idnits 2.17.1 draft-ietf-ntp-yang-data-model-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 165 has weird spacing: '...ss-mode acc...' == Line 258 has weird spacing: '...address rt-...' == Line 260 has weird spacing: '...address rt-...' == The document doesn't use any RFC 2119 keywords, yet seems to have RFC 2119 boilerplate text. -- The document date (June 22, 2018) is 2128 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-19 ** Obsolete normative reference: RFC 5246 (Obsoleted by RFC 8446) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NTP Working Group N. Wu 3 Internet-Draft Huawei 4 Intended status: Standards Track A. Kumar S N 5 Expires: December 24, 2018 RtBrick Inc. 6 Y. Zhao 7 Ericsson 8 D. Dhody 9 Huawei 10 A. Sinha 11 RtBrick Inc. 12 June 22, 2018 14 A YANG Data Model for NTP 15 draft-ietf-ntp-yang-data-model-03 17 Abstract 19 This document defines a YANG data model for Network Time Protocol 20 (NTP) implementations. The data model includes configuration data 21 and state data. 23 Requirements Language 25 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 26 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 27 "OPTIONAL" in this document are to be interpreted as described in BCP 28 14 [RFC2119] [RFC8174] when, and only when, they appear in all 29 capitals, as shown here. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at https://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on December 24, 2018. 48 Copyright Notice 50 Copyright (c) 2018 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (https://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 66 1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 67 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 68 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 69 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 70 2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 4 71 3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 7 72 4. Relationship with RFC 7317 . . . . . . . . . . . . . . . . . 9 73 5. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 9 74 6. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 29 75 6.1. Unicast association . . . . . . . . . . . . . . . . . . . 29 76 6.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 31 77 6.3. Authentication configuration . . . . . . . . . . . . . . 32 78 6.4. Access configuration . . . . . . . . . . . . . . . . . . 34 79 6.5. Multicast configuration . . . . . . . . . . . . . . . . . 34 80 6.6. Manycast configuration . . . . . . . . . . . . . . . . . 38 81 6.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 41 82 6.8. Get all association . . . . . . . . . . . . . . . . . . . 41 83 6.9. Global statistic . . . . . . . . . . . . . . . . . . . . 43 84 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 85 8. Security Considerations . . . . . . . . . . . . . . . . . . . 44 86 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 45 87 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 45 88 10.1. Normative References . . . . . . . . . . . . . . . . . . 45 89 10.2. Informative References . . . . . . . . . . . . . . . . . 47 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 47 92 1. Introduction 94 This document defines a YANG [RFC6020] data model for Network Time 95 Protocol [RFC5905] implementations. 97 The data model convers configuration of system parameters of NTP, 98 such as access rules, authentication and VPN Routing and Forwarding 99 (VRF) binding, and also associations of NTP in different modes and 100 parameters of per-interface. It also provides information about 101 running state of NTP implementations. 103 1.1. Operational State 105 NTP Operational State is included in the same tree as NTP 106 configuration, consistent with Network Management Datastore 107 Architecture [RFC8342]. NTP current state and statistics are also 108 maintained in the operational state. Additionally, the operational 109 state also include the associations state. 111 1.2. Terminology 113 The terminology used in this document is aligned to [RFC5905]. 115 1.3. Tree Diagrams 117 A simplified graphical representation of the data model is used in 118 this document. This document uses the graphical representation of 119 data models defined in [RFC8340]. 121 1.4. Prefixes in Data Node Names 123 In this document, names of data nodes and other data model objects 124 are often used without a prefix, as long as it is clear from the 125 context in which YANG module each name is defined. Otherwise, names 126 are prefixed using the standard prefix associated with the 127 corresponding YANG module, as shown in Table 1. 129 +----------+--------------------------+-----------------------------+ 130 | Prefix | YANG module | Reference | 131 +----------+--------------------------+-----------------------------+ 132 | yang | ietf-yang-types | [RFC6991] | 133 | inet | ietf-inet-types | [RFC6991] | 134 | if | ietf-interfaces | [RFC8343] | 135 | ianach | iana-crypt-hash | [RFC7317] | 136 | key- | ietf-key-chain | [RFC8177] | 137 | chain | | | 138 | acl | ietf-access-control-list | [I-D.ietf-netmod-acl-model] | 139 | rt-types | ietf-routing-types | [RFC8294] | 140 +----------+--------------------------+-----------------------------+ 142 Table 1: Prefixes and corresponding YANG modules 144 2. NTP data model 146 This document defines the YANG module "ietf-ntp", which has the 147 following structure: 149 module: ietf-ntp 150 +--rw ntp! 151 +--rw port? uint16 {ntp-port}? 152 +--rw refclock-master! 153 | +--rw master-stratum? ntp-stratum 154 +--rw authentication 155 | +--rw auth-enabled? boolean 156 | +--rw trusted-keys* [key-id] 157 | | +--rw key-id 158 | | -> /ntp/authentication/authentication-keys/key-id 159 | +--rw authentication-keys* [key-id] 160 | +--rw key-id uint32 161 | +--rw algorithm? identityref 162 | +--rw password? ianach:crypt-hash 163 +--rw access-rules 164 | +--rw access-rule* [access-mode] 165 | +--rw access-mode access-modes 166 | +--rw acl? -> /acl:acls/acl/name 167 +--ro clock-state 168 | +--ro system-status 169 | +--ro clock-state ntp-clock-status 170 | +--ro clock-stratum ntp-stratum 171 | +--ro clock-refid union 172 | +--ro associations-address? 173 | | -> /ntp/associations/address 174 | +--ro associations-local-mode? 175 | | -> /ntp/associations/local-mode 176 | +--ro associations-isConfigured? 177 | | -> /ntp/associations/isConfigured 178 | +--ro nominal-freq decimal64 179 | +--ro actual-freq decimal64 180 | +--ro clock-precision uint8 181 | +--ro clock-offset? decimal64 182 | +--ro root-delay? decimal64 183 | +--ro root-dispersion? decimal64 184 | +--ro reference-time? yang:date-and-time 185 | +--ro sync-state ntp-sync-state 186 +--rw unicast-configuration* [address type] 187 | +--rw address inet:host 188 | +--rw type unicast-configuration-type 189 | +--rw authentication 190 | | +--rw (authentication-type)? 191 | | +--:(symmetric-key) 192 | | +--rw key-id? leafref 193 | +--rw prefer? boolean 194 | +--rw burst? boolean 195 | +--rw iburst? boolean 196 | +--rw source? if:interface-ref 197 | +--rw minpoll? ntp-minpoll 198 | +--rw maxpoll? ntp-maxpoll 199 | +--rw port? uint16 {ntp-port}? 200 | +--rw version? ntp-version 201 +--ro associations* [address local-mode isConfigured] 202 | +--ro address inet:host 203 | +--ro local-mode association-modes 204 | +--ro isConfigured boolean 205 | +--ro stratum? ntp-stratum 206 | +--ro refid? union 207 | +--ro authentication? 208 | | -> /ntp/authentication/authentication-keys/key-id 209 | +--ro prefer? boolean 210 | +--ro peer-interface? if:interface-ref 211 | +--ro minpoll? ntp-minpoll 212 | +--ro maxpoll? ntp-maxpoll 213 | +--ro port? uint16 {ntp-port}? 214 | +--ro version? ntp-version 215 | +--ro reach? uint8 216 | +--ro unreach? uint8 217 | +--ro poll? uint8 218 | +--ro now? uint32 219 | +--ro offset? decimal64 220 | +--ro delay? decimal64 221 | +--ro dispersion? decimal64 222 | +--ro originate-time? yang:date-and-time 223 | +--ro receive-time? yang:date-and-time 224 | +--ro transmit-time? yang:date-and-time 225 | +--ro input-time? yang:date-and-time 226 | +--ro ntp-statistics 227 | +--ro packet-sent? yang:counter32 228 | +--ro packet-sent-fail? yang:counter32 229 | +--ro packet-received? yang:counter32 230 | +--ro packet-dropped? yang:counter32 231 +--rw interfaces 232 | +--rw interface* [name] 233 | +--rw name if:interface-ref 234 | +--rw broadcast-server! 235 | | +--rw ttl? uint8 236 | | +--rw authentication 237 | | | +--rw (authentication-type)? 238 | | | +--:(symmetric-key) 239 | | | +--rw key-id? leafref 240 | | +--rw minpoll? ntp-minpoll 241 | | +--rw maxpoll? ntp-maxpoll 242 | | +--rw port? uint16 {ntp-port}? 243 | | +--rw version? ntp-version 244 | +--rw broadcast-client! 245 | +--rw multicast-server* [address] 246 | | +--rw address 247 | | | rt-types:ip-multicast-group-address 248 | | +--rw ttl? uint8 249 | | +--rw authentication 250 | | | +--rw (authentication-type)? 251 | | | +--:(symmetric-key) 252 | | | +--rw key-id? leafref 253 | | +--rw minpoll? ntp-minpoll 254 | | +--rw maxpoll? ntp-maxpoll 255 | | +--rw port? uint16 {ntp-port}? 256 | | +--rw version? ntp-version 257 | +--rw multicast-client* [address] 258 | | +--rw address rt-types:ip-multicast-group-address 259 | +--rw manycast-server* [address] 260 | | +--rw address rt-types:ip-multicast-group-address 261 | +--rw manycast-client* [address] 262 | +--rw address 263 | | rt-types:ip-multicast-group-address 264 | +--rw authentication 265 | | +--rw (authentication-type)? 266 | | +--:(symmetric-key) 267 | | +--rw key-id? leafref 268 | +--rw ttl? uint8 269 | +--rw minclock? uint8 270 | +--rw maxclock? uint8 271 | +--rw beacon? uint8 272 | +--rw minpoll? ntp-minpoll 273 | +--rw maxpoll? ntp-maxpoll 274 | +--rw port? uint16 {ntp-port}? 275 | +--rw version? ntp-version 276 +--ro ntp-statistics 277 +--ro packet-sent? yang:counter32 278 +--ro packet-sent-fail? yang:counter32 279 +--ro packet-received? yang:counter32 280 +--ro packet-dropped? yang:counter32 282 grouping authentication-type-param 283 +-- (authentication-type)? 284 +--:(symmetric-key) 285 +-- key-id? 286 -> /ntp/authentication/authentication-keys/key-id 287 grouping comman-attributes 288 +-- minpoll? ntp-minpoll 289 +-- maxpoll? ntp-maxpoll 290 +-- port? uint16 {ntp-port}? 291 +-- version? ntp-version 292 grouping association-ref 293 +-- associations-address? -> /ntp/associations/address 294 +-- associations-local-mode? -> /ntp/associations/local-mode 295 +-- associations-isConfigured? 296 -> /ntp/associations/isConfigured 297 grouping statistics 298 +-- packet-sent? yang:counter32 299 +-- packet-sent-fail? yang:counter32 300 +-- packet-received? yang:counter32 301 +-- packet-dropped? yang:counter32 302 grouping authentication-key 303 +-- key-id? uint32 304 +-- algorithm? identityref 305 +-- password? ianach:crypt-hash 307 This data model defines one top-level container which includes both 308 the NTP configuration and the NTP running state including access 309 rules, authentication, associations, unicast configurations, 310 interfaces, system status and associations. 312 3. Relationship with NTPv4-MIB 314 If the device implements the NTPv4-MIB [RFC5907], data nodes from 315 YANG module can be mapped to table entries in NTPv4-MIB. 317 The following tables list the YANG data nodes with corresponding 318 objects in the NTPv4-MIB. 320 +--------------------------+--------------------------+ 321 | YANG data nodes in /ntp/ | NTPv4-MIB objects | 322 +--------------------------+--------------------------+ 323 | ntp-enabled | ntpEntStatusCurrentMode | 324 +--------------------------+--------------------------+ 326 +--------------------------------------+---------------------+ 327 | YANG data nodes in /ntp/associations | NTPv4-MIB objects | 328 +--------------------------------------+---------------------+ 329 | address | ntpAssocAddressType | 330 | | ntpAssocAddress | 331 +--------------------------------------+---------------------+ 333 YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects 335 +---------------------------------+---------------------------------+ 336 | YANG data nodes in /ntp/clock- | NTPv4-MIB objects | 337 | state/system-status | | 338 +---------------------------------+---------------------------------+ 339 | clock-state | ntpEntStatusCurrentMode | 340 | clock-stratum | ntpEntStatusStratum | 341 | clock-refid | ntpEntStatusActiveRefSourceId | 342 | | ntpEntStatusActiveRefSourceName | 343 | clock-precision | ntpEntTimePrecision | 344 | clock-offset | ntpEntStatusActiveOffset | 345 | root-dispersion | ntpEntStatusDispersion | 346 +---------------------------------+---------------------------------+ 348 +---------------------------------------+---------------------------+ 349 | YANG data nodes in /ntp/associations/ | NTPv4-MIB objects | 350 +---------------------------------------+---------------------------+ 351 | address | ntpAssocAddressType | 352 | | ntpAssocAddress | 353 | stratum | ntpAssocStratum | 354 | refid | ntpAssocRefId | 355 | offset | ntpAssocOffset | 356 | delay | ntpAssocStatusDelay | 357 | dispersion | ntpAssocStatusDispersion | 358 | ntp-statistics/packet-sent | ntpAssocStatOutPkts | 359 | ntp-statistics/packet-received | ntpAssocStatInPkts | 360 | ntp-statistics/packet-dropped | ntpAssocStatProtocolError | 361 +---------------------------------------+---------------------------+ 363 YANG NTP State Data Nodes and Related NTPv4-MIB Objects 365 4. Relationship with RFC 7317 367 This section describes the relationship with NTP definition in 368 Section 3.2 System Time Management of [RFC7317] . YANG data nodes in 369 /ntp/ also supports per-interface configurations which is not 370 supported in /system/ntp 372 +-------------------------------+--------------------------------+ 373 | YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | 374 +-------------------------------+--------------------------------+ 375 | ntp-enabled | enabled | 376 | unicast-configuration | server | 377 | | server/name | 378 | unicast-configuration/address | server/transport/udp/address | 379 | unicast-configuration/port | server/transport/udp/port | 380 | unicast-configuration/type | server/association-type | 381 | unicast-configuration/iburst | server/iburst | 382 | unicast-configuration/prefer | server/prefer | 383 +-------------------------------+--------------------------------+ 385 YANG NTP Configuration Data Nodes and counterparts in RFC 7317 386 Objects 388 5. NTP YANG Module 390 file "ietf-ntp@2018-06-22.yang" 391 module ietf-ntp { 393 yang-version 1.1; 395 namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; 397 prefix "ntp"; 399 import ietf-yang-types { 400 prefix "yang"; 401 reference "RFC 6991"; 402 } 404 import ietf-inet-types { 405 prefix "inet"; 406 reference "RFC 6991"; 407 } 409 import ietf-interfaces { 410 prefix "if"; 411 reference "RFC 8343"; 412 } 413 import iana-crypt-hash { 414 prefix "ianach"; 415 reference "RFC 7317"; 416 } 418 import ietf-key-chain { 419 prefix "key-chain"; 420 reference "RFC 8177"; 421 } 423 import ietf-access-control-list { 424 prefix "acl"; 425 reference "RFC XXXX"; 426 } 427 import ietf-routing-types { 428 prefix "rt-types"; 429 reference "RFC 8294"; 431 } 433 organization 434 "IETF NTP (Network Time Protocol) Working Group"; 436 contact 437 "WG Web: 438 WG List: 441 Editor: Anil Kumar S N 442 443 Editor: Yi Zhao 444 445 Editor: Dhruv Dhody 446 447 Editor: Ankit Kumar Sinha 448 "; 449 description 450 "This YANG module defines essential components for the 451 management of a routing subsystem. 453 Copyright (c) 2018 IETF Trust and the persons identified 454 as authors of the code. All rights reserved. 456 Redistribution and use in source and binary forms, 457 with or without modification, is permitted pursuant to, 458 and subject to the license terms contained in, the 459 Simplified BSD License set forth in Section 4.c of the 460 IETF Trust's Legal Provisions Relating to IETF Documents 461 (http://trustee.ietf.org/license-info). 463 This version of this YANG module is part of RFC XXXX; 464 see the RFC itself for full legal notices."; 466 revision 2018-06-22 { 467 description 468 "Updated revision."; 469 reference 470 "RFC XXXX: A YANG Data Model for NTP Management"; 471 } 473 /* Typedef Definitions */ 475 typedef ntp-stratum { 476 type uint8 { 477 range "1..16"; 478 } 479 description 480 "The level of each server in the hierarchy is defined by 481 a stratum number. Primary servers are assigned stratum 482 one; secondary servers at each lower level are assigned 483 stratum numbers one greater than the preceding level"; 484 } 486 typedef ntp-version { 487 type uint8 { 488 range "1..4"; 489 } 490 default "3"; 491 description 492 "The current NTP version supported by corresponding 493 association."; 494 } 496 typedef ntp-minpoll { 497 type uint8 { 498 range "4..17"; 499 } 500 default "6"; 501 description 502 "The minimum poll exponent for this NTP association."; 503 } 505 typedef ntp-maxpoll { 506 type uint8 { 507 range "4..17"; 508 } 509 default "10"; 510 description 511 "The maximul poll exponent for this NTP association."; 512 } 514 typedef access-modes { 515 type enumeration { 516 enum peer { 517 value "0"; 518 description 519 "Sets the fully access authority. Both time 520 request and control query can be performed 521 on the local NTP service, and the local clock 522 can be synchronized to the remote server."; 523 } 524 enum server { 525 value "1"; 526 description 527 "Enables the server access and query. 528 Both time requests and control query can be 529 performed on the local NTP service, but the 530 local clock cannot be synchronized to the 531 remote server."; 532 } 533 enum synchronization { 534 value "2"; 535 description 536 "Enables the server to access. 537 Only time request can be performed on the 538 local NTP service."; 539 } 540 enum query { 541 value "3"; 542 description 543 "Sets the maximum access limitation. 544 Control query can be performed only on the 545 local NTP service."; 546 } 547 } 548 description 549 "This defines NTP acess modes."; 550 } 552 typedef unicast-configuration-type { 553 type enumeration { 554 enum server { 555 value "0"; 556 description 557 "Use client association mode. This device 558 will not provide synchronization to the 559 configured NTP server."; 560 } 561 enum peer { 562 value "1"; 563 description 564 "Use symmetric active association mode. 565 This device may provide synchronization 566 to the configured NTP server."; 567 } 568 } 569 description 570 "This defines NTP unicast mode of operation."; 571 } 572 typedef association-modes { 573 type enumeration { 574 enum client { 575 value "0"; 576 description 577 "Use client association mode(mode 3). 578 This device will not provide synchronization 579 to the configured NTP server."; 580 } 581 enum active { 582 value "1"; 583 description 584 "Use symmetric active association mode(mode 1). 585 This device may synchronize with its NTP peer, 586 or provide synchronization to configured NTP peer."; 587 } 588 enum passive { 589 value "2"; 590 description 591 "Use symmetric passive association mode(mode 2). 592 This device has learnt this asso dynamically. 593 This device may synchronize with its NTP peer."; 594 } 595 enum broadcast { 596 value "3"; 597 description 598 "Use broadcast mode(mode 5). 599 This mode defines that its eigther working 600 as broadcast-server or multicast-server."; 601 } 602 enum broadcast-client { 603 value "4"; 604 description 605 "This mode defines that its eigther working 606 as broadcast-client or multicast-client."; 607 } 608 } 609 description 610 "This defines NTP association modes."; 611 } 613 typedef ntp-clock-status { 614 type enumeration { 615 enum synchronized { 616 value "0"; 617 description 618 "Indicates that the local clock has been 619 synchronized with an NTP server or 620 the reference clock."; 621 } 622 enum unsynchronized { 623 value "1"; 624 description 625 "Indicates that the local clock has not been 626 synchronized with any NTP server."; 627 } 628 } 629 description 630 "This defines NTP clock status."; 631 } 633 typedef ntp-sync-state { 634 type enumeration { 635 enum clock-not-set { 636 value "0"; 637 description 638 "Indicates the clock is not updated."; 639 } 640 enum freq-set-by-cfg { 641 value "1"; 642 description 643 "Indicates the clock frequency is set by 644 NTP configuration."; 645 } 646 enum clock-set { 647 value "2"; 648 description 649 "Indicates the clock is set."; 650 } 651 enum freq-not-determined { 652 value "3"; 653 description 654 "Indicates the clock is set but the frequency 655 is not determined."; 656 } 657 enum clock-synchronized { 658 value "4"; 659 description 660 "Indicates that the clock is synchronized"; 661 } 662 enum spike { 663 value "5"; 664 description 665 "Indicates a time difference of more than 128 666 milliseconds is detected between NTP server 667 and client clock. The clock change will take 668 effect in XXX seconds."; 669 } 670 } 671 description 672 "This defines NTP clock sync states."; 673 } 675 /* feature */ 676 feature ntp-port { 677 description 678 "Indicates that the device supports the configuration of 679 the port for NTP. 681 This is a 'feature', since many implementations do not 682 support any port other than the default port."; 683 } 685 /* Groupings */ 686 grouping authentication-key { 687 description 688 "To define an authentication key for a Network Time 689 Protocol (NTP) time source."; 690 leaf key-id { 691 type uint32 { 692 range "1..max"; 693 } 694 description 695 "Authentication key identifier."; 696 } 697 leaf algorithm { 698 type identityref { 699 base key-chain:crypto-algorithm; 700 } 701 description 702 "Authentication algorithm."; 703 } 704 leaf password { 705 type ianach:crypt-hash; 706 description "Clear or encrypted mode for password text."; 707 } 708 } 710 grouping authentication-type-param { 711 description 712 "Authentication type."; 713 choice authentication-type { 714 description 715 "Type of authentication."; 716 case symmetric-key { 717 leaf key-id { 718 type leafref { 719 path "/ntp:ntp/ntp:authentication/" 720 + "ntp:authentication-keys/ntp:key-id"; 721 } 722 description 723 "Authentication key id referenced in this 724 association."; 725 } 726 } 727 } 728 } 730 grouping statistics { 731 description 732 "NTP packet statistic."; 733 leaf packet-sent { 734 type yang:counter32; 735 description 736 "Indicates the total number of packets sent."; 737 } 738 leaf packet-sent-fail { 739 type yang:counter32; 740 description 741 "Indicates the number of times packet 742 sending failed."; 743 } 744 leaf packet-received { 745 type yang:counter32; 746 description 747 "Indicates the total number of packets received."; 748 } 749 leaf packet-dropped { 750 type yang:counter32; 751 description 752 "Indicates the number of packets dropped."; 753 } 754 } 756 grouping comman-attributes { 757 description 758 "NTP common attributes for configuration."; 759 leaf minpoll { 760 type ntp-minpoll; 761 description 762 "The minimum poll interval used in this association."; 763 } 764 leaf maxpoll { 765 type ntp-maxpoll; 766 description 767 "The maximul poll interval used in this association."; 768 } 769 leaf port { 770 if-feature ntp-port; 771 type uint16 { 772 range "123 | 1025..max"; 773 } 774 default "123"; 775 description 776 "Specify the port used to send NTP packets."; 777 } 778 leaf version { 779 type ntp-version; 780 description 781 "NTP version."; 782 } 783 } 785 grouping association-ref { 786 description 787 "Reference to NTP association mode"; 788 leaf associations-address { 789 type leafref { 790 path "/ntp:ntp/ntp:associations/ntp:address"; 791 } 792 description 793 "Indicates the association address 794 which result in clock synchronization."; 795 } 796 leaf associations-local-mode { 797 type leafref { 798 path "/ntp:ntp/ntp:associations/ntp:local-mode"; 799 } 800 description 801 "Indicates the association local-mode 802 which result in clock synchronization."; 803 } 804 leaf associations-isConfigured { 805 type leafref { 806 path "/ntp:ntp/ntp:associations/" 807 + "ntp:isConfigured"; 808 } 809 description 810 "Indicates the association was configured or 811 dynamic which result in clock synchronization."; 812 } 813 } 815 /* Configuration data nodes */ 816 container ntp { 817 presence 818 "NTP is enable"; 819 description 820 "Configuration parameters for NTP."; 821 leaf port { 822 if-feature ntp-port; 823 type uint16 { 824 range "123 | 1025..max"; 825 } 826 default "123"; 827 description 828 "Specify the port used to send NTP packets."; 829 } 830 container refclock-master { 831 presence 832 "NTP master clock is enable"; 833 description 834 "Configures the device as NTP server."; 835 leaf master-stratum { 836 type ntp-stratum; 837 default "16"; 838 description 839 "Stratum level from which NTP 840 clients get their time synchronized."; 841 } 842 } 843 container authentication { 844 description 845 "Configuration of authentication."; 846 leaf auth-enabled { 847 type boolean; 848 default false; 849 description 850 "Controls whether NTP authentication is enabled 851 or disabled on this device."; 852 } 853 list trusted-keys { 854 key "key-id"; 855 description 856 "List of keys trusted by NTP."; 857 leaf key-id { 858 type leafref { 859 path "/ntp:ntp/ntp:authentication/" 860 + "ntp:authentication-keys/ntp:key-id"; 861 } 862 description 863 "The key trusted by NTP."; 864 } 865 } 866 list authentication-keys { 867 key "key-id"; 868 uses authentication-key; 869 description 870 "List of authentication key."; 871 } 872 } 874 container access-rules { 875 description 876 "Configuration of access rules."; 877 list access-rule { 878 key "access-mode"; 879 description 880 "List of access rules."; 881 leaf access-mode { 882 type access-modes; 883 description 884 "NTP access mode."; 885 } 886 leaf acl { 887 type leafref { