idnits 2.17.1 draft-ietf-ntp-yang-data-model-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 41 instances of too long lines in the document, the longest one being 18 characters in excess of 72. == There are 1 instance of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 4 instances of lines with multicast IPv4 addresses in the document. If these are generic example addresses, they should be changed to use the 233.252.0.x range defined in RFC 5771 Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 140 has weird spacing: '...ss-mode acc...' == Line 228 has weird spacing: '...address rt-...' == Line 230 has weird spacing: '...address rt-...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (October 28, 2017) is 2372 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-06) exists of draft-ietf-netmod-yang-tree-diagrams-02 ** Obsolete normative reference: RFC 6536 (Obsoleted by RFC 8341) == Outdated reference: A later version (-10) exists of draft-ietf-netmod-revised-datastores-05 Summary: 2 errors (**), 0 flaws (~~), 9 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group N. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track A. Kumar S N 5 Expires: May 1, 2018 RtBrick Inc. 6 Y. Zhao 7 Ericsson 8 D. Dhody 9 A. Sinha 10 Huawei 11 October 28, 2017 13 A YANG Data Model for NTP 14 draft-ietf-ntp-yang-data-model-01 16 Abstract 18 This document defines a YANG data model for Network Time Protocol 19 implementations. The data model includes configuration data and 20 state data. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 26 "OPTIONAL" in this document are to be interpreted as described in BCP 27 14 [RFC2119] [RFC8174] when, and only when, they appear in all 28 capitals, as shown here. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on May 1, 2018. 47 Copyright Notice 49 Copyright (c) 2017 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents 54 (https://trustee.ietf.org/license-info) in effect on the date of 55 publication of this document. Please review these documents 56 carefully, as they describe your rights and restrictions with respect 57 to this document. Code Components extracted from this document must 58 include Simplified BSD License text as described in Section 4.e of 59 the Trust Legal Provisions and are provided without warranty as 60 described in the Simplified BSD License. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 65 1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 66 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 67 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 68 2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 6 70 4. Relationship with RFC7317 . . . . . . . . . . . . . . . . . . 7 71 5. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 8 72 6. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 27 73 6.1. Unicast association . . . . . . . . . . . . . . . . . . . 27 74 6.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 29 75 6.3. Authentication configuration . . . . . . . . . . . . . . 30 76 6.4. Access configuration . . . . . . . . . . . . . . . . . . 31 77 6.5. Multicast configuration . . . . . . . . . . . . . . . . . 32 78 6.6. Manycast configuration . . . . . . . . . . . . . . . . . 35 79 6.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 38 80 6.8. Get all association . . . . . . . . . . . . . . . . . . . 38 81 6.9. Global statistic . . . . . . . . . . . . . . . . . . . . 40 82 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 40 83 8. Security Considerations . . . . . . . . . . . . . . . . . . . 41 84 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 85 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 41 86 10.1. Normative References . . . . . . . . . . . . . . . . . . 41 87 10.2. Informative References . . . . . . . . . . . . . . . . . 42 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 42 90 1. Introduction 92 This document defines a YANG [RFC6020] data model for Network Time 93 Protocol [RFC5905] implementations. 95 The data model convers configuration of system parameters of NTP, 96 such as access rules, authentication and VRF binding, and also 97 associations of NTP in different modes and parameters of per- 98 interface. It also provides information about running state of NTP 99 implementations. 101 1.1. Operational State 103 NTP Operational State is included in the same tree as NTP 104 configuration, consistent with Network Management Datastore 105 Architecture [I-D.ietf-netmod-revised-datastores]. NTP current state 106 and statistics are also maintained in the operational state. 107 Additionally, the operational state also include the associations 108 state. 110 1.2. Terminology 112 The terminology used in this document is aligned to [RFC5905]. 114 1.3. Tree Diagrams 116 A simplified graphical representation of the data model is used in 117 this document. This document uses the graphical representation of 118 data models defined in [I-D.ietf-netmod-yang-tree-diagrams]. 120 2. NTP data model 122 This document defines the YANG module "ietf-ntp", which has the 123 following structure: 125 module: ietf-ntp 126 +--rw ntp! 127 +--rw port? uint16 128 +--rw refclock-master! 129 | +--rw master-stratum? ntp-stratum 130 +--rw authentication 131 | +--rw auth-enabled? boolean 132 | +--rw trusted-keys* [key-id] 133 | | +--rw key-id -> /ntp/authentication/authentication-keys/key-id 134 | +--rw authentication-keys* [key-id] 135 | +--rw key-id uint32 136 | +--rw algorithm? identityref 137 | +--rw password? ianach:crypt-hash 138 +--rw access-rules 139 | +--rw access-rule* [access-mode] 140 | +--rw access-mode access-modes 141 | +--rw acl? -> /acl:access-lists/acl/acl-name 142 +--ro clock-state 143 | +--ro system-status 144 | +--ro clock-state ntp-clock-status 145 | +--ro clock-stratum ntp-stratum 146 | +--ro clock-refid union 147 | +--ro associations-address? -> /ntp/associations/address 148 | +--ro associations-local-mode? -> /ntp/associations/local-mode 149 | +--ro associations-isConfigured? -> /ntp/associations/isConfigured 150 | +--ro nominal-freq decimal64 151 | +--ro actual-freq decimal64 152 | +--ro clock-precision uint8 153 | +--ro clock-offset? decimal64 154 | +--ro root-delay? decimal64 155 | +--ro root-dispersion? decimal64 156 | +--ro reference-time? yang:date-and-time 157 | +--ro sync-state ntp-sync-state 158 +--rw unicast* [address type] 159 | +--rw address inet:host 160 | +--rw type unicast-configuration-type 161 | +--rw authentication 162 | | +--rw (authentication-type)? 163 | | +--:(symmetric-key) 164 | | +--rw key-id? -> /ntp/authentication/authentication-keys/key-id 165 | +--rw prefer? boolean 166 | +--rw burst? boolean 167 | +--rw iburst? boolean 168 | +--rw source? if:interface-ref 169 | +--rw minpoll? ntp-minpoll 170 | +--rw maxpoll? ntp-maxpoll 171 | +--rw port? uint16 172 | +--rw version? ntp-version 173 +--ro associations* [address local-mode isConfigured] 174 | +--ro address inet:host 175 | +--ro local-mode association-modes 176 | +--ro isConfigured boolean 177 | +--ro stratum? ntp-stratum 178 | +--ro refid? union 179 | +--ro authentication? -> /ntp/authentication/authentication-keys/key-id 180 | +--ro prefer? boolean 181 | +--ro peer-interface? if:interface-ref 182 | +--ro minpoll? ntp-minpoll 183 | +--ro maxpoll? ntp-maxpoll 184 | +--ro port? uint16 185 | +--ro version? ntp-version 186 | +--ro reach? uint8 187 | +--ro unreach? uint8 188 | +--ro poll? uint8 189 | +--ro now? uint32 190 | +--ro offset? decimal64 191 | +--ro delay? decimal64 192 | +--ro dispersion? decimal64 193 | +--ro originate-time? yang:date-and-time 194 | +--ro receive-time? yang:date-and-time 195 | +--ro transmit-time? yang:date-and-time 196 | +--ro input-time? yang:date-and-time 197 | +--ro ntp-statistics 198 | +--ro packet-sent? yang:counter32 199 | +--ro packet-sent-fail? yang:counter32 200 | +--ro packet-received? yang:counter32 201 | +--ro packet-dropped? yang:counter32 202 +--rw interfaces 203 | +--rw interface* [name] 204 | +--rw name if:interface-ref 205 | +--rw broadcast-server! 206 | | +--rw ttl? uint8 207 | | +--rw authentication 208 | | | +--rw (authentication-type)? 209 | | | +--:(symmetric-key) 210 | | | +--rw key-id? -> /ntp/authentication/authentication-keys/key-id 211 | | +--rw minpoll? ntp-minpoll 212 | | +--rw maxpoll? ntp-maxpoll 213 | | +--rw port? uint16 214 | | +--rw version? ntp-version 215 | +--rw broadcast-client! 216 | +--rw multicast-server* [address] 217 | | +--rw address rt-types:ip-multicast-group-address 218 | | +--rw ttl? uint8 219 | | +--rw authentication 220 | | | +--rw (authentication-type)? 221 | | | +--:(symmetric-key) 222 | | | +--rw key-id? -> /ntp/authentication/authentication-keys/key-id 223 | | +--rw minpoll? ntp-minpoll 224 | | +--rw maxpoll? ntp-maxpoll 225 | | +--rw port? uint16 226 | | +--rw version? ntp-version 227 | +--rw multicast-client* [address] 228 | | +--rw address rt-types:ip-multicast-group-address 229 | +--rw manycast-server* [address] 230 | | +--rw address rt-types:ip-multicast-group-address 231 | +--rw manycast-client* [address] 232 | +--rw address rt-types:ip-multicast-group-address 233 | +--rw authentication 234 | | +--rw (authentication-type)? 235 | | +--:(symmetric-key) 236 | | +--rw key-id? -> /ntp/authentication/authentication-keys/key-id 237 | +--rw ttl? uint8 238 | +--rw minclock? uint8 239 | +--rw maxclock? uint8 240 | +--rw beacon? uint8 241 | +--rw minpoll? ntp-minpoll 242 | +--rw maxpoll? ntp-maxpoll 243 | +--rw port? uint16 244 | +--rw version? ntp-version 245 +--ro ntp-statistics 246 +--ro packet-sent? yang:counter32 247 +--ro packet-sent-fail? yang:counter32 248 +--ro packet-received? yang:counter32 249 +--ro packet-dropped? yang:counter32 251 This data model defines one top-level container which includes both 252 the NTP configuration and the NTP running state including access 253 rules, authentication, associations, unicast, interfaces, system 254 status and associations. 256 3. Relationship with NTPv4-MIB 258 If the device implements the NTPv4-MIB [RFC5907], data nodes in 259 container ntp and ntp-state from YANG module can be mapped to table 260 entries in NTPv4-MIB. 262 The following tables list the YANG data nodes with corresponding 263 objects in the NTPv4-MIB. 265 +--------------------------+--------------------------+ 266 | YANG data nodes in /ntp/ | NTPv4-MIB objects | 267 +--------------------------+--------------------------+ 268 | ntp-enabled | ntpEntStatusCurrentMode | 269 +--------------------------+--------------------------+ 271 +--------------------------------------+---------------------+ 272 | YANG data nodes in /ntp/associations | NTPv4-MIB objects | 273 +--------------------------------------+---------------------+ 274 | address | ntpAssocAddressType | 275 | | ntpAssocAddress | 276 +--------------------------------------+---------------------+ 278 YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects 279 +---------------------------------+---------------------------------+ 280 | YANG data nodes in /ntp/clock- | NTPv4-MIB objects | 281 | state/system-status | | 282 +---------------------------------+---------------------------------+ 283 | clock-state | ntpEntStatusCurrentMode | 284 | clock-stratum | ntpEntStatusStratum | 285 | clock-refid | ntpEntStatusActiveRefSourceId | 286 | | ntpEntStatusActiveRefSourceName | 287 | clock-precision | ntpEntTimePrecision | 288 | clock-offset | ntpEntStatusActiveOffset | 289 | root-dispersion | ntpEntStatusDispersion | 290 +---------------------------------+---------------------------------+ 292 +---------------------------------------+---------------------------+ 293 | YANG data nodes in /ntp/associations/ | NTPv4-MIB objects | 294 +---------------------------------------+---------------------------+ 295 | address | ntpAssocAddressType | 296 | | ntpAssocAddress | 297 | stratum | ntpAssocStratum | 298 | refid | ntpAssocRefId | 299 | offset | ntpAssocOffset | 300 | delay | ntpAssocStatusDelay | 301 | dispersion | ntpAssocStatusDispersion | 302 | ntp-statistics/packet-sent | ntpAssocStatOutPkts | 303 | ntp-statistics/packet-received | ntpAssocStatInPkts | 304 | ntp-statistics/packet-dropped | ntpAssocStatProtocolError | 305 +---------------------------------------+---------------------------+ 307 YANG NTP State Data Nodes and Related NTPv4-MIB Objects 309 4. Relationship with RFC7317 311 This section describes the relationship with NTP definition in 312 Section 3.2 System Time Management of [RFC7317] . YANG data nodes in 313 /ntp/ also supports interface related configurations which is not 314 supported in /system/ntp 315 +---------------------------+--------------------------------+ 316 | YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | 317 +---------------------------+--------------------------------+ 318 | ntp-enabled | enabled | 319 | unicast | server | 320 | | server/name | 321 | unicast/address | server/transport/udp/address | 322 | unicast/port | server/transport/udp/port | 323 | unicast/type | server/association-type | 324 | unicast/iburst | server/iburst | 325 | unicast/prefer | server/prefer | 326 +---------------------------+--------------------------------+ 328 YANG NTP Configuration Data Nodes and counterparts in RFC7317 Objects 330 5. NTP YANG Module 332 file "ietf-ntp@2017-10-28.yang" 333 module ietf-ntp { 335 namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; 337 prefix "ntp"; 339 import ietf-yang-types { 340 prefix "yang"; 341 } 343 import ietf-inet-types { 344 prefix "inet"; 345 } 347 import ietf-interfaces { 348 prefix "if"; 349 } 351 import iana-crypt-hash { 352 prefix ianach; 353 } 355 import ietf-key-chain { 356 prefix "key-chain"; 357 } 359 import ietf-access-control-list { 360 prefix "acl"; 361 } 362 import ietf-routing-types { 363 prefix "rt-types"; 364 } 366 organization 367 "IETF NTP (Network Time Protocol) Working Group"; 369 contact 370 "WG Web: 371 WG List: 374 Editor: Eric Wu 375 376 Editor: Anil Kumar S N 377 378 Editor: Yi Zhao 379 380 Editor: Dhruv Dhody 381 382 Editor: Ankit Kumar Sinha 383 "; 384 description 385 "This YANG module defines essential components for the 386 management of a routing subsystem. 388 Copyright (c) 2017 IETF Trust and the persons identified 389 as authors of the code. All rights reserved. 391 Redistribution and use in source and binary forms, 392 with or without modification, is permitted pursuant to, 393 and subject to the license terms contained in, the 394 Simplified BSD License set forth in Section 4.c of the 395 IETF Trust's Legal Provisions Relating to IETF Documents 396 (http://trustee.ietf.org/license-info). 398 This version of this YANG module is part of RFC XXXX; 399 see the RFC itself for full legal notices."; 401 revision 2017-10-28 { 402 description 403 "Updated revision."; 404 reference 405 "RFC XXXX: A YANG Data Model for NTP Management"; 406 } 408 /* Typedef Definitions */ 409 typedef ntp-stratum { 410 type uint8 { 411 range "1..16"; 412 } 413 description 414 "The level of each server in the hierarchy is defined by 415 a stratum number. Primary servers are assigned stratum 416 one; secondary servers at each lower level are assigned 417 stratum numbers one greater than the preceding level"; 418 } 420 typedef ntp-version { 421 type uint8 { 422 range "1..4"; 423 } 424 default "3"; 425 description 426 "The current NTP version supported by corresponding 427 association."; 428 } 430 typedef ntp-minpoll { 431 type uint8 { 432 range "4..17"; 433 } 434 default "6"; 435 description 436 "The minimum poll exponent for this NTP association."; 437 } 439 typedef ntp-maxpoll { 440 type uint8 { 441 range "4..17"; 442 } 443 default "10"; 444 description 445 "The maximul poll exponent for this NTP association."; 446 } 448 typedef access-modes { 449 type enumeration { 450 enum peer { 451 value "0"; 452 description 453 "Sets the fully access authority. Both time 454 request and control query can be performed 455 on the local NTP service, and the local clock 456 can be synchronized to the remote server."; 457 } 458 enum server { 459 value "1"; 460 description 461 "Enables the server access and query. 462 Both time requests and control query can be 463 performed on the local NTP service, but the 464 local clock cannot be synchronized to the 465 remote server."; 466 } 467 enum synchronization { 468 value "2"; 469 description 470 "Enables the server to access. 471 Only time request can be performed on the 472 local NTP service."; 473 } 474 enum query { 475 value "3"; 476 description 477 "Sets the maximum access limitation. 478 Control query can be performed only on the 479 local NTP service."; 480 } 481 } 482 description 483 "This defines NTP acess modes."; 484 } 486 typedef unicast-configuration-type { 487 type enumeration { 488 enum server { 489 value "0"; 490 description 491 "Use client association mode. This device 492 will not provide synchronization to the 493 configured NTP server."; 494 } 495 enum peer { 496 value "1"; 497 description 498 "Use symmetric active association mode. 499 This device may provide synchronization 500 to the configured NTP server."; 501 } 502 } 503 description 504 "This defines NTP unicast mode of operation."; 505 } 507 typedef association-modes { 508 type enumeration { 509 enum client { 510 value "0"; 511 description 512 "Use client association mode(mode 3). 513 This device will not provide synchronization 514 to the configured NTP server."; 515 } 516 enum active { 517 value "1"; 518 description 519 "Use symmetric active association mode(mode 1). 520 This device may synchronize with its NTP peer, 521 or provide synchronization to configured NTP peer."; 522 } 523 enum passive { 524 value "2"; 525 description 526 "Use symmetric passive association mode(mode 2). 527 This device has learnt this asso dynamically. 528 This device may synchronize with its NTP peer."; 529 } 530 enum broadcast { 531 value "3"; 532 description 533 "Use broadcast mode(mode 5). 534 This mode defines that its eigther working 535 as broadcast-server or multicast-server."; 536 } 537 enum broadcast-client { 538 value "4"; 539 description 540 "This mode defines that its eigther working 541 as broadcast-client or multicast-client."; 542 } 543 } 544 description 545 "This defines NTP association modes."; 546 } 548 typedef ntp-clock-status { 549 type enumeration { 550 enum synchronized { 551 value "0"; 552 description 553 "Indicates that the local clock has been 554 synchronized with an NTP server or 555 the reference clock."; 556 } 557 enum unsynchronized { 558 value "1"; 559 description 560 "Indicates that the local clock has not been 561 synchronized with any NTP server."; 562 } 563 } 564 description 565 "This defines NTP clock status."; 566 } 568 typedef ntp-sync-state { 569 type enumeration { 570 enum clock-not-set { 571 value "0"; 572 description 573 "Indicates the clock is not updated."; 574 } 575 enum freq-set-by-cfg { 576 value "1"; 577 description 578 "Indicates the clock frequency is set by 579 NTP configuration."; 580 } 581 enum clock-set { 582 value "2"; 583 description 584 "Indicates the clock is set."; 585 } 586 enum freq-not-determined { 587 value "3"; 588 description 589 "Indicates the clock is set but the frequency 590 is not determined."; 591 } 592 enum clock-synchronized { 593 value "4"; 594 description 595 "Indicates that the clock is synchronized"; 596 } 597 enum spike { 598 value "5"; 599 description 600 "Indicates a time difference of more than 128 601 milliseconds is detected between NTP server 602 and client clock. The clock change will take 603 effect in XXX seconds."; 604 } 605 } 606 description 607 "This defines NTP clock sync states."; 608 } 610 /* Groupings */ 611 grouping authentication-key { 612 description 613 "To define an authentication key for a Network Time 614 Protocol (NTP) time source."; 615 leaf key-id { 616 type uint32 { 617 range "1..max"; 618 } 619 description 620 "Authentication key identifier."; 621 } 622 leaf algorithm { 623 type identityref { 624 base key-chain:crypto-algorithm; 625 } 626 description 627 "Authentication algorithm."; 628 } 629 leaf password { 630 type ianach:crypt-hash; 631 description "Clear or encrypted mode for password text."; 632 } 633 } 635 grouping authentication-type-param { 636 description 637 "Authentication type."; 638 choice authentication-type { 639 description 640 "Type of authentication."; 641 case symmetric-key { 642 leaf key-id { 643 type leafref { 644 path "/ntp:ntp/ntp:authentication/" 645 + "ntp:authentication-keys/ntp:key-id"; 646 } 647 description 648 "Authentication key id referenced in this 649 association."; 650 } 651 } 652 } 653 } 655 grouping statistics { 656 description 657 "NTP packet statistic."; 658 leaf packet-sent { 659 type yang:counter32; 660 description 661 "Indicates the total number of packets sent."; 662 } 663 leaf packet-sent-fail { 664 type yang:counter32; 665 description 666 "Indicates the number of times packet 667 sending failed."; 668 } 669 leaf packet-received { 670 type yang:counter32; 671 description 672 "Indicates the total number of packets received."; 673 } 674 leaf packet-dropped { 675 type yang:counter32; 676 description 677 "Indicates the number of packets dropped."; 678 } 679 } 681 grouping comman-attributes { 682 description 683 "NTP common attributes for configuration."; 684 leaf minpoll { 685 type ntp-minpoll; 686 description 687 "The minimum poll interval used in this association."; 688 } 689 leaf maxpoll { 690 type ntp-maxpoll; 691 description 692 "The maximul poll interval used in this association."; 693 } 694 leaf port { 695 type uint16 { 696 range "123 | 1025..max"; 697 } 698 default "123"; 699 description 700 "Specify the port used to send NTP packets."; 701 } 702 leaf version { 703 type ntp-version; 704 description 705 "NTP version."; 706 } 707 } 709 grouping association-ref { 710 description 711 "Reference to NTP association node"; 712 leaf associations-address { 713 type leafref { 714 path "/ntp:ntp/ntp:associations/ntp:address"; 715 } 716 description 717 "Indicates the association address 718 which result in clock synchronization."; 719 } 720 leaf associations-local-mode { 721 type leafref { 722 path "/ntp:ntp/ntp:associations/ntp:local-mode"; 723 } 724 description 725 "Indicates the association local-mode 726 which result in clock synchronization."; 727 } 728 leaf associations-isConfigured { 729 type leafref { 730 path "/ntp:ntp/ntp:associations/ntp:isConfigured"; 731 } 732 description 733 "Indicates the association was configured or dynamic 734 which result in clock synchronization."; 735 } 736 } 738 /* Configuration data nodes */ 739 container ntp { 740 presence 741 "NTP is enable"; 742 description 743 "Configuration parameters for NTP."; 745 leaf port { 746 type uint16 { 747 range "123 | 1025..max"; 748 } 749 default "123"; 750 description 751 "Specify the port used to send NTP packets."; 752 } 754 container refclock-master { 755 presence 756 "NTP master clock is enable"; 757 description 758 "Configures the device as NTP server."; 759 leaf master-stratum { 760 type ntp-stratum; 761 default "16"; 762 description 763 "Stratum level from which NTP 764 clients get their time synchronized."; 765 } 766 } 767 container authentication { 768 description 769 "Configuration of authentication."; 770 leaf auth-enabled { 771 type boolean; 772 default false; 773 description 774 "Controls whether NTP authentication is enabled 775 or disabled on this device."; 776 } 777 list trusted-keys { 778 key "key-id"; 779 description 780 "List of keys trusted by NTP."; 781 leaf key-id { 782 type leafref { 783 path "/ntp:ntp/ntp:authentication/" 784 + "ntp:authentication-keys/ntp:key-id"; 785 } 786 description 787 "The key trusted by NTP."; 788 } 789 } 790 list authentication-keys { 791 key "key-id"; 792 uses authentication-key; 793 description 794 "List of authentication key."; 795 } 796 } 798 container access-rules { 799 description 800 "Configuration of access rules."; 801 list access-rule { 802 key "access-mode"; 803 description 804 "List of access rules."; 805 leaf access-mode { 806 type access-modes; 807 description 808 "NTP access mode."; 809 } 810 leaf acl { 811 type leafref { 812 path "/acl:access-lists/acl:acl/acl:acl-name"; 813 } 814 description 815 "NTP ACL."; 816 } 817 } 818 } 820 container clock-state { 821 config "false"; 822 description 823 "Operational state of the NTP."; 825 container system-status { 826 description 827 "System status of NTP."; 828 leaf clock-state { 829 type ntp-clock-status; 830 mandatory true; 831 description "Indicates the state of system clock."; 832 } 833 leaf clock-stratum { 834 type ntp-stratum; 835 mandatory true; 836 description 837 "Indicates the stratum of the reference clock."; 838 } 839 leaf clock-refid { 840 type union { 841 type inet:ipv4-address; 842 type binary { 843 length "4"; 844 } 845 type string { 846 length "4"; 847 } 848 } 849 mandatory true; 850 description 851 "IPv4 address or first 32 bits of the MD5 hash of 852 the IPv6 address or reference clock of the peer to 853 which clock is synchronized."; 854 } 855 uses association-ref { 856 description 857 "Reference to Association node"; 858 } 859 leaf nominal-freq { 860 type decimal64 { 861 fraction-digits 4; 862 } 863 mandatory true; 864 description 865 "Indicates the nominal frequency of the 866 local clock, in Hz."; 867 } 868 leaf actual-freq { 869 type decimal64 { 870 fraction-digits 4; 871 } 872 mandatory true; 873 description 874 "Indicates the actual frequency of the 875 local clock, in Hz."; 876 } 877 leaf clock-precision { 878 type uint8; 879 mandatory true; 880 description 881 "Precision of the clock of this system 882 in Hz.(prec=2^(-n))"; 883 } 884 leaf clock-offset { 885 type decimal64 { 886 fraction-digits 4; 887 } 888 description 889 "Offset of clock to synchronized peer, 890 in milliseconds."; 891 } 892 leaf root-delay { 893 type decimal64 { 894 fraction-digits 2; 895 } 896 description 897 "Total delay along path to root clock, 898 in milliseconds."; 899 } 900 leaf root-dispersion { 901 type decimal64 { 902 fraction-digits 2; 903 } 904 description 905 "Indicates the dispersion between the local clock 906 and the master reference clock, in milliseconds."; 907 } 908 leaf reference-time { 909 type yang:date-and-time; 910 description 911 "Indicates reference timestamp."; 912 } 913 leaf sync-state { 914 type ntp-sync-state; 915 mandatory true; 916 description 917 "Indicates the synchronization status of 918 the local clock."; 919 } 920 } 921 } 923 list unicast { 924 key "address type"; 925 description 926 "list of unicast configuration."; 927 leaf address { 928 type inet:host; 929 description 930 "The address of this association."; 931 } 932 leaf type { 933 type unicast-configuration-type; 934 description 935 "Type for this NTP configuration"; 936 } 937 container authentication{ 938 description 939 "Authentication type."; 940 uses authentication-type-param; 941 } 942 leaf prefer { 943 type boolean; 944 default "false"; 945 description 946 "Whether this association is preferred."; 947 } 948 leaf burst { 949 type boolean; 950 default "false"; 951 description 952 "Sends a series of packets instead of a single packet 953 within each synchronization interval to achieve faster 954 synchronization."; 955 } 956 leaf iburst { 957 type boolean; 958 default "false"; 959 description 960 "Sends a series of packets instead of a single packet 961 within the initial synchronization interval to achieve 962 faster initial synchronization."; 963 } 964 leaf source { 965 type if:interface-ref; 966 description 967 "The interface whose ip address this association used 968 as source address."; 969 } 970 uses comman-attributes { 971 description 972 "Common attribute like port, version, min and max poll."; 973 } 974 } 976 list associations { 977 key "address local-mode isConfigured"; 978 config "false"; 979 description 980 "list of NTP association."; 981 leaf address { 982 type inet:host; 983 description 984 "The address of this association."; 986 } 987 leaf local-mode { 988 type association-modes; 989 description 990 "Local mode for this NTP association."; 991 } 992 leaf isConfigured { 993 type boolean; 994 description 995 "Whether this association is configured or dynamically learnt."; 996 } 997 leaf stratum { 998 type ntp-stratum; 999 description 1000 "Indicates the stratum of the reference clock."; 1001 } 1002 leaf refid { 1003 type union { 1004 type inet:ipv4-address; 1005 type binary { 1006 length "4"; 1007 } 1008 type string { 1009 length "4"; 1010 } 1011 } 1012 description 1013 "Reference clock type or address for the peer."; 1014 } 1015 leaf authentication{ 1016 type leafref { 1017 path "/ntp:ntp/ntp:authentication/" 1018 + "ntp:authentication-keys/ntp:key-id"; 1019 } 1020 description 1021 "Authentication Key used for this association."; 1022 } 1023 leaf prefer { 1024 type boolean; 1025 default "false"; 1026 description 1027 "Whether this association is preferred."; 1028 } 1029 leaf peer-interface { 1030 type if:interface-ref; 1031 description 1032 "The interface which is used for communication."; 1033 } 1034 uses comman-attributes { 1035 description 1036 "Common attribute like port, version, min and max poll."; 1037 } 1038 leaf reach { 1039 type uint8; 1040 description 1041 "Indicates the reachability of the configured 1042 server or peer."; 1043 } 1044 leaf unreach { 1045 type uint8; 1046 description 1047 "Indicates the unreachability of the configured 1048 server or peer."; 1049 } 1050 leaf poll { 1051 type uint8; 1052 description 1053 "Indicates the polling interval for current, 1054 in seconds."; 1055 } 1056 leaf now { 1057 type uint32; 1058 description 1059 "Indicates the time since the NTP packet was 1060 not received or last synchronized, in seconds."; 1061 } 1062 leaf offset { 1063 type decimal64 { 1064 fraction-digits 4; 1065 } 1066 description 1067 "Indicates the offset between the local clock 1068 and the superior reference clock."; 1069 } 1070 leaf delay { 1071 type decimal64 { 1072 fraction-digits 2; 1073 } 1074 description 1075 "Indicates the delay between the local clock 1076 and the superior reference clock."; 1077 } 1078 leaf dispersion { 1079 type decimal64 { 1080 fraction-digits 2; 1081 } 1082 description 1083 "Indicates the dispersion between the local 1084 clock and the superior reference clock."; 1085 } 1086 leaf originate-time { 1087 type yang:date-and-time; 1088 description 1089 "Indicates packet originate timestamp(T1)."; 1090 } 1091 leaf receive-time { 1092 type yang:date-and-time; 1093 description 1094 "Indicates packet receive timestamp(T2)."; 1095 } 1096 leaf transmit-time { 1097 type yang:date-and-time; 1098 description 1099 "Indicates packet transmit timestamp(T3)."; 1100 } 1101 leaf input-time { 1102 type yang:date-and-time; 1103 description 1104 "Indicates packet input timestamp(T4)."; 1105 } 1106 container ntp-statistics { 1107 description 1108 "Per Peer packet send and receive statistic."; 1109 uses statistics { 1110 description 1111 "NTP send and receive packet statistic."; 1112 } 1113 } 1114 } 1116 container interfaces { 1117 description 1118 "Configuration parameters for NTP interfaces."; 1119 list interface { 1120 key "name"; 1121 description 1122 "List of interfaces."; 1123 leaf name { 1124 type if:interface-ref; 1125 description 1126 "The interface name."; 1127 } 1129 container broadcast-server { 1130 presence 1131 "NTP broadcast-server is configured"; 1132 description 1133 "Configuration of broadcast server."; 1134 leaf ttl { 1135 type uint8; 1136 description 1137 "Specifies the time to live (TTL) of a 1138 broadcast packet."; 1139 } 1140 container authentication{ 1141 description 1142 "Authentication type."; 1143 uses authentication-type-param; 1144 } 1145 uses comman-attributes { 1146 description 1147 "Common attribute like port, version, min and max poll."; 1148 } 1149 } 1151 container broadcast-client { 1152 presence 1153 "NTP broadcast-client is configured"; 1154 description 1155 "Configuration of broadcast-client."; 1156 } 1158 list multicast-server { 1159 key "address"; 1160 description 1161 "Configuration of multicast server."; 1162 leaf address { 1163 type rt-types:ip-multicast-group-address; 1164 description 1165 "The IP address to send NTP multicast packets."; 1166 } 1167 leaf ttl { 1168 type uint8; 1169 description 1170 "Specifies the time to live (TTL) of a 1171 multicast packet."; 1172 } 1173 container authentication{ 1174 description 1175 "Authentication type."; 1176 uses authentication-type-param; 1177 } 1178 uses comman-attributes { 1179 description 1180 "Common attribute like port, version, min and max poll."; 1181 } 1182 } 1183 list multicast-client { 1184 key "address"; 1185 description 1186 "Configuration of multicast-client."; 1187 leaf address { 1188 type rt-types:ip-multicast-group-address; 1189 description 1190 "The IP address of the multicast group to join."; 1191 } 1192 } 1193 list manycast-server { 1194 key "address"; 1195 description 1196 "Configuration of manycast server."; 1197 leaf address { 1198 type rt-types:ip-multicast-group-address; 1199 description 1200 "The multicast group IP address to receive 1201 manycast client messages ."; 1202 } 1203 } 1204 list manycast-client { 1205 key "address"; 1206 description 1207 "Configuration of manycast-client."; 1208 leaf address { 1209 type rt-types:ip-multicast-group-address; 1210 description 1211 "The group IP address that the manycast client 1212 broadcasts the request message to."; 1213 } 1214 container authentication{ 1215 description 1216 "Authentication type."; 1217 uses authentication-type-param; 1218 } 1219 leaf ttl { 1220 type uint8; 1221 description 1222 "Specifies the maximum time to live (TTL) for 1223 the expanding ring search."; 1224 } 1225 leaf minclock { 1226 type uint8; 1227 description 1228 "The minimum manycast survivors in this 1229 association."; 1230 } 1231 leaf maxclock { 1232 type uint8; 1233 description 1234 "The maximum manycast candidates in this 1235 association."; 1236 } 1237 leaf beacon { 1238 type uint8; 1239 description 1240 "The maximum interval between beacons in this 1241 association."; 1242 } 1243 uses comman-attributes { 1244 description 1245 "Common attribute like port, version, min and max poll."; 1246 } 1247 } 1248 } 1249 } 1250 /* Operational state data */ 1252 container ntp-statistics { 1253 config "false"; 1254 description 1255 "Total NTP packet statistic."; 1256 uses statistics { 1257 description 1258 "NTP send and receive packet statistic."; 1259 } 1260 } 1261 } 1262 } 1263 1265 6. Usage Example 1267 6.1. Unicast association 1269 Below is the example on how to configure a preferred unicast server 1270 present at 1.1.1.1 running at port 1025 with authentication-key 10 1271 and version 4 1272 1273 1274 1275 1276 1277 1278 1279
1.1.1.1
1280 server 1281 true 1282 4 1283 1025 1284 1285 1286 10 1287 1288 1289 1290 1291 1292 1294 Below is the example on how to get unicast configuration 1296 1297 1298 1299 1300 1301 1302 1303 1305 1306 1307 1308
1.1.1.1
1309 server 1310 1311 1312 10 1313 1314 1315 true 1316 false 1317 true 1318 1319 6 1320 10 1321 1025 1322 4 1323 9 1324 20.1.1.1 1325 255 1326 0 1327 128 1328 10 1329 0.025 1330 0.5 1331 0.6 1332 10-10-2017 07:33:55.253 Z+05:30 1333 10-10-2017 07:33:55.258 Z+05:30 1334 10-10-2017 07:33:55.300 Z+05:30 1335 10-10-2017 07:33:55.305 Z+05:30 1336 1337 20 1338 0 1339 20 1340 0 1341 1342 1343 1344 1346 6.2. Refclock master 1348 Below is the example on how to configure reference clock with stratum 1349 8 1351 1352 1353 1354 1355 1356 1357 1358 8 1359 1360 1361 1362 1364 Below is the example on how to get reference clock configuration 1365 1366 1367 1368 1369 1370 1371 1372 1374 1375 1376 1377 8 1378 1379 1380 1382 6.3. Authentication configuration 1384 Below is the example on how to enable authentication and configure 1385 authentication key 10 with mode as md5 and password as abcd 1387 1388 1389 1390 1391 1392 1393 1394 true 1395 1396 10 1397 md5 1398 abcd 1399 1400 1401 1402 1403 1405 Below is the example on how to get authentication related 1406 configuration 1407 1408 1409 1410 1411 1412 1413 1414 1416 1417 1418 1419 false 1420 1421 1422 10 1423 md5 1424 abcd 1425 1426 1427 1428 1430 6.4. Access configuration 1432 Below is the example on how to configure acess type peer associated 1433 with acl 2000 1435 1436 1437 1438 1439 1440 1441 1442 1443 peer 1444 2000 1445 1446 1447 1448 1449 1451 Below is the example on how to get access related configuration 1452 1453 1454 1455 1456 1457 1458 1459 1461 1462 1463 1464 1465 peer 1466 2000 1467 1468 1469 1470 1472 6.5. Multicast configuration 1474 Below is the example on how to configure multicast-server with 1475 address as 224.1.1.1, port as 1025 and authentication keyid as 10 1477 1478 1479 1480 1481 1482 1483 1484 1485 Ethernet3/0/0 1486 1487
224.1.1.1
1488 1489 1490 10 1491 1492 1493 1025 1494 1495 1496 1497 1498 1499 1501 Below is the example on how to get multicast-server related 1502 configuration 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1517 1518 1519 1520 1521 Ethernet3/0/0 1522 1523
224.1.1.1
1524 224.1.1.1 1525 1526 1527 10 1528 1529 1530 6 1531 10 1532 1025 1533 3 1534 1535 1536 1537 1538 1540 Below is the example on how to configure multicast-client with 1541 address as 224.1.1.1 1542 1543 1544 1545 1546 1547 1548 1549 1550 Ethernet3/0/0 1551 1552
224.1.1.1
1553 1554 1555 1556 1557 1558 1560 Below is the example on how to get multicast-client related 1561 configuration 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1576 1577 1578 1579 1580 Ethernet3/0/0 1581 1582
224.1.1.1
1583 1584 1585 1586 1587 1589 6.6. Manycast configuration 1591 Below is the example on how to configure manycast-client with address 1592 as 224.1.1.1, port as 1025 and authentication keyid as 10 1594 1595 1596 1597 1598 1599 1600 1601 1602 Ethernet3/0/0 1603 1604
224.1.1.1
1605 1606 1607 10 1608 1609 1610 1025 1611 1612 1613 1614 1615 1616 1618 Below is the example on how to get manycast-client related 1619 configuration 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1633 1634 1635 1636 1637 Ethernet3/0/0 1638 1639
224.1.1.1
1640 1641 1642 10 1643 1644 1645 255 1646 3 1647 10 1648 6 1649 6 1650 10 1651 1025 1652 1653 1654 1655 1656 1658 Below is the example on how to configure manycast-server with address 1659 as 224.1.1.1 1660 1661 1662 1663 1664 1665 1666 1667 1668 Ethernet3/0/0 1669 1670
224.1.1.1
1671 1672 1673 1674 1675 1676 1678 Below is the example on how to get manycast-server related 1679 configuration 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1694 1695 1696 1697 1698 Ethernet3/0/0 1699 1700
224.1.1.1
1701 1702 1703 1704 1705 1707 6.7. Clock state 1709 Below is the example on how to get clock current state 1711 1712 1713 1714 1715 1716 1717 1718 1720 1721 1722 1723 1724 synchronized 1725 7 1726 1.1.1.1 1727 1.1.1.1 1728 client 1729 yes 1730 100.0 1731 100.0 1732 18 1733 0.025 1734 0.5 1735 0.8 1736 10-10-2017 07:33:55.258 Z+05:30 1737 clock-synchronized 1738 1739 1740 1741 1743 6.8. Get all association 1745 Below is the example on how to get all association present 1746 1747 1748 1749 1750 1751 1752 1753 1755 1756 1757 1758
1.1.1.1
1759 9 1760 20.1.1.1 1761 client 1762 true 1763 10 1764 true 1765 Ethernet3/0/0 1766 6 1767 10 1768 1025 1769 4 1770 255 1771 0 1772 128 1773 10 1774 0.025 1775 0.5 1776 0.6 1777 10-10-2017 07:33:55.253 Z+05:30 1778 10-10-2017 07:33:55.258 Z+05:30 1779 10-10-2017 07:33:55.300 Z+05:30 1780 10-10-2017 07:33:55.305 Z+05:30 1781 1782 20 1783 0 1784 20 1785 0 1786 1787 1788 1789 1791 6.9. Global statistic 1793 Below is the example on how to get clock current state 1795 1796 1797 1798 1799 1800 1801 1802 1804 1805 1806 1807 30 1808 5 1809 20 1810 2 1811 1812 1813 1815 7. IANA Considerations 1817 This document registers a URI in the "IETF XML Registry" [RFC3688]. 1818 Following the format in RFC 3688, the following registration has been 1819 made. 1821 URI: urn:ietf:params:xml:ns:yang:ietf-ntp 1823 Registrant Contact: The NETMOD WG of the IETF. 1825 XML: N/A; the requested URI is an XML namespace. 1827 This document registers a YANG module in the "YANG Module Names" 1828 registry [RFC6020]. 1830 Name: ietf-ntp 1832 Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp 1834 Prefix: ntp 1836 Reference: RFC XXXX 1838 8. Security Considerations 1840 The YANG module defined in this memo is designed to be accessed via 1841 the NETCONF protocol [RFC6241]. The lowest NETCONF layer is the 1842 secure transport layer and the mandatory-to-implement secure 1843 transport is SSH [RFC6242]. The NETCONF access control model 1844 [RFC6536] provides the means to restrict access for particular 1845 NETCONF users to a pre-configured subset of all available NETCONF 1846 protocol operations and content. 1848 There are a number of data nodes defined in the YANG module which are 1849 writable/creatable/deletable (i.e., config true, which is the 1850 default). These data nodes may be considered sensitive or vulnerable 1851 in some network environments. Write operations (e.g., ) 1852 to these data nodes without proper protection can have a negative 1853 effect on network operations. 1855 9. Acknowledgments 1857 The authors would like to express their thanks to Sladjana Zoric, 1858 Danny Mayer, Harlan Stenn, Ulrich Windl and Miroslav Lichvar for 1859 their review and suggestions. 1861 10. References 1863 10.1. Normative References 1865 [I-D.ietf-netmod-yang-tree-diagrams] 1866 Bjorklund, M. and L. Berger, "YANG Tree Diagrams", draft- 1867 ietf-netmod-yang-tree-diagrams-02 (work in progress), 1868 October 2017. 1870 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 1871 DOI 10.17487/RFC3688, January 2004, 1872 . 1874 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 1875 "Network Time Protocol Version 4: Protocol and Algorithms 1876 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 1877 . 1879 [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., 1880 "Definitions of Managed Objects for Network Time Protocol 1881 Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June 1882 2010, . 1884 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 1885 the Network Configuration Protocol (NETCONF)", RFC 6020, 1886 DOI 10.17487/RFC6020, October 2010, 1887 . 1889 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 1890 and A. Bierman, Ed., "Network Configuration Protocol 1891 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 1892 . 1894 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 1895 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 1896 . 1898 [RFC6536] Bierman, A. and M. Bjorklund, "Network Configuration 1899 Protocol (NETCONF) Access Control Model", RFC 6536, 1900 DOI 10.17487/RFC6536, March 2012, 1901 . 1903 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1904 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1905 May 2017, . 1907 10.2. Informative References 1909 [I-D.ietf-netmod-revised-datastores] 1910 Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 1911 and R. Wilton, "Network Management Datastore 1912 Architecture", draft-ietf-netmod-revised-datastores-05 1913 (work in progress), October 2017. 1915 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1916 Requirement Levels", BCP 14, RFC 2119, 1917 DOI 10.17487/RFC2119, March 1997, 1918 . 1920 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for 1921 System Management", RFC 7317, DOI 10.17487/RFC7317, August 1922 2014, . 1924 Authors' Addresses 1925 Nan Wu 1926 Huawei 1927 Huawei Bld., No.156 Beiqing Rd. 1928 Beijing 100095 1929 China 1931 Email: eric.wu@huawei.com 1933 Anil Kumar S N 1934 RtBrick Inc. 1935 Bangalore, Kanataka 560037 1936 India 1938 Email: anil.ietf@gmail.com 1940 Yi Zhao 1941 Ericsson 1942 China Digital Kingdom Bld., No.1 WangJing North Rd. 1943 Beijing 100102 1944 China 1946 Email: yi.z.zhao@ericsson.com 1948 Dhruv Dhody 1949 Huawei 1950 Divyashree Techno Park, Whitefield 1951 Bangalore, Kanataka 560066 1952 India 1954 Email: dhruv.ietf@gmail.com 1956 Ankit kumar Sinha 1957 Huawei 1958 Divyashree Techno Park, Whitefield 1959 Bangalore, Kanataka 560066 1960 India 1962 Email: ankit.ietf@gmail.com