| rfc9046.original | rfc9046.txt | |||
|---|---|---|---|---|
| Babel routing protocol B.H. Stark | Internet Engineering Task Force (IETF) B. Stark | |||
| Internet-Draft AT&T | Request for Comments: 9046 AT&T | |||
| Intended status: Informational M.J. Jethanandani | Category: Informational M. Jethanandani | |||
| Expires: 12 September 2021 VMware | ISSN: 2070-1721 Kloud Services | |||
| 11 March 2021 | June 2021 | |||
| Babel Information Model | Babel Information Model | |||
| draft-ietf-babel-information-model-14 | ||||
| Abstract | Abstract | |||
| This Babel Information Model provides structured data elements for a | The Babel information model provides structured data elements for a | |||
| Babel implementation reporting its current state and may allow | Babel implementation reporting its current state and may allow | |||
| limited configuration of some such data elements. This information | limited configuration of some such data elements. This information | |||
| model can be used as a basis for creating data models under various | model can be used as a basis for creating data models under various | |||
| data modeling regimes. This information model only includes | data modeling regimes. This information model only includes | |||
| parameters and parameter values useful for managing Babel over IPv6. | parameters and parameter values useful for managing Babel over IPv6. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This document is not an Internet Standards Track specification; it is | |||
| provisions of BCP 78 and BCP 79. | published for informational purposes. | |||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF). Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. The list of current Internet- | ||||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
| and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
| time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
| material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Not all documents | |||
| approved by the IESG are candidates for any level of Internet | ||||
| Standard; see Section 2 of RFC 7841. | ||||
| This Internet-Draft will expire on 12 September 2021. | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | ||||
| https://www.rfc-editor.org/info/rfc9046. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2021 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
| license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
| extracted from this document must include Simplified BSD License text | to this document. Code Components extracted from this document must | |||
| as described in Section 4.e of the Trust Legal Provisions and are | include Simplified BSD License text as described in Section 4.e of | |||
| provided without warranty as described in the Simplified BSD License. | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language | |||
| 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Notation | |||
| 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Overview | |||
| 3. The Information Model . . . . . . . . . . . . . . . . . . . . 7 | 3. The Information Model | |||
| 3.1. Definition of babel-information-obj . . . . . . . . . . . 7 | 3.1. Definition of babel-information-obj | |||
| 3.2. Definition of babel-constants-obj . . . . . . . . . . . . 9 | 3.2. Definition of babel-constants-obj | |||
| 3.3. Definition of babel-interface-obj . . . . . . . . . . . . 9 | 3.3. Definition of babel-interface-obj | |||
| 3.4. Definition of babel-if-stats-obj . . . . . . . . . . . . 12 | 3.4. Definition of babel-if-stats-obj | |||
| 3.5. Definition of babel-neighbor-obj . . . . . . . . . . . . 13 | 3.5. Definition of babel-neighbor-obj | |||
| 3.6. Definition of babel-route-obj . . . . . . . . . . . . . . 14 | 3.6. Definition of babel-route-obj | |||
| 3.7. Definition of babel-mac-key-set-obj . . . . . . . . . . . 16 | 3.7. Definition of babel-mac-key-set-obj | |||
| 3.8. Definition of babel-mac-key-obj . . . . . . . . . . . . . 16 | 3.8. Definition of babel-mac-key-obj | |||
| 3.9. Definition of babel-dtls-cert-set-obj . . . . . . . . . . 18 | 3.9. Definition of babel-dtls-cert-set-obj | |||
| 3.10. Definition of babel-dtls-cert-obj . . . . . . . . . . . . 18 | 3.10. Definition of babel-dtls-cert-obj | |||
| 4. Extending the Information Model . . . . . . . . . . . . . . . 19 | 4. Extending the Information Model | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | 5. Security Considerations | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 | 6. IANA Considerations | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 20 | 7. References | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 | 7.1. Normative References | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 21 | 7.2. Informative References | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 22 | Acknowledgements | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 | Authors' Addresses | |||
| 1. Introduction | 1. Introduction | |||
| Babel is a loop-avoiding distance-vector routing protocol defined in | Babel is a loop-avoiding, distance-vector routing protocol defined in | |||
| [RFC8966]. [RFC8967] defines a security mechanism that allows Babel | [RFC8966]. [RFC8967] defines a security mechanism that allows Babel | |||
| packets to be cryptographically authenticated, and [RFC8968] defines | packets to be cryptographically authenticated, and [RFC8968] defines | |||
| a security mechanism that allows Babel packets to be both | a security mechanism that allows Babel packets to be both | |||
| authenticated and encrypted. This document describes an information | authenticated and encrypted. This document describes an information | |||
| model for Babel (including implementations using one or both of these | model for Babel (including implementations using one or both of these | |||
| security mechanisms) that can be used to create management protocol | security mechanisms) that can be used to create management protocol | |||
| data models (such as a NETCONF [RFC6241] YANG [RFC7950] data model). | data models (such as a NETCONF [RFC6241] YANG [RFC7950] data model). | |||
| Due to the simplicity of the Babel protocol, most of the information | Due to the simplicity of the Babel protocol, most of the information | |||
| model is focused on reporting Babel protocol operational state, and | model is focused on reporting the Babel protocol operational state, | |||
| very little of that is considered mandatory to implement for an | and very little of that is considered mandatory to implement for an | |||
| implementation claiming compliance with this information model. Some | implementation claiming compliance with this information model. Some | |||
| parameters may be configurable. However, it is up to the Babel | parameters may be configurable. However, it is up to the Babel | |||
| implementation whether to allow any of these to be configured within | implementation whether to allow any of these to be configured within | |||
| its implementation. Where the implementation does not allow | its implementation. Where the implementation does not allow | |||
| configuration of these parameters, it MAY still choose to expose them | configuration of these parameters, it MAY still choose to expose them | |||
| as read-only. | as read-only. | |||
| The Information Model is presented using a hierarchical structure. | The information model is presented using a hierarchical structure. | |||
| This does not preclude a data model based on this Information Model | This does not preclude a data model based on this information model | |||
| from using a referential or other structure. | from using a referential or other structure. | |||
| This information model only includes parameters and parameter values | This information model only includes parameters and parameter values | |||
| useful for managing Babel over IPv6. This model has no parameters or | useful for managing Babel over IPv6. This model has no parameters or | |||
| values specific to operating Babel over IPv4, even though [RFC8966] | values specific to operating Babel over IPv4, even though [RFC8966] | |||
| does define a multicast group for sending and listening to multicast | does define a multicast group for sending and listening to multicast | |||
| announcements on IPv4. There is less likelihood of breakage due to | announcements on IPv4. There is less likelihood of breakage due to | |||
| inconsistent configuration and increased implementation simplicity if | inconsistent configuration and increased implementation simplicity if | |||
| Babel is operated always and only over IPv6. Running Babel over IPv6 | Babel is operated always and only over IPv6. Running Babel over IPv6 | |||
| requires IPv6 at the link layer and does not need advertised | requires IPv6 at the link layer and does not need advertised | |||
| prefixes, router advertisements or DHCPv6 to be present in the | prefixes, router advertisements, or DHCPv6 to be present in the | |||
| network. Link-local IPv6 is widely supported among devices where | network. Link-local IPv6 is widely supported among devices where | |||
| Babel is expected to be used. Note that Babel over IPv6 can be used | Babel is expected to be used. Note that Babel over IPv6 can be used | |||
| for configuration of both IPv4 and IPv6 routes. | for configuration of both IPv4 and IPv6 routes. | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| BCP014 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 1.2. Notation | 1.2. Notation | |||
| This document uses a programming language-like notation to define the | This document uses a programming-language-like notation to define the | |||
| properties of the objects of the information model. An optional | properties of the objects of the information model. An optional | |||
| property is enclosed by square brackets, [ ], and a list property is | property is enclosed by square brackets, [ ], and a list property is | |||
| indicated by two numbers in angle brackets, <m..n>, where m indicates | indicated by two numbers in angle brackets, <m..n>, where m indicates | |||
| the minimal number of list elements, and n indicates the maximum | the minimal number of list elements, and n indicates the maximum | |||
| number of list elements. The symbol * for n means there are no | number of list elements. The symbol "*" for n means there are no | |||
| defined limits on the number of list elements. Each parameter and | defined limits on the number of list elements. Each parameter and | |||
| object includes an indication of "ro" or "rw". "ro" means the | object includes an indication of "ro" or "rw". "ro" means the | |||
| parameter or object is read-only. "rw" means it is read-write. For | parameter or object is read-only. "rw" means it is read-write. For | |||
| an object, read-write means instances of the object can be created or | an object, read-write means instances of the object can be created or | |||
| deleted. If an implementation is allowed to choose to implement a | deleted. If an implementation is allowed to choose to implement a | |||
| "rw" parameter as read-only, this is noted in the parameter | "rw" parameter as read-only, this is noted in the parameter | |||
| description. | description. | |||
| The object definitions use base types that are defined as follows: | The object definitions use base types that are defined as follows: | |||
| binary A binary string (sequence of octets). | binary: A binary string (sequence of octets). | |||
| boolean A type representing a Boolean (true or false) value. | boolean: A type representing a Boolean (true or false) value. | |||
| datetime A type representing a date and time using the Gregorian | datetime: A type representing a date and time using the Gregorian | |||
| calendar. The datetime format MUST conform to RFC 3339 | calendar. The datetime format MUST conform to | |||
| [RFC3339] Section 5.6. | [RFC3339], Section 5.6. | |||
| ip-address A type representing an IP address. This type supports | ip-address: A type representing an IP address. This type supports | |||
| both IPv4 and IPv6 addresses. | both IPv4 and IPv6 addresses. | |||
| operation A type representing a remote procedure call or other | operation: A type representing a remote procedure call or other | |||
| action that can be used to manipulate data elements or | action that can be used to manipulate data elements or | |||
| system behaviors. | system behaviors. | |||
| reference A type representing a reference to another information or | reference: A type representing a reference to another information | |||
| data model element or to some other device resource. | or data model element or to some other device resource. | |||
| string A type representing a human-readable string consisting of | string: A type representing a human-readable string consisting | |||
| a (possibly restricted) subset of Unicode and ISO/IEC | of a (possibly restricted) subset of Unicode and ISO/ | |||
| 10646 [ISO.10646] characters. | IEC 10646 [ISO.10646] characters. | |||
| uint A type representing an unsigned integer number. This | uint: A type representing an unsigned integer number. This | |||
| information model does not define a precision. | information model does not define a precision. | |||
| 2. Overview | 2. Overview | |||
| The Information Model is hierarchically structured as follows: | The information model is hierarchically structured as follows: | |||
| +-- babel-information | +-- babel-information | |||
| +-- babel-implementation-version | +-- babel-implementation-version | |||
| +-- babel-enable | +-- babel-enable | |||
| +-- router-id | +-- router-id | |||
| +-- self-seqno | +-- self-seqno | |||
| +-- babel-metric-comp-algorithms | +-- babel-metric-comp-algorithms | |||
| +-- babel-security-supported | +-- babel-security-supported | |||
| +-- babel-mac-algorithms | +-- babel-mac-algorithms | |||
| +-- babel-dtls-cert-types | +-- babel-dtls-cert-types | |||
| skipping to change at page 6, line 19 ¶ | skipping to change at line 246 ¶ | |||
| | +-- babel-mac-key-algorithm | | +-- babel-mac-key-algorithm | |||
| | +-- babel-mac-key-test | | +-- babel-mac-key-test | |||
| +-- babel-dtls-cert-sets | +-- babel-dtls-cert-sets | |||
| +-- babel-dtls-default-apply | +-- babel-dtls-default-apply | |||
| +-- babel-dtls-certs | +-- babel-dtls-certs | |||
| +-- babel-cert-name | +-- babel-cert-name | |||
| +-- babel-cert-value | +-- babel-cert-value | |||
| +-- babel-cert-type | +-- babel-cert-type | |||
| +-- babel-cert-private-key | +-- babel-cert-private-key | |||
| Most parameters are read-only. Following is a descriptive list of | Most parameters are read-only. The following is a descriptive list | |||
| the parameters that are not required to be read-only: | of the parameters that are not required to be read-only: | |||
| * enable/disable Babel | * enable/disable Babel | |||
| * create/delete Babel MAC Key sets | * create/delete Babel Message Authentication Code (MAC) Key sets | |||
| * create/delete Babel Certificate sets | * create/delete Babel Certificate sets | |||
| * enable/disable statistics collection | * enable/disable statistics collection | |||
| * Constant: UDP port | * Constant: UDP port | |||
| * Constant: IPv6 multicast group | * Constant: IPv6 multicast group | |||
| * Interface: enable/disable Babel on this interface | * Interface: enable/disable Babel on this interface | |||
| * Interface: Metric algorithm | * Interface: metric algorithm | |||
| * Interface: Split horizon | * Interface: split horizon | |||
| * Interface: sets of MAC keys | * Interface: sets of MAC keys | |||
| * Interface: verify received MAC packets | * Interface: verify received MAC packets | |||
| * Interface: set of certificates for use with DTLS | * Interface: set of certificates for use with DTLS | |||
| * Interface: use cached info extensions | * Interface: use cached info extensions | |||
| * Interface: preferred order of certificate types | * Interface: preferred order of certificate types | |||
| skipping to change at page 8, line 21 ¶ | skipping to change at line 344 ¶ | |||
| babel-self-router-id: The router-id used by this instance of the | babel-self-router-id: The router-id used by this instance of the | |||
| Babel protocol to identify itself. [RFC8966] describes this as an | Babel protocol to identify itself. [RFC8966] describes this as an | |||
| arbitrary string of 8 octets. | arbitrary string of 8 octets. | |||
| babel-self-seqno: The current sequence number included in route | babel-self-seqno: The current sequence number included in route | |||
| updates for routes originated by this node. This is a 16-bit | updates for routes originated by this node. This is a 16-bit | |||
| unsigned integer. | unsigned integer. | |||
| babel-metric-comp-algorithms: List of supported cost computation | babel-metric-comp-algorithms: List of supported cost computation | |||
| algorithms. Possible values include "2-out-of-3", and "ETX". "2- | algorithms. Possible values include "2-out-of-3", as described in | |||
| out-of-3" is described in [RFC8966], section A.2.1. "ETX" is | [RFC8966], Appendix A.2.1, and "ETX", as described in [RFC8966], | |||
| described in [RFC8966], section A.2.2. | Appendix A.2.2. | |||
| babel-security-supported: List of supported security mechanisms. | babel-security-supported: List of supported security mechanisms. | |||
| Possible values include "MAC" to indicate support of [RFC8967] and | Possible values include "MAC" to indicate support of [RFC8967] and | |||
| "DTLS" to indicate support of [RFC8968]. | "DTLS" to indicate support of [RFC8968]. | |||
| babel-mac-algorithms: List of supported MAC computation algorithms. | babel-mac-algorithms: List of supported MAC computation algorithms. | |||
| Possible values include "HMAC-SHA256", "BLAKE2s-128" to indicate | Possible values include "HMAC-SHA256" and "BLAKE2s-128" to | |||
| support for algorithms indicated in [RFC8967]. | indicate support for algorithms indicated in [RFC8967]. | |||
| babel-dtls-cert-types: List of supported certificate types. | babel-dtls-cert-types: List of supported certificate types. | |||
| Possible values include "X.509" and "RawPublicKey" to indicate | Possible values include "X.509" and "RawPublicKey" to indicate | |||
| support for types indicated in [RFC8968]. | support for types indicated in [RFC8968]. | |||
| babel-stats-enable: Indicates whether statistics collection is | babel-stats-enable: Indicates whether statistics collection is | |||
| enabled (true) or disabled (false) on all interfaces. When | enabled (true) or disabled (false) on all interfaces. When | |||
| enabled, existing statistics values are not cleared and will be | enabled, existing statistics values are not cleared and will be | |||
| incremented as new packets are counted. | incremented as new packets are counted. | |||
| skipping to change at page 10, line 27 ¶ | skipping to change at line 428 ¶ | |||
| [boolean rw babel-dtls-cached-info;] | [boolean rw babel-dtls-cached-info;] | |||
| [string rw babel-dtls-cert-prefer<0..*>;] | [string rw babel-dtls-cert-prefer<0..*>;] | |||
| [boolean rw babel-packet-log-enable;] | [boolean rw babel-packet-log-enable;] | |||
| [reference ro babel-packet-log;] | [reference ro babel-packet-log;] | |||
| [babel-if-stats-obj ro babel-if-stats;] | [babel-if-stats-obj ro babel-if-stats;] | |||
| babel-neighbor-obj ro babel-neighbors<0..*>; | babel-neighbor-obj ro babel-neighbors<0..*>; | |||
| } babel-interface-obj; | } babel-interface-obj; | |||
| babel-interface-reference: Reference to an interface object that can | babel-interface-reference: Reference to an interface object that can | |||
| be used to send and receive IPv6 packets, as defined by the data | be used to send and receive IPv6 packets, as defined by the data | |||
| model (e.g., YANG [RFC7950], BBF [TR-181]). Referencing syntax | model (e.g., YANG [RFC7950] and Broadband Forum (BBF) [TR-181]). | |||
| will be specific to the data model. If there is no set of | Referencing syntax will be specific to the data model. If there | |||
| interface objects available, this should be a string that | is no set of interface objects available, this should be a string | |||
| indicates the interface name used by the underlying operating | that indicates the interface name used by the underlying operating | |||
| system. | system. | |||
| babel-interface-enable: When written, it configures whether the | babel-interface-enable: When written, it configures whether the | |||
| protocol should be enabled (true) or disabled (false) on this | protocol should be enabled (true) or disabled (false) on this | |||
| interface. A read from the running or intended datastore | interface. A read from the running or intended datastore | |||
| indicates the configured administrative value of whether the | indicates the configured administrative value of whether the | |||
| protocol is enabled (true) or not (false). A read from the | protocol is enabled (true) or not (false). A read from the | |||
| operational datastore indicates whether the protocol is actually | operational datastore indicates whether the protocol is actually | |||
| running (true) or not (i.e., it indicates the operational state of | running (true) or not (i.e., it indicates the operational state of | |||
| the protocol). A data model that does not replicate parameters | the protocol). A data model that does not replicate parameters | |||
| for running and operational datastores can implement this as two | for running and operational datastores can implement this as two | |||
| separate parameters. An implementation MAY choose to expose this | separate parameters. An implementation MAY choose to expose this | |||
| parameter as read-only ("ro"). | parameter as read-only ("ro"). | |||
| babel-interface-metric-algorithm: Indicates the metric computation | babel-interface-metric-algorithm: Indicates the metric computation | |||
| algorithm used on this interface. The value MUST be one of those | algorithm used on this interface. The value MUST be one of those | |||
| listed in the babel-information-obj babel-metric-comp-algorithms | listed in the babel-metric-comp-algorithms parameter. An | |||
| parameter. An implementation MAY choose to expose this parameter | implementation MAY choose to expose this parameter as read-only | |||
| as read-only ("ro"). | ("ro"). | |||
| babel-interface-split-horizon: Indicates whether or not the split | babel-interface-split-horizon: Indicates whether or not the split- | |||
| horizon optimization is used when calculating metrics on this | horizon optimization is used when calculating metrics on this | |||
| interface. A value of true indicates split horizon optimization | interface. A value of "true" indicates split-horizon optimization | |||
| is used. Split horizon optimization is described in [RFC8966], | is used. Split-horizon optimization is described in [RFC8966], | |||
| section 3.7.4. An implementation MAY choose to expose this | Section 3.7.4. An implementation MAY choose to expose this | |||
| parameter as read-only ("ro"). | parameter as read-only ("ro"). | |||
| babel-mcast-hello-seqno: The current sequence number in use for | babel-mcast-hello-seqno: The current sequence number in use for | |||
| multicast Hellos sent on this interface. This is a 16-bit | multicast Hellos sent on this interface. This is a 16-bit | |||
| unsigned integer. | unsigned integer. | |||
| babel-mcast-hello-interval: The current interval in use for | babel-mcast-hello-interval: The current interval in use for | |||
| multicast Hellos sent on this interface. Units are centiseconds. | multicast Hellos sent on this interface. Units are centiseconds. | |||
| This is a 16-bit unsigned integer. | This is a 16-bit unsigned integer. | |||
| babel-update-interval: The current interval in use for all updates | babel-update-interval: The current interval in use for all updates | |||
| (multicast and unicast) sent on this interface. Units are | (multicast and unicast) sent on this interface. Units are | |||
| centiseconds. This is a 16-bit unsigned integer. | centiseconds. This is a 16-bit unsigned integer. | |||
| babel-mac-enable: Indicates whether the MAC security mechanism is | babel-mac-enable: Indicates whether the MAC security mechanism is | |||
| enabled (true) or disabled (false). An implementation MAY choose | enabled (true) or disabled (false). An implementation MAY choose | |||
| to expose this parameter as read-only ("ro"). | to expose this parameter as read-only ("ro"). | |||
| babel-if-mac-keys-sets: List of references to the babel-mac entries | babel-if-mac-key-sets: List of references to the babel-mac-key-sets | |||
| that apply to this interface. When an interface instance is | entries that apply to this interface. When an interface instance | |||
| created, all babel-mac-key-sets instances with babel-mac-default- | is created, all babel-mac-key-sets instances with babel-mac- | |||
| apply "true" will be included in this list. An implementation MAY | default-apply "true" will be included in this list. An | |||
| choose to expose this parameter as read-only ("ro"). | implementation MAY choose to expose this parameter as read-only | |||
| ("ro"). | ||||
| babel-mac-verify A Boolean flag indicating whether MACs in incoming | babel-mac-verify: A Boolean flag indicating whether MACs in incoming | |||
| Babel packets are required to be present and are verified. If | Babel packets are required to be present and are verified. If | |||
| this parameter is "true", incoming packets are required to have a | this parameter is "true", incoming packets are required to have a | |||
| valid MAC. An implementation MAY choose to expose this parameter | valid MAC. An implementation MAY choose to expose this parameter | |||
| as read-only ("ro"). | as read-only ("ro"). | |||
| babel-dtls-enable: Indicates whether the DTLS security mechanism is | babel-dtls-enable: Indicates whether the DTLS security mechanism is | |||
| enabled (true) or disabled (false). An implementation MAY choose | enabled (true) or disabled (false). An implementation MAY choose | |||
| to expose this parameter as read-only ("ro"). | to expose this parameter as read-only ("ro"). | |||
| babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- | babel-if-dtls-cert-sets: List of references to the babel-dtls-cert- | |||
| sets entries that apply to this interface. When an interface | sets entries that apply to this interface. When an interface | |||
| instance is created, all babel-dtls-cert-sets instances with | instance is created, all babel-dtls-cert-sets instances with | |||
