enable boolean
+--ro router-id? binary +--ro router-id? binary
+--ro seqno? uint16 +--ro seqno? uint16
+--rw stats-enable? boolean +--rw stats-enable? boolean
+--rw constants +--rw constants
| ... | ...
+--rw interfaces* [reference] +--rw interfaces* [reference]
| ... | ...
+--rw mac* [name] +--rw mac-key-set* [name]
| ... | ...
+--rw dtls* [name] +--rw dtls* [name]
| ... | ...
+--ro routes* [prefix] +--ro routes* [prefix]
... ...
The interfaces subtree describes attributes such as interface object The interfaces subtree describes attributes such as interface object
that is being referenced, the type of link as enumerated by metric- that is being referenced, the type of link as enumerated by metric-
algorithm and split-horizon and whether the interface is enabled or algorithm and split-horizon and whether the interface is enabled or
not. not.
skipping to change at page 5, line 31 skipping to change at page 5, line 31
'mcast-hello-interval', and 'update-interval', in order to avoid 'mcast-hello-interval', and 'update-interval', in order to avoid
carrying control traffic as much as possible. carrying control traffic as much as possible.
In addition to the modules used above, this module imports In addition to the modules used above, this module imports
definitions from Common YANG Data Types [RFC6991], and references definitions from Common YANG Data Types [RFC6991], and references
HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC- HMAC: Keyed-Hashing for Message Authentication [RFC2104], Using HMAC-
SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport SHA-256, HMAC-SHA-384, and HMAC-SHA-512 [RFC4868], Datagram Transport
Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash Layer Security Version 1.2 [RFC6347], The Blake2 Cryptographic Hash
and Message Authentication Code (MAC) [RFC7693], Babel Information and Message Authentication Code (MAC) [RFC7693], Babel Information
Model [I-D.ietf-babel-information-model], and The Babel Routing Model [I-D.ietf-babel-information-model], and The Babel Routing
Protocol [I-D.ietf-babel-rfc6126bis]. Protocol [RFC8966].
<CODE BEGINS> file "ietf-babel@2020-06-28.yang" <CODE BEGINS> file "ietf-babel@2021-01-26.yang"
module ietf-babel { module ietf-babel {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-babel"; namespace "urn:ietf:params:xml:ns:yang:ietf-babel";
prefix babel; prefix babel;
import ietf-yang-types { import ietf-yang-types {
prefix yt; prefix yt;
reference reference
"RFC 6991: Common YANG Data Types."; "RFC 6991: Common YANG Data Types.";
skipping to change at page 6, line 49 skipping to change at page 6, line 49
without modification, is permitted pursuant to, and subject to without modification, is permitted pursuant to, and subject to
the license terms contained in, the Simplified BSD License set the license terms contained in, the Simplified BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX This version of this YANG module is part of RFC XXXX
(https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself (https://www.rfc-editor.org/info/rfcXXXX); see the RFC itself
for full legal notices."; for full legal notices.";
revision 2020-06-28 { revision 2021-01-26 {
description description
"Initial version."; "Initial version.";
reference reference
"RFC XXXX: Babel YANG Data Model."; "RFC XXXX: Babel YANG Data Model.";
} }
/* /*
* Features * Features
*/ */
skipping to change at page 7, line 27 skipping to change at page 7, line 27
feature etx-supported { feature etx-supported {
description description
"This implementation supports Expected Transmission Count "This implementation supports Expected Transmission Count
(ETX) metric comp algorithm."; (ETX) metric comp algorithm.";
} }
feature mac-supported { feature mac-supported {
description description
"This implementation supports MAC based security."; "This implementation supports MAC based security.";
reference
"draft-ietf-babel-hmac: MAC authentication for Babel Routing
Protocol.";
} }
feature dtls-supported { feature dtls-supported {
description description
"This implementation supports DTLS based security."; "This implementation supports DTLS based security.";
reference
"draft-ietf-babel-dtls: Babel Routing Protocol over Datagram
Transport Layer Security.";
} }
feature hmac-sha256-supported { feature hmac-sha256-supported {
description description
"This implementation supports hmac-sha256 MAC algorithm."; "This implementation supports hmac-sha256 MAC algorithm.";
reference
"draft-ietf-babel-hmac: MAC authentication for Babel Routing
Protocol.";
} }
feature blake2s-supported { feature blake2s-supported {
description description
"This implementation supports blake2 MAC algorithm."; "This implementation supports blake2s MAC algorithms.
Specifically, BLAKE2-128 is supported.";
reference
"draft-ietf-babel-hmac: MAC authentication for Babel Routing
Protocol.";
} }
feature x-509-supported { feature x-509-supported {
description description
"This implementation supports x-509 certificate type."; "This implementation supports x-509 certificate type.";
reference
"draft-ietf-babel-dtls: Babel Routing Protocol over Datagram
Transport Layer Security.";
} }
feature raw-public-key-supported { feature raw-public-key-supported {
description description
"This implementation supports raw-public-key certificate type."; "This implementation supports raw-public-key certificate type.";
reference
"draft-ietf-babel-dtls: Babel Routing Protocol over Datagram
Transport Layer Security.";
} }
/* /*
* Identities * Identities
*/ */
identity metric-comp-algorithms { identity metric-comp-algorithms {
description description
"Base identity from which all Babel metric comp algorithms "Base identity from which all Babel metric comp algorithms
are derived."; are derived.";
} }
identity two-out-of-three { identity two-out-of-three {
skipping to change at page 8, line 18 skipping to change at page 8, line 38
description description
"Base identity from which all Babel metric comp algorithms "Base identity from which all Babel metric comp algorithms
are derived."; are derived.";
} }
identity two-out-of-three { identity two-out-of-three {
if-feature two-out-of-three-supported; if-feature two-out-of-three-supported;
base "metric-comp-algorithms"; base "metric-comp-algorithms";
description description
"2-out-of-3 algorithm."; "2-out-of-3 algorithm.";
reference
"draft-ietf-babel-rfc6126bis: The Babel Routing Protocol,
Section A.2.1.";
} }
identity etx { identity etx {
if-feature etx-supported; if-feature etx-supported;
base "metric-comp-algorithms"; base "metric-comp-algorithms";
description description
"Expected Transmission Count."; "Expected Transmission Count.";
reference
"draft-ietf-babel-rfc6126bis: The Babel Routing Protocol,
Section A.2.2.";
} }
/* /*
* Babel MAC algorithms identities. * Babel MAC algorithms identities.
*/ */
identity mac-algorithms { identity mac-algorithms {
description description
"Base identity for all Babel MAC algorithms."; "Base identity for all Babel MAC algorithms.";
} }
identity hmac-sha256 { identity hmac-sha256 {
if-feature mac-supported; if-feature mac-supported;
skipping to change at page 8, line 51 skipping to change at page 9, line 28
reference reference
"RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 "RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512
with IPsec."; with IPsec.";
} }
identity blake2s { identity blake2s {
if-feature mac-supported; if-feature mac-supported;
if-feature blake2s-supported; if-feature blake2s-supported;
base mac-algorithms; base mac-algorithms;
description description
"BLAKE2s algorithm supported."; "BLAKE2s algorithms supported. Specifically, BLAKE2-128 is
supported.";
reference reference
"RFC 7693: The BLAKE2 Cryptographic Hash and Message "RFC 7693: The BLAKE2 Cryptographic Hash and Message
Authentication Code (MAC)."; Authentication Code (MAC).";
} }
/* /*
* Babel Cert Types * Babel Cert Types
*/ */
identity dtls-cert-types { identity dtls-cert-types {
description description
skipping to change at page 13, line 43 skipping to change at page 14, line 21
"Sequence number included in route updates for routes "Sequence number included in route updates for routes
originated by this node."; originated by this node.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.1."; "RFC ZZZZ: Babel Information Model, Section 3.1.";
} }
leaf stats-enable { leaf stats-enable {
type boolean; type boolean;
description description
"Indicates whether statistics collection is enabled (true) "Indicates whether statistics collection is enabled (true)
or disabled (false) on all interfaces."; or disabled (false) on all interfaces. When enabled,
existing statistics values are not cleared and will be
incremented as new packets are counted.";
} }
container constants { container constants {
description description
"Babel Constants object."; "Babel Constants object.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.1."; "RFC ZZZZ: Babel Information Model, Section 3.1.";
leaf udp-port { leaf udp-port {
type inet:port-number; type inet:port-number;
skipping to change at page 16, line 21 skipping to change at page 16, line 50
type boolean; type boolean;
description description
"Indicates whether the MAC security mechanism is enabled "Indicates whether the MAC security mechanism is enabled
(true) or disabled (false)."; (true) or disabled (false).";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.";
} }
leaf-list mac-key-sets { leaf-list mac-key-sets {
type leafref { type leafref {
path "../../mac/name"; path "../../mac-key-set/name";
} }
description description
"List of references to the mac entries that apply "List of references to the mac entries that apply
to this interface. When an interface instance is to this interface. When an interface instance is
created, all mac instances with default-apply 'true' created, all mac instances with default-apply 'true'
will be included in this list."; will be included in this list.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.";
} }
leaf mac-verify { leaf mac-verify {
type boolean; type boolean;
description description
"A Boolean flag indicating whether MAC hashes in "A Boolean flag indicating whether MACs in
incoming Babel packets are required to be present and incoming Babel packets are required to be present and
are verified. If this parameter is 'true', incoming are verified. If this parameter is 'true', incoming
packets are required to have a valid MAC hash."; packets are required to have a valid MAC.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.";
} }
leaf dtls-enable { leaf dtls-enable {
type boolean; type boolean;
description description
"Indicates whether the DTLS security mechanism is enabled "Indicates whether the DTLS security mechanism is enabled
(true) or disabled (false)."; (true) or disabled (false).";
reference reference
skipping to change at page 17, line 24 skipping to change at page 18, line 4
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.";
} }
leaf dtls-cached-info { leaf dtls-cached-info {
type boolean; type boolean;
description description
"Indicates whether the cached_info extension is included "Indicates whether the cached_info extension is included
in ClientHello and ServerHello packets. The extension in ClientHello and ServerHello packets. The extension
is included if the value is 'true'."; is included if the value is 'true'.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.
draft-ietf-babel-dtls: Babel Routing Protocol over
Datagram Transport Layer Security, Appendix A.";
} }
leaf-list dtls-cert-prefer { leaf-list dtls-cert-prefer {
type leafref { type leafref {
path "../../dtls/certs/type"; path "../../dtls/certs/type";
} }
ordered-by user; ordered-by user;
description description
"List of supported certificate types, in order of "List of supported certificate types, in order of
preference. The values MUST be among those listed in preference. The values MUST be among those listed in
dtls-cert-types. This list is used to populate the dtls-cert-types. This list is used to populate the
server_certificate_type extension in a Client Hello. server_certificate_type extension in a Client Hello.
Values that are present in at least one instance in the Values that are present in at least one instance in the
certs object under dtls of a referenced dtls instance certs object under dtls of a referenced dtls instance
and that have a non-empty private-key will be used to and that have a non-empty private-key will be used to
populate the client_certificate_type extension in a populate the client_certificate_type extension in a
Client Hello."; Client Hello.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3
draft-ietf-babel-dtls: Babel Routing Protocol over
Datagram Transport Layer Security, Appendix A.";
} }
leaf packet-log-enable { leaf packet-log-enable {
type boolean; type boolean;
description description
"If true, logging of babel packets received on this "If true, logging of babel packets received on this
interface is enabled; if false, babel packets are not interface is enabled; if false, babel packets are not
logged."; logged.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.3."; "RFC ZZZZ: Babel Information Model, Section 3.3.";
} }
leaf packet-log { leaf packet-log {
type inet:uri; type inet:uri;
config false; config false;
description description
"A reference or url link to a file that contains a "A reference or url link to a file that contains a
timestamped log of packets received and sent on timestamped log of packets received and sent on
skipping to change at page 23, line 4 skipping to change at page 23, line 36
description description
"Link cost is computed from the values maintained in "Link cost is computed from the values maintained in
the neighbor table. The statistics kept in the neighbor the neighbor table. The statistics kept in the neighbor
table about the reception of Hellos, and the txcost table about the reception of Hellos, and the txcost
computed from received IHU packets."; computed from received IHU packets.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.5."; "RFC ZZZZ: Babel Information Model, Section 3.5.";
} }
} }
} }
list mac {
list mac-key-set {
key "name"; key "name";
description description
"A mac object. If this object is implemented, it "A mac key set object. If this object is implemented, it
provides access to parameters related to the MAC security provides access to parameters related to the MAC security
mechanism."; mechanism.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.7."; "RFC ZZZZ: Babel Information Model, Section 3.7.";
leaf name { leaf name {
type string; type string;
description description
"A string that uniquely identifies the mac object."; "A string that uniquely identifies the mac object.";
} }
skipping to change at page 23, line 19 skipping to change at page 24, line 4
provides access to parameters related to the MAC security provides access to parameters related to the MAC security
mechanism."; mechanism.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.7."; "RFC ZZZZ: Babel Information Model, Section 3.7.";
leaf name { leaf name {
type string; type string;
description description
"A string that uniquely identifies the mac object."; "A string that uniquely identifies the mac object.";
} }
leaf default-apply { leaf default-apply {
type boolean; type boolean;
description description
"A Boolean flag indicating whether this mac "A Boolean flag indicating whether this object
instance is applied to all new interfaces, by default. instance is applied to all new interfaces, by default.
If 'true', this instance is applied to new If 'true', this instance is applied to new babel-
interfaces instances at the time they are created, interfaces instances at the time they are created,
by including it in the mac-key-sets list under by including it in the mac-key-sets list under
interfaces. If 'false', this instance is not applied interfaces. If 'false', this instance is not applied
to new interfaces instances when they are created."; to new interfaces instances when they are created.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.7."; "RFC ZZZZ: Babel Information Model, Section 3.7.";
} }
list keys { list keys {
key "name"; key "name";
skipping to change at page 24, line 4 skipping to change at page 24, line 36
leaf name { leaf name {
type string; type string;
mandatory true; mandatory true;
description description
"A unique name for this MAC key that can be used to "A unique name for this MAC key that can be used to
identify the key in this object instance, since the key identify the key in this object instance, since the key
value is not allowed to be read. This value can only be value is not allowed to be read. This value can only be
provided when this instance is created, and is not provided when this instance is created, and is not
subsequently writable."; subsequently writable.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
} }
leaf use-sign { leaf use-send {
type boolean; type boolean;
mandatory true; mandatory true;
description description
"Indicates whether this key value is used to sign sent "Indicates whether this key value is used to compute a
Babel packets. Sent packets are signed using this key MAC and include that MAC in the sent Babel packet. A MAC
if the value is 'true'. If the value is 'false', this for sent packets is computed using this key if the value
key is not used to sign sent Babel packets."; is 'true'. If the value is 'false', this key is not used
to compute a MAC to include in sent Babel packets.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
} }
leaf use-verify { leaf use-verify {
type boolean; type boolean;
mandatory true; mandatory true;
description description
"Indicates whether this key value is used to verify "Indicates whether this key value is used to verify
incoming Babel packets. This key is used to verify incoming Babel packets. This key is used to verify
incoming packets if the value is 'true'. If the value incoming packets if the value is 'true'. If the value
is 'false', no MAC is computed from this key for is 'false', no MAC is computed from this key for
comparing an incoming packet."; comparing an incoming packet.";
reference reference
skipping to change at page 24, line 51 skipping to change at page 25, line 34
permissions, or other means. This value MUST be permissions, or other means. This value MUST be
provided when this instance is created, and is not provided when this instance is created, and is not
subsequently writable. subsequently writable.
This value is of a length suitable for the associated This value is of a length suitable for the associated
algorithm. If the algorithm is based on algorithm. If the algorithm is based on
the HMAC construction [RFC2104], the length MUST be the HMAC construction [RFC2104], the length MUST be
between 0 and the block size of the underlying hash between 0 and the block size of the underlying hash
inclusive (where 'HMAC-SHA256' block size is 64 inclusive (where 'HMAC-SHA256' block size is 64
bytes as described in [RFC4868]). If the algorithm bytes as described in [RFC4868]). If the algorithm
is 'BLAKE2s', the length MUST be between 0 and 32 is 'BLAKE2-128', the length MUST be between 0 and 32
bytes inclusive, as described in [RFC7693]."; bytes inclusive, as described in [RFC7693].";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8, "RFC ZZZZ: Babel Information Model, Section 3.8,
RFC 2104: HMAC: Keyed-Hashing for Message RFC 2104: HMAC: Keyed-Hashing for Message
Authentication Authentication
RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and
HMAC-SHA-512 with IPsec, HMAC-SHA-512 with IPsec,
RFC 7693: The BLAKE2 Cryptographic Hash and Message RFC 7693: The BLAKE2 Cryptographic Hash and Message
Authentication Code (MAC)."; Authentication Code (MAC).";
} }
skipping to change at page 25, line 29 skipping to change at page 26, line 12
description description
"The name of the MAC algorithm used with this key. The "The name of the MAC algorithm used with this key. The
value MUST be the same as one of the enumerations value MUST be the same as one of the enumerations
listed in the mac-algorithms parameter."; listed in the mac-algorithms parameter.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
} }
action test { action test {
description description
"An operation that allows the MAC key and hash "An operation that allows the MAC key and MAC
algorithm to be tested to see if they produce an algorithm to be tested to see if they produce an
expected outcome. Input to this operation is a expected outcome. Input to this operation are a
binary string. The implementation is expected to binary string and a calculated MAC (also in the
create a hash of this string using the value and format of a binary string) for the binary string.
the algorithm. The output of this operation is The implementation is expected to create a MAC over
the resulting hash, as a binary string."; the binary string using the value and algorithm.
The output of this operation is a binary indication that
the calculated MAC matched the input MAC (true) or the
MACs did not match (false).";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
input { input {
leaf test-string { leaf test-string {
type binary; type binary;
mandatory true; mandatory true;
description description
"Input to this operation is a binary string. "Input to this operation is a binary string.
The implementation is expected to create The implementation is expected to create
a hash of this string using the value and a MAC over this string using the value and
the algorithm."; the algorithm defined as part of the mac-key-set.";
reference
"RFC ZZZZ: Babel Information Model, Section 3.8.";
}
leaf mac {
type binary;
mandatory true;
description
"Input to this operation includes a MAC.
The implementation is expected to calculate a MAC
over the string using the value and algorithm of
this key object and compare its calculated MAC to
this input MAC.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
} }
} }
output { output {
leaf resulting-hash { leaf indication {
type binary; type boolean;
mandatory true; mandatory true;
description description
"The output of this operation is "The output of this operation is a binary indication
the resulting hash, as a binary string."; that the calculated MAC matched the input MAC (true)
or the MACs did not match (false).";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.8."; "RFC ZZZZ: Babel Information Model, Section 3.8.";
} }
} }
} }
} }
} }
list dtls { list dtls {
key "name"; key "name";
skipping to change at page 26, line 38 skipping to change at page 27, line 39
leaf name { leaf name {
type string; type string;
description description
"A string that uniquely identifies a dtls object."; "A string that uniquely identifies a dtls object.";
} }
leaf default-apply { leaf default-apply {
type boolean; type boolean;
mandatory true; mandatory true;
description description
"A Boolean flag indicating whether this dtls "A Boolean flag indicating whether this object
instance is applied to all new interfaces, by default. If instance is applied to all new interfaces, by default. If
'true', this instance is applied to new interfaces 'true', this instance is applied to new interfaces
instances at the time they are created, by including it instances at the time they are created, by including it
in the dtls-certs list under interfaces. If 'false', in the dtls-certs list under interfaces. If 'false',
this instance is not applied to new interfaces this instance is not applied to new interfaces
instances when they are created."; instances when they are created.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.9."; "RFC ZZZZ: Babel Information Model, Section 3.9.";
} }
skipping to change at page 27, line 17 skipping to change at page 28, line 19
for authentication, and to accept from others. for authentication, and to accept from others.
Certificates with a non-empty private-key Certificates with a non-empty private-key
can be presented by this implementation for can be presented by this implementation for
authentication."; authentication.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.10."; "RFC ZZZZ: Babel Information Model, Section 3.10.";
leaf name { leaf name {
type string; type string;
description description
"A unique name for this DTLS certificate that can be "A unique name for this certificate that can be
used to identify the certificate in this object used to identify the certificate in this object
instance, since the value is too long to be useful instance, since the value is too long to be useful
for identification. This value MUST NOT be empty for identification. This value MUST NOT be empty
and can only be provided when this instance is created and can only be provided when this instance is created
(i.e., it is not subsequently writable)."; (i.e., it is not subsequently writable).";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.10."; "RFC ZZZZ: Babel Information Model, Section 3.10.";
} }
leaf value { leaf value {
type string; type string;
mandatory true; mandatory true;
description description
"The DTLS certificate in PEM format [RFC7468]. This "The certificate in PEM format [RFC7468]. This
value can only be provided when this instance is value can only be provided when this instance is
created, and is not subsequently writable."; created, and is not subsequently writable.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.10."; "RFC ZZZZ: Babel Information Model, Section 3.10.";
} }
leaf type { leaf type {
type identityref { type identityref {
base dtls-cert-types; base dtls-cert-types;
} }
skipping to change at page 28, line 19 skipping to change at page 29, line 22
this certificate can be used by this implementation to this certificate can be used by this implementation to
provide a certificate during DTLS handshaking. An provide a certificate during DTLS handshaking. An
implementation MUST NOT allow this parameter to be implementation MUST NOT allow this parameter to be
read. This can be done by always providing an empty read. This can be done by always providing an empty
string, or through permissions, or other means. This string, or through permissions, or other means. This
value can only be provided when this instance is value can only be provided when this instance is
created, and is not subsequently writable."; created, and is not subsequently writable.";
reference reference
"RFC ZZZZ: Babel Information Model, Section 3.10."; "RFC ZZZZ: Babel Information Model, Section 3.10.";
} }
action test {
input {
leaf test-string {
type binary;
mandatory true;
description
"The test string on which this test has to be
performed.";
}
}
output {
leaf resulting-hash {
type binary;
mandatory true;
description
"The output of this operation is a binary string,
and is the resulting hash computed using the
certificate public key, and the SHA-256
hash algorithm.";
}
}
}
} }
} }
uses routes; uses routes;
} }
} }
} }
<CODE ENDS> <CODE ENDS>
skipping to change at page 30, line 42 skipping to change at page 31, line 24
5. Acknowledgements 5. Acknowledgements
Juliusz Chroboczek provided most of the example configurations for Juliusz Chroboczek provided most of the example configurations for
babel that are shown in the Appendix. babel that are shown in the Appendix.
6. References 6. References
6.1. Normative References 6.1. Normative References
[I-D.ietf-babel-rfc6126bis]
Chroboczek, J. and D. Schinazi, "The Babel Routing
Protocol", draft-ietf-babel-rfc6126bis-17 (work in
progress), February 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-
384, and HMAC-SHA-512 with IPsec", RFC 4868, 384, and HMAC-SHA-512 with IPsec", RFC 4868,
DOI 10.17487/RFC4868, May 2007, DOI 10.17487/RFC4868, May 2007,
<https://www.rfc-editor.org/info/rfc4868>. <https://www.rfc-editor.org/info/rfc4868>.
skipping to change at page 31, line 35 skipping to change at page 32, line 10
[RFC8343] Bjorklund, M., "A YANG Data Model for Interface [RFC8343] Bjorklund, M., "A YANG Data Model for Interface
Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, Management", RFC 8343, DOI 10.17487/RFC8343, March 2018,
<https://www.rfc-editor.org/info/rfc8343>. <https://www.rfc-editor.org/info/rfc8343>.
[RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for [RFC8349] Lhotka, L., Lindem, A., and Y. Qu, "A YANG Data Model for
Routing Management (NMDA Version)", RFC 8349, Routing Management (NMDA Version)", RFC 8349,
DOI 10.17487/RFC8349, March 2018, DOI 10.17487/RFC8349, March 2018,
<https://www.rfc-editor.org/info/rfc8349>. <https://www.rfc-editor.org/info/rfc8349>.
[RFC8966] Chroboczek, J. and D. Schinazi, "The Babel Routing
Protocol", RFC 8966, DOI 10.17487/RFC8966, January 2021,
<https://www.rfc-editor.org/info/rfc8966>.
6.2. Informative References 6.2. Informative References
[I-D.ietf-babel-information-model] [I-D.ietf-babel-information-model]
Stark, B. and M. Jethanandani, "Babel Information Model", Stark, B. and M. Jethanandani, "Babel Information Model",
draft-ietf-babel-information-model-10 (work in progress), draft-ietf-babel-information-model-11 (work in progress),
October 2019. August 2020.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>. <https://www.rfc-editor.org/info/rfc2104>.
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for
the Network Configuration Protocol (NETCONF)", RFC 6020, the Network Configuration Protocol (NETCONF)", RFC 6020,
DOI 10.17487/RFC6020, October 2010, DOI 10.17487/RFC6020, October 2010,
<https://www.rfc-editor.org/info/rfc6020>. <https://www.rfc-editor.org/info/rfc6020>.
skipping to change at page 33, line 33 skipping to change at page 34, line 33
<name>name:babel</name> <name>name:babel</name>
<babel <babel
xmlns="urn:ietf:params:xml:ns:yang:ietf-babel"> xmlns="urn:ietf:params:xml:ns:yang:ietf-babel">
<enable>true</enable> <enable>true</enable>
<stats-enable>true</stats-enable> <stats-enable>true</stats-enable>
<interfaces> <interfaces>
<reference>eth0</reference> <reference>eth0</reference>
<metric-algorithm>two-out-of-three</metric-algorithm> <metric-algorithm>two-out-of-three</metric-algorithm>
<split-horizon>true</split-horizon> <split-horizon>true</split-horizon>
</interfaces> </interfaces>
<mac> <mac-key-set>
<name>hmac-sha256</name> <name>hmac-sha256</name>
<keys> <keys>
<name>hmac-sha256-keys</name> <name>hmac-sha256-keys</name>
<use-sign>true</use-sign> <use-send>true</use-send>
<use-verify>true</use-verify> <use-verify>true</use-verify>
<value>base64encodedvalue==</value> <value>base64encodedvalue==</value>
<algorithm>hmac-sha256</algorithm> <algorithm>hmac-sha256</algorithm>
</keys> </keys>
</mac> </mac-key-set>
</babel> </babel>
</control-plane-protocol> </control-plane-protocol>
</control-plane-protocols> </control-plane-protocols>
</routing> </routing>
</config> </config>
A.2. Automatic Detection of Properties A.2. Automatic Detection of Properties
<!-- In this example, babeld is configured on two interfaces <!-- In this example, babeld is configured on two interfaces
 End of changes. 55 change blocks. 
98 lines changed or deleted 119 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/