| babel-dtls-default-apply "true" will be included in this list. An | babel-dtls-default-apply "true" will be included in this list. An | |||
| implementation MAY choose to expose this parameter as read-only | implementation MAY choose to expose this parameter as read-only | |||
| ("ro"). | ("ro"). | |||
| babel-dtls-cached-info: Indicates whether the cached_info extension | babel-dtls-cached-info: Indicates whether the cached_info extension | |||
| (see [RFC8968] Appendix A) is included in ClientHello and | (see [RFC8968], Appendix A) is included in ClientHello and | |||
| ServerHello packets. The extension is included if the value is | ServerHello packets. The extension is included if the value is | |||
| "true". An implementation MAY choose to expose this parameter as | "true". An implementation MAY choose to expose this parameter as | |||
| read-only ("ro"). | read-only ("ro"). | |||
| babel-dtls-cert-prefer: List of supported certificate types, in | babel-dtls-cert-prefer: List of supported certificate types, in | |||
| order of preference. The values MUST be among those listed in the | order of preference. The values MUST be among those listed in the | |||
| babel-dtls-cert-types parameter. This list is used to populate | babel-dtls-cert-types parameter. This list is used to populate | |||
| the server_certificate_type extension (see [RFC8968] Appendix A) | the server_certificate_type extension (see [RFC8968], Appendix A) | |||
| in a Client Hello. Values that are present in at least one | in a ClientHello. Values that are present in at least one | |||
| instance in the babel-dtls-certs object of a referenced babel-dtls | instance in the babel-dtls-certs object of a referenced babel-dtls | |||
| instance and that have a non-empty babel-cert-private-key will be | instance and that have a non-empty babel-cert-private-key will be | |||
| used to populate the client_certificate_type extension in a Client | used to populate the client_certificate_type extension in a | |||
| Hello. | ClientHello. | |||
| babel-packet-log-enable: Indicates whether packet logging is enabled | babel-packet-log-enable: Indicates whether packet logging is enabled | |||
| (true) or disabled (false) on this interface. | (true) or disabled (false) on this interface. | |||
| babel-packet-log: A reference or url link to a file that contains a | babel-packet-log: A reference or URL link to a file that contains a | |||
| timestamped log of packets received and sent on babel-udp-port on | timestamped log of packets received and sent on babel-udp-port on | |||
| this interface. The [libpcap] file format with .pcap file | this interface. The [libpcap] file format with a .pcap file | |||
| extension SHOULD be supported for packet log files. Logging is | extension SHOULD be supported for packet log files. Logging is | |||
| enabled / disabled by babel-packet-log-enable. Implementations | enabled/disabled by babel-packet-log-enable. Implementations will | |||
| will need to carefully manage and limit memory used by packet | need to carefully manage and limit memory used by packet logs. | |||
| logs. | ||||
| babel-if-stats: Statistics collection object for this interface. | babel-if-stats: Statistics collection object for this interface. | |||
| babel-neighbors: A set of babel-neighbor-obj objects. | babel-neighbors: A set of babel-neighbor-obj objects. | |||
| 3.4. Definition of babel-if-stats-obj | 3.4. Definition of babel-if-stats-obj | |||
| object { | object { | |||
| uint ro babel-sent-mcast-hello; | uint ro babel-sent-mcast-hello; | |||
| uint ro babel-sent-mcast-update; | uint ro babel-sent-mcast-update; | |||
| skipping to change at page 13, line 9 ¶ | skipping to change at line 552 ¶ | |||
| babel-sent-mcast-update: A count of the number of multicast update | babel-sent-mcast-update: A count of the number of multicast update | |||
| packets sent on this interface. | packets sent on this interface. | |||
| babel-sent-ucast-hello: A count of the number of unicast Hello | babel-sent-ucast-hello: A count of the number of unicast Hello | |||
| packets sent on this interface. | packets sent on this interface. | |||
| babel-sent-ucast-update: A count of the number of unicast update | babel-sent-ucast-update: A count of the number of unicast update | |||
| packets sent on this interface. | packets sent on this interface. | |||
| babel-sent-IHU: A count of the number of IHU packets sent on this | babel-sent-IHU: A count of the number of "I Heard You" (IHU) packets | |||
| interface. | sent on this interface. | |||
| babel-received-packets: A count of the number of Babel packets | babel-received-packets: A count of the number of Babel packets | |||
| received on this interface. | received on this interface. | |||
| 3.5. Definition of babel-neighbor-obj | 3.5. Definition of babel-neighbor-obj | |||
| object { | object { | |||
| ip-address ro babel-neighbor-address; | ip-address ro babel-neighbor-address; | |||
| [binary ro babel-hello-mcast-history;] | [binary ro babel-hello-mcast-history;] | |||
| [binary ro babel-hello-ucast-history;] | [binary ro babel-hello-ucast-history;] | |||
| skipping to change at page 13, line 36 ¶ | skipping to change at line 579 ¶ | |||
| [uint ro babel-rxcost;] | [uint ro babel-rxcost;] | |||
| [uint ro babel-cost;] | [uint ro babel-cost;] | |||
| } babel-neighbor-obj; | } babel-neighbor-obj; | |||
| babel-neighbor-address: IPv4 or IPv6 address the neighbor sends | babel-neighbor-address: IPv4 or IPv6 address the neighbor sends | |||
| packets from. | packets from. | |||
| babel-hello-mcast-history: The multicast Hello history of whether or | babel-hello-mcast-history: The multicast Hello history of whether or | |||
| not the multicast Hello packets prior to babel-exp-mcast-hello- | not the multicast Hello packets prior to babel-exp-mcast-hello- | |||
| seqno were received. A binary sequence where the most recently | seqno were received. A binary sequence where the most recently | |||
| received Hello is expressed as a "1" placed in the left-most bit, | received Hello is expressed as a "1" placed in the leftmost bit, | |||
| with prior bits shifted right (and "0" bits placed between prior | with prior bits shifted right (and "0" bits placed between prior | |||
| Hello bits and most recent Hello for any not-received Hellos). | Hello bits and most recent Hello for any not-received Hellos). | |||
| This value should be displayed using hex digits ([0-9a-fA-F]). | This value should be displayed using hex digits ([0-9a-fA-F]). | |||
| See [RFC8966], section A.1. | See [RFC8966], Appendix A.1. | |||
| babel-hello-ucast-history: The unicast Hello history of whether or | babel-hello-ucast-history: The unicast Hello history of whether or | |||
| not the unicast Hello packets prior to babel-exp-ucast-hello-seqno | not the unicast Hello packets prior to babel-exp-ucast-hello-seqno | |||
| were received. A binary sequence where the most recently received | were received. A binary sequence where the most recently received | |||
| Hello is expressed as a "1" placed in the left-most bit, with | Hello is expressed as a "1" placed in the leftmost bit, with prior | |||
| prior bits shifted right (and "0" bits placed between prior Hello | bits shifted right (and "0" bits placed between prior Hello bits | |||
| bits and most recent Hello for any not-received Hellos). This | and the most recent Hello for any not-received Hellos). This | |||
| value should be displayed using hex digits ([0-9a-fA-F]). See | value should be displayed using hex digits ([0-9a-fA-F]). See | |||
| [RFC8966], section A.1. | [RFC8966], Appendix A.1. | |||
| babel-txcost: Transmission cost value from the last IHU packet | babel-txcost: Transmission cost value from the last IHU packet | |||
| received from this neighbor, or maximum value to indicate the IHU | received from this neighbor, or the maximum value to indicate the | |||
| hold timer for this neighbor has expired. See [RFC8966], section | IHU hold timer for this neighbor has expired. See [RFC8966], | |||
| 3.4.2. This is a 16-bit unsigned integer. | Section 3.4.2. This is a 16-bit unsigned integer. | |||
| babel-exp-mcast-hello-seqno: Expected multicast Hello sequence | babel-exp-mcast-hello-seqno: Expected multicast Hello sequence | |||
| number of next Hello to be received from this neighbor. If | number of next Hello to be received from this neighbor. If | |||
| multicast Hello packets are not expected, or processing of | multicast Hello packets are not expected or processing of | |||
| multicast packets is not enabled, this MUST be NULL. This is a | multicast packets is not enabled, this MUST be NULL. This is a | |||
| 16-bit unsigned integer; if the data model uses zero (0) to | 16-bit unsigned integer; if the data model uses zero (0) to | |||
| represent NULL values for unsigned integers, the data model MAY | represent NULL values for unsigned integers, the data model MAY | |||
| use a different data type that allows differentiation between zero | use a different data type that allows differentiation between zero | |||
| (0) and NULL. | (0) and NULL. | |||
| babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number | babel-exp-ucast-hello-seqno: Expected unicast Hello sequence number | |||
| of next Hello to be received from this neighbor. If unicast Hello | of next Hello to be received from this neighbor. If unicast Hello | |||
| packets are not expected, or processing of unicast packets is not | packets are not expected or processing of unicast packets is not | |||
| enabled, this MUST be NULL. This is a 16-bit unsigned integer; if | enabled, this MUST be NULL. This is a 16-bit unsigned integer; if | |||
| the data model uses zero (0) to represent NULL values for unsigned | the data model uses zero (0) to represent NULL values for unsigned | |||
| integers, the data model MAY use a different data type that allows | integers, the data model MAY use a different data type that allows | |||
| differentiation between zero (0) and NULL. | differentiation between zero (0) and NULL. | |||
| babel-ucast-hello-seqno: The current sequence number in use for | babel-ucast-hello-seqno: The current sequence number in use for | |||
| unicast Hellos sent to this neighbor. If unicast Hellos are not | unicast Hellos sent to this neighbor. If unicast Hellos are not | |||
| being sent, this MUST be NULL. This is a 16-bit unsigned integer; | being sent, this MUST be NULL. This is a 16-bit unsigned integer; | |||
| if the data model uses zero (0) to represent NULL values for | if the data model uses zero (0) to represent NULL values for | |||
| unsigned integers, the data model MAY use a different data type | unsigned integers, the data model MAY use a different data type | |||
| that allows differentiation between zero (0) and NULL. | that allows differentiation between zero (0) and NULL. | |||
| babel-ucast-hello-interval: The current interval in use for unicast | babel-ucast-hello-interval: The current interval in use for unicast | |||
| Hellos sent to this neighbor. Units are centiseconds. This is a | Hellos sent to this neighbor. Units are centiseconds. This is a | |||
| 16-bit unsigned integer. | 16-bit unsigned integer. | |||
| babel-rxcost: Reception cost calculated for this neighbor. This | babel-rxcost: Reception cost calculated for this neighbor. This | |||
| value is usually derived from the Hello history, which may be | value is usually derived from the Hello history, which may be | |||
| combined with other data, such as statistics maintained by the | combined with other data, such as statistics maintained by the | |||
| link layer. The rxcost is sent to a neighbor in each IHU. See | link layer. The rxcost is sent to a neighbor in each IHU. See | |||
| [RFC8966], section 3.4.3. This is a 16-bit unsigned integer. | [RFC8966], Section 3.4.3. This is a 16-bit unsigned integer. | |||
| babel-cost: The link cost, as computed from the values maintained in | babel-cost: The link cost, as computed from the values maintained in | |||
| the neighbor table: the statistics kept in the neighbor table | the neighbor table: the statistics kept in the neighbor table | |||
| about the reception of Hellos, and the txcost computed from | about the reception of Hellos and the txcost computed from | |||
| received IHU packets. This is a 16-bit unsigned integer. | received IHU packets. This is a 16-bit unsigned integer. | |||
| 3.6. Definition of babel-route-obj | 3.6. Definition of babel-route-obj | |||
| object { | object { | |||
| ip-address ro babel-route-prefix; | ip-address ro babel-route-prefix; | |||
| uint ro babel-route-prefix-length; | uint ro babel-route-prefix-length; | |||
| binary ro babel-route-router-id; | binary ro babel-route-router-id; | |||
| reference ro babel-route-neighbor; | reference ro babel-route-neighbor; | |||
| uint ro babel-route-received-metric; | uint ro babel-route-received-metric; | |||
| uint ro babel-route-calculated-metric; | uint ro babel-route-calculated-metric; | |||
| uint ro babel-route-seqno; | uint ro babel-route-seqno; | |||
| ip-address ro babel-route-next-hop; | ip-address ro babel-route-next-hop; | |||
| boolean ro babel-route-feasible; | boolean ro babel-route-feasible; | |||
| skipping to change at page 15, line 30 ¶ | skipping to change at line 666 ¶ | |||
| babel-route-prefix-length: Length of the prefix for which this route | babel-route-prefix-length: Length of the prefix for which this route | |||
| is advertised. | is advertised. | |||
| babel-route-router-id: The router-id of the router that originated | babel-route-router-id: The router-id of the router that originated | |||
| this route. | this route. | |||
| babel-route-neighbor: Reference to the babel-neighbors entry for the | babel-route-neighbor: Reference to the babel-neighbors entry for the | |||
| neighbor that advertised this route. | neighbor that advertised this route. | |||
| babel-route-received-metric: The metric with which this route was | babel-route-received-metric: The metric with which this route was | |||
| advertised by the neighbor, or maximum value to indicate the route | advertised by the neighbor, or the maximum value to indicate the | |||
| was recently retracted and is temporarily unreachable (see | route was recently retracted and is temporarily unreachable (see | |||
| Section 3.5.5 of [RFC8966]). This metric will be NULL if the | Section 3.5.4 of [RFC8966]). This metric will be NULL if the | |||
| route was not received from a neighbor but was generated through | route was not received from a neighbor but was generated through | |||
| other means. At least one of babel-route-calculated-metric and | other means. At least one of the following MUST be non-NULL: | |||
| babel-route-received-metric MUST be non-NULL. Having both be non- | babel-route-calculated-metric or babel-route-received-metric. | |||
| NULL is expected for a route that is received and subsequently | Having both be non-NULL is expected for a route that is received | |||
| and subsequently advertised. This is a 16-bit unsigned integer; | ||||
| if the data model uses zero (0) to represent NULL values for | ||||
| unsigned integers, the data model MAY use a different data type | ||||
| that allows differentiation between zero (0) and NULL. | ||||
| babel-route-calculated-metric: A calculated metric for this route. | ||||
| How the metric is calculated is implementation specific. The | ||||
| maximum value indicates the route was recently retracted and is | ||||
| temporarily unreachable (see Section 3.5.4 of [RFC8966]). At | ||||
| least one of the following MUST be non-NULL: babel-route- | ||||
| calculated-metric or babel-route-received-metric. Having both be | ||||
| non-NULL is expected for a route that is received and subsequently | ||||
| advertised. This is a 16-bit unsigned integer; if the data model | advertised. This is a 16-bit unsigned integer; if the data model | |||
| uses zero (0) to represent NULL values for unsigned integers, the | uses zero (0) to represent NULL values for unsigned integers, the | |||
| data model MAY use a different data type that allows | data model MAY use a different data type that allows | |||
| differentiation between zero (0) and NULL. | differentiation between zero (0) and NULL. | |||
| babel-route-calculated-metric: A calculated metric for this route. | ||||
| How the metric is calculated is implementation-specific. Maximum | ||||
| value indicates the route was recently retracted and is | ||||
| temporarily unreachable (see Section 3.5.5 of [RFC8966]). At | ||||
| least one of babel-route-calculated-metric and babel-route- | ||||
| received-metric MUST be non-NULL. Having both be non-NULL is | ||||
| expected for a route that is received and subsequently advertised. | ||||
| This is a 16-bit unsigned integer; if the data model uses zero (0) | ||||
| to represent NULL values for unsigned integers, the data model MAY | ||||
| use a different data type that allows differentiation between zero | ||||
| (0) and NULL. | ||||
| babel-route-seqno: The sequence number with which this route was | babel-route-seqno: The sequence number with which this route was | |||
| advertised. This is a 16-bit unsigned integer. | advertised. This is a 16-bit unsigned integer. | |||
| babel-route-next-hop: The next-hop address of this route. This will | babel-route-next-hop: The next-hop address of this route. This will | |||
| be empty if this route has no next-hop address. | be empty if this route has no next-hop address. | |||
| babel-route-feasible: A Boolean flag indicating whether this route | babel-route-feasible: A Boolean flag indicating whether this route | |||
| is feasible, as defined in Section 3.5.1 of [RFC8966]). | is feasible, as defined in Section 3.5.1 of [RFC8966]). | |||
| babel-route-selected: A Boolean flag indicating whether this route | babel-route-selected: A Boolean flag indicating whether this route | |||
| skipping to change at page 16, line 37 ¶ | skipping to change at line 711 ¶ | |||
| forwarding and is being advertised). | forwarding and is being advertised). | |||
| 3.7. Definition of babel-mac-key-set-obj | 3.7. Definition of babel-mac-key-set-obj | |||
| object { | object { | |||
| boolean rw babel-mac-default-apply; | boolean rw babel-mac-default-apply; | |||
| babel-mac-key-obj rw babel-mac-keys<0..*>; | babel-mac-key-obj rw babel-mac-keys<0..*>; | |||
| } babel-mac-key-set-obj; | } babel-mac-key-set-obj; | |||
| babel-mac-default-apply: A Boolean flag indicating whether this | babel-mac-default-apply: A Boolean flag indicating whether this | |||
| object instance is applied to all new babel-interface instances, | object instance is applied to all new babel-interfaces instances | |||
| by default. If "true", this instance is applied to new babel- | by default. If "true", this instance is applied to new babel- | |||
| interfaces instances at the time they are created, by including it | interfaces instances at the time they are created by including it | |||
| in the babel-if-mac-key-sets list. If "false", this instance is | in the babel-if-mac-key-sets list. If "false", this instance is | |||
| not applied to new babel-interfaces instances when they are | not applied to new babel-interfaces instances when they are | |||
| created. An implementation MAY choose to expose this parameter as | created. An implementation MAY choose to expose this parameter as | |||
| read-only ("ro"). | read-only ("ro"). | |||
| babel-mac-keys: A set of babel-mac-key-obj objects. | babel-mac-keys: A set of babel-mac-key-obj objects. | |||
| 3.8. Definition of babel-mac-key-obj | 3.8. Definition of babel-mac-key-obj | |||
| object { | object { | |||
| string rw babel-mac-key-name; | string rw babel-mac-key-name; | |||
| boolean rw babel-mac-key-use-send; | boolean rw babel-mac-key-use-send; | |||
| boolean rw babel-mac-key-use-verify; | boolean rw babel-mac-key-use-verify; | |||
| binary -- babel-mac-key-value; | binary -- babel-mac-key-value; | |||
| string rw babel-mac-key-algorithm; | string rw babel-mac-key-algorithm; | |||
| [operation babel-mac-key-test;] | [operation babel-mac-key-test;] | |||
| } babel-mac-key-obj; | } babel-mac-key-obj; | |||
| babel-mac-key-name: A unique name for this MAC key that can be used | babel-mac-key-name: A unique name for this MAC key that can be used | |||
| skipping to change at page 17, line 14 ¶ | skipping to change at line 733 ¶ | |||
| object { | object { | |||
| string rw babel-mac-key-name; | string rw babel-mac-key-name; | |||
| boolean rw babel-mac-key-use-send; | boolean rw babel-mac-key-use-send; | |||
| boolean rw babel-mac-key-use-verify; | boolean rw babel-mac-key-use-verify; | |||
| binary -- babel-mac-key-value; | binary -- babel-mac-key-value; | |||
| string rw babel-mac-key-algorithm; | string rw babel-mac-key-algorithm; | |||
| [operation babel-mac-key-test;] | [operation babel-mac-key-test;] | |||
| } babel-mac-key-obj; | } babel-mac-key-obj; | |||
| babel-mac-key-name: A unique name for this MAC key that can be used | babel-mac-key-name: A unique name for this MAC key that can be used | |||
| to identify the key in this object instance, since the key value | to identify the key in this object instance since the key value is | |||
| is not allowed to be read. This value MUST NOT be empty and can | not allowed to be read. This value MUST NOT be empty and can only | |||
| only be provided when this instance is created (i.e., it is not | be provided when this instance is created (i.e., it is not | |||
| subsequently writable). The value MAY be auto-generated if not | subsequently writable). The value MAY be auto-generated if not | |||
| explicitly supplied when the instance is created. | explicitly supplied when the instance is created. | |||
| babel-mac-key-use-send: Indicates whether this key value is used to | babel-mac-key-use-send: Indicates whether this key value is used to | |||
| compute a MAC and include that MAC in the sent Babel packet. A | compute a MAC and include that MAC in the sent Babel packet. A | |||
| MAC for sent packets is computed using this key if the value is | MAC for sent packets is computed using this key if the value is | |||
| "true". If the value is "false", this key is not used to compute | "true". If the value is "false", this key is not used to compute | |||
| a MAC to include in sent Babel packets. An implementation MAY | a MAC to include in sent Babel packets. An implementation MAY | |||
| choose to expose this parameter as read-only ("ro"). | choose to expose this parameter as read-only ("ro"). | |||
| babel-mac-key-use-verify: Indicates whether this key value is used | babel-mac-key-use-verify: Indicates whether this key value is used | |||
| to verify incoming Babel packets. This key is used to verify | to verify incoming Babel packets. This key is used to verify | |||
| incoming packets if the value is "true". If the value is "false", | incoming packets if the value is "true". If the value is "false", | |||
| no MAC is computed from this key for comparing with the MAC in an | no MAC is computed from this key for comparison with the MAC in an | |||
| incoming packet. An implementation MAY choose to expose this | incoming packet. An implementation MAY choose to expose this | |||
| parameter as read-only ("ro"). | parameter as read-only ("ro"). | |||
| babel-mac-key-value: The value of the MAC key. An implementation | babel-mac-key-value: The value of the MAC key. An implementation | |||
| MUST NOT allow this parameter to be read. This can be done by | MUST NOT allow this parameter to be read. This can be done by | |||
| always providing an empty string when read, or through | always providing an empty string when read, through permissions, | |||
| permissions, or other means. This value MUST be provided when | or by other means. This value MUST be provided when this instance | |||
| this instance is created, and is not subsequently writable. This | is created and is not subsequently writable. This value is of a | |||
| value is of a length suitable for the associated babel-mac-key- | length suitable for the associated babel-mac-key-algorithm. If | |||
| algorithm. If the algorithm is based on the HMAC construction | the algorithm is based on the Hashed Message Authentication Code | |||
| [RFC2104], the length MUST be between 0 and an upper limit that is | (HMAC) construction [RFC2104], the length MUST be between 0 and an | |||
| at least the size of the output length (where "HMAC-SHA256" output | upper limit that is at least the size of the output length (where | |||
| length is 32 octets as described in [RFC4868]). Longer lengths | the "HMAC-SHA256" output length is 32 octets as described in | |||
| MAY be supported but are not necessary if the management system | [RFC4868]). Longer lengths MAY be supported but are not necessary | |||
| has the ability to generate a suitably random value (e.g., by | if the management system has the ability to generate a suitably | |||
| randomly generating a value or by using a key derivation technique | random value (e.g., by randomly generating a value or by using a | |||
| as recommended in [RFC8967] Security Considerations). If the | key derivation technique as recommended in the security | |||
| algorithm is "BLAKE2s-128", the length MUST be between 0 and 32 | considerations in Section 7 of [RFC8967]). If the algorithm is | |||
| bytes inclusive as specified by [RFC7693]. | "BLAKE2s-128", the length MUST be between 0 and 32 bytes inclusive | |||
| as specified by [RFC7693]. | ||||
| babel-mac-key-algorithm The name of the MAC algorithm used with this | babel-mac-key-algorithm The name of the MAC algorithm used with this | |||
| key. The value MUST be the same as one of the enumerations listed | key. The value MUST be the same as one of the enumerations listed | |||
| in the babel-mac-algorithms parameter. An implementation MAY | in the babel-mac-algorithms parameter. An implementation MAY | |||
| choose to expose this parameter as read-only ("ro"). | choose to expose this parameter as read-only ("ro"). | |||
| babel-mac-key-test: An operation that allows the MAC key and MAC | babel-mac-key-test: An operation that allows the MAC key and MAC | |||
| algorithm to be tested to see if they produce an expected outcome. | algorithm to be tested to see if they produce an expected outcome. | |||
| Input to this operation are a binary string and a calculated MAC | Input to this operation is a binary string and a calculated MAC | |||
| (also in the format of a binary string) for the binary string. | (also in the format of a binary string) for the binary string. | |||
| The implementation is expected to create a MAC over the binary | The implementation is expected to create a MAC over the binary | |||
| string using the babel-mac-key-value and the babel-mac-key- | string using the babel-mac-key-value and the babel-mac-key- | |||
| algorithm. The output of this operation is a Boolean indication | algorithm. The output of this operation is a Boolean indication | |||
| that the calculated MAC matched the input MAC (true) or the MACs | that the calculated MAC matched the input MAC (true) or the MACs | |||
| did not match (false). | did not match (false). | |||
| 3.9. Definition of babel-dtls-cert-set-obj | 3.9. Definition of babel-dtls-cert-set-obj | |||
| object { | object { | |||
| boolean rw babel-dtls-default-apply; | boolean rw babel-dtls-default-apply; | |||
| babel-dtls-cert-obj rw babel-dtls-certs<0..*>; | babel-dtls-cert-obj rw babel-dtls-certs<0..*>; | |||
| } babel-dtls-cert-set-obj; | } babel-dtls-cert-set-obj; | |||
| babel-dtls-default-apply: A Boolean flag indicating whether this | babel-dtls-default-apply: A Boolean flag indicating whether this | |||
| object instance is applied to all new babel-interface instances, | object instance is applied to all new babel-interfaces instances | |||
| by default. If "true", this instance is applied to new babel- | by default. If "true", this instance is applied to new babel- | |||
| interfaces instances at the time they are created, by including it | interfaces instances at the time they are created by including it | |||
| in the babel-interface-dtls-certs list. If "false", this instance | in the babel-interface-dtls-certs list. If "false", this instance | |||
| is not applied to new babel-interfaces instances when they are | is not applied to new babel-interfaces instances when they are | |||
| created. An implementation MAY choose to expose this parameter as | created. An implementation MAY choose to expose this parameter as | |||
| read-only ("ro"). | read-only ("ro"). | |||
| babel-dtls-certs: A set of babel-dtls-cert-obj objects. This | babel-dtls-certs: A set of babel-dtls-cert-obj objects. This | |||
| contains both certificates for this implementation to present for | contains both certificates for this implementation to present for | |||
| authentication, and to accept from others. Certificates with a | authentication and those to accept from others. Certificates with | |||
| non-empty babel-cert-private-key can be presented by this | a non-empty babel-cert-private-key can be presented by this | |||
| implementation for authentication. | implementation for authentication. | |||
| 3.10. Definition of babel-dtls-cert-obj | 3.10. Definition of babel-dtls-cert-obj | |||
| object { | object { | |||
| string rw babel-cert-name; | string rw babel-cert-name; | |||
| string rw babel-cert-value; | string rw babel-cert-value; | |||
| string rw babel-cert-type; | string rw babel-cert-type; | |||
| binary -- babel-cert-private-key; | binary -- babel-cert-private-key; | |||
| } babel-dtls-cert-obj; | } babel-dtls-cert-obj; | |||
| babel-cert-name: A unique name for this certificate that can be used | babel-cert-name: A unique name for this certificate that can be used | |||
| to identify the certificate in this object instance, since the | to identify the certificate in this object instance since the | |||
| value is too long to be useful for identification. This value | value is too long to be useful for identification. This value | |||
| MUST NOT be empty and can only be provided when this instance is | MUST NOT be empty and can only be provided when this instance is | |||
| created (i.e., it is not subsequently writable). The value MAY be | created (i.e., it is not subsequently writable). The value MAY be | |||
| auto-generated if not explicitly supplied when the instance is | auto-generated if not explicitly supplied when the instance is | |||
| created. | created. | |||
| babel-cert-value: The certificate in PEM format [RFC7468]. This | babel-cert-value: The certificate in Privacy-Enhanced Mail (PEM) | |||
| value MUST be provided when this instance is created, and is not | format [RFC7468]. This value MUST be provided when this instance | |||
| subsequently writable. | is created and is not subsequently writable. | |||
| babel-cert-type: The name of the certificate type of this object | babel-cert-type: The name of the certificate type of this object | |||
| instance. The value MUST be the same as one of the enumerations | instance. The value MUST be the same as one of the enumerations | |||
| listed in the babel-dtls-cert-types parameter. This value can | listed in the babel-dtls-cert-types parameter. This value can | |||
| only be provided when this instance is created, and is not | only be provided when this instance is created and is not | |||
| subsequently writable. | subsequently writable. | |||
| babel-cert-private-key: The value of the private key. If this is | babel-cert-private-key: The value of the private key. If this is | |||
| non-empty, this certificate can be used by this implementation to | non-empty, this certificate can be used by this implementation to | |||
| provide a certificate during DTLS handshaking. An implementation | provide a certificate during DTLS handshaking. An implementation | |||
| MUST NOT allow this parameter to be read. This can be done by | MUST NOT allow this parameter to be read. This can be done by | |||
| always providing an empty string when read, or through | always providing an empty string when read, through permissions, | |||
| permissions, or other means. This value can only be provided when | or by other means. This value can only be provided when this | |||
| this instance is created, and is not subsequently writable. | instance is created and is not subsequently writable. | |||
| 4. Extending the Information Model | 4. Extending the Information Model | |||
| Implementations MAY extend this information model with other | Implementations MAY extend this information model with other | |||
| parameters or objects. For example, an implementation MAY choose to | parameters or objects. For example, an implementation MAY choose to | |||
| expose Babel route filtering rules by adding a route filtering object | expose Babel route filtering rules by adding a route filtering object | |||
| with parameters appropriate to how route filtering is done in that | with parameters appropriate to how route filtering is done in that | |||
| implementation. The precise means used to extend the information | implementation. The precise means used to extend the information | |||
| model would be specific to the data model the implementation uses to | model would be specific to the data model the implementation uses to | |||
| expose this information. | expose this information. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| This document defines a set of information model objects and | This document defines a set of information model objects and | |||
| parameters that may be exposed to be visible from other devices, and | parameters that may be exposed and visible from other devices. Some | |||
| some of which may be configured. Securing access to and ensuring the | of these information model objects and parameters may be configured. | |||
| integrity of this data is in scope of and the responsibility of any | Securing access to and ensuring the integrity of this data is in | |||
| data model derived from this information model. Specifically, any | scope of and the responsibility of any data model derived from this | |||
| YANG [RFC7950] data model is expected to define security exposure of | information model. Specifically, any YANG [RFC7950] data model is | |||
| the various parameters, and a [TR-181] data model will be secured by | expected to define security exposure of the various parameters, and a | |||
| the mechanisms defined for the management protocol used to transport | [TR-181] data model will be secured by the mechanisms defined for the | |||
| it. | management protocol used to transport it. | |||
| Misconfiguration (whether unintentional or malicious) can prevent | Misconfiguration (whether unintentional or malicious) can prevent | |||
| reachability or cause poor network performance (increased latency, | reachability or cause poor network performance (increased latency, | |||
| jitter, etc.). Misconfiguration of security credentials can cause a | jitter, etc.). Misconfiguration of security credentials can cause a | |||
| denial of service condition for the Babel routing protocol. The | denial-of-service condition for the Babel routing protocol. The | |||
| information in this model discloses network topology, which can be | information in this model discloses network topology, which can be | |||
| used to mount subsequent attacks on traffic traversing the network. | used to mount subsequent attacks on traffic traversing the network. | |||
| This information model defines objects that can allow credentials | This information model defines objects that can allow credentials | |||
| (for this device, for trusted devices, and for trusted certificate | (for this device, for trusted devices, and for trusted certificate | |||
| authorities) to be added and deleted. Public keys may be exposed | authorities) to be added and deleted. Public keys may be exposed | |||
| through this model. This model requires that private keys and MAC | through this model. This model requires that private keys and MAC | |||
| keys never be exposed. Certificates used by [RFC8968] | keys never be exposed. Certificates used by [RFC8968] | |||
| implementations use separate parameters to model the public parts | implementations use separate parameters to model the public parts | |||
| (including the public key) and the private key. | (including the public key) and the private key. | |||
| MAC keys are allowed to be as short as zero-length. This is useful | MAC keys are allowed to be as short as zero length. This is useful | |||
| for testing. Network operators are RECOMMENDED to follow current | for testing. It is RECOMMENDED that network operators follow current | |||
| best practices for key length and generation of keys related to the | best practices for key length and generation of keys related to the | |||
| MAC algorithm associated with the key. Short (and zero-length) keys | MAC algorithm associated with the key. Short (and zero-length) keys | |||
| are highly susceptible to brute force attacks and therefore SHOULD | are highly susceptible to brute-force attacks and therefore SHOULD | |||
| NOT be used. See the Security Considerations section of [RFC8967] | NOT be used. See the security considerations as described in | |||
| for additional considerations related to MAC keys. The fifth | Section 7 of [RFC8967] for additional considerations related to MAC | |||
| paragraph of [RFC8967] Security Considerations makes some specific | keys; note that there are some specific key value recommendations in | |||
| key value recommendations that should be noted. It says that if it | the fifth paragraph. It says that if it is necessary to derive keys | |||
| is necessary to derive keys from a human-readable passphrase, "only | from a human-readable passphrase, "only the derived keys should be | |||
| the derived keys should be communicated to the routers" and "the | communicated to the routers" and "the original passphrase itself | |||
| original passphrase itself should be kept on the host used to perform | should be kept on the host used to perform the key generation" (which | |||
| the key generation" (which would be the management system in the case | would be the management system in the case of a remote management | |||
| of a remote management protocol). It also recommends that keys | protocol). It also recommends that keys "should have a length of 32 | |||
| "should have a length of 32 octets (both for HMAC-SHA256 and | octets (both for HMAC-SHA256 and BLAKE2s), and be chosen randomly". | |||
| BLAKE2s), and be chosen randomly". | ||||
| This information model uses key sets and certification sets to | This information model uses key sets and certification sets to | |||
| provide a means of grouping keys and certificates. This makes it | provide a means of grouping keys and certificates. This makes it | |||
| easy to use a different set per interface, the same set for one or | easy to use a different set per interface, use the same set for one | |||
| more interfaces, have a default set in case a new interface is | or more interfaces, have a default set in case a new interface is | |||
| instantiated and to change keys and certificates as needed. | instantiated, and change keys and certificates as needed. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| This document has no IANA actions. | This document has no IANA actions. | |||
| 7. Acknowledgements | 7. References | |||
| Juliusz Chroboczek, Toke Hoeiland-Joergensen, David Schinazi, Antonin | ||||
| Decimo, Acee Lindem, and Carsten Bormann have been very helpful in | ||||
| refining this information model. | ||||
| The language in the Notation section was mostly taken from [RFC8193]. | ||||
| 8. References | ||||
| 8.1. Normative References | 7.1. Normative References | |||
| [ISO.10646] | [ISO.10646] | |||
| International Organization for Standardization, | International Organization for Standardization, | |||
| "Information Technology - Universal Multiple-Octet Coded | "Information technology - Universal Coded Character Set | |||
| Character Set (UCS)", ISO Standard 10646:2014, 2014. | (UCS)", ISO Standard 10646:2014, 2014. | |||
| [libpcap] Wireshark, "Libpcap File Format", 2015, | [libpcap] GitLab, "Libpcap File Format", Wireshark Foundation, | |||
| <https://wiki.wireshark.org/Development/ | November 2020, <https://gitlab.com/wireshark/wireshark/- | |||
| LibpcapFileFormat>. | /wikis/Development/LibpcapFileFormat>. | |||
| [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
| Hashing for Message Authentication", RFC 2104, | Hashing for Message Authentication", RFC 2104, | |||
| DOI 10.17487/RFC2104, February 1997, | DOI 10.17487/RFC2104, February 1997, | |||
| <https://www.rfc-editor.org/info/rfc2104>. | <https://www.rfc-editor.org/info/rfc2104>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 22, line 19 ¶ | skipping to change at line 965 ¶ | |||
| [RFC8967] Dô, C., Kolodziejak, W., and J. Chroboczek, "MAC | [RFC8967] Dô, C., Kolodziejak, W., and J. Chroboczek, "MAC | |||
| Authentication for the Babel Routing Protocol", RFC 8967, | Authentication for the Babel Routing Protocol", RFC 8967, | |||
| DOI 10.17487/RFC8967, January 2021, | DOI 10.17487/RFC8967, January 2021, | |||
| <https://www.rfc-editor.org/info/rfc8967>. | <https://www.rfc-editor.org/info/rfc8967>. | |||
| [RFC8968] Décimo, A., Schinazi, D., and J. Chroboczek, "Babel | [RFC8968] Décimo, A., Schinazi, D., and J. Chroboczek, "Babel | |||
| Routing Protocol over Datagram Transport Layer Security", | Routing Protocol over Datagram Transport Layer Security", | |||
| RFC 8968, DOI 10.17487/RFC8968, January 2021, | RFC 8968, DOI 10.17487/RFC8968, January 2021, | |||
| <https://www.rfc-editor.org/info/rfc8968>. | <https://www.rfc-editor.org/info/rfc8968>. | |||
| 8.2. Informative References | 7.2. Informative References | |||
| [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | |||
| and A. Bierman, Ed., "Network Configuration Protocol | and A. Bierman, Ed., "Network Configuration Protocol | |||
| (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | |||
| <https://www.rfc-editor.org/info/rfc6241>. | <https://www.rfc-editor.org/info/rfc6241>. | |||
| [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | |||
| RFC 7950, DOI 10.17487/RFC7950, August 2016, | RFC 7950, DOI 10.17487/RFC7950, August 2016, | |||
| <https://www.rfc-editor.org/info/rfc7950>. | <https://www.rfc-editor.org/info/rfc7950>. | |||
| [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. | [RFC8193] Burbridge, T., Eardley, P., Bagnulo, M., and J. | |||
| Schoenwaelder, "Information Model for Large-Scale | Schoenwaelder, "Information Model for Large-Scale | |||
| Measurement Platforms (LMAPs)", RFC 8193, | Measurement Platforms (LMAPs)", RFC 8193, | |||
| DOI 10.17487/RFC8193, August 2017, | DOI 10.17487/RFC8193, August 2017, | |||
| <https://www.rfc-editor.org/info/rfc8193>. | <https://www.rfc-editor.org/info/rfc8193>. | |||
| [TR-181] Broadband Forum, "Device Data Model", | [TR-181] Broadband Forum, "Device Data Model", Issue: 2 Amendment | |||
| 14, November 2020, | ||||
| <http://cwmp-data-models.broadband-forum.org/>. | <http://cwmp-data-models.broadband-forum.org/>. | |||
| Acknowledgements | ||||
| Juliusz Chroboczek, Toke Høiland-Jørgensen, David Schinazi, Antonin | ||||
| Décimo, Roman Danyliw, Benjamin Kaduk, Valery Smyslov, Alvaro Retana, | ||||
| Donald Eastlake, Martin Vigoureux, Acee Lindem, and Carsten Bormann | ||||
| have been very helpful in refining this information model. | ||||
| The language in the "Notation" section was mostly taken from | ||||
| [RFC8193]. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Barbara Stark | Barbara Stark | |||
| AT&T | AT&T | |||
| Atlanta, GA, | TX | |||
| United States of America | United States of America | |||
| Email: barbara.stark@att.com | Email: barbara.stark@att.com | |||
| Mahesh Jethanandani | Mahesh Jethanandani | |||
| VMware | Kloud Services | |||
| California | CA | |||
| United States of America | United States of America | |||
| Email: mjethanandani@gmail.com | Email: mjethanandani@gmail.com | |||
| End of changes. 85 change blocks. | ||||
| 226 lines changed or deleted | 230 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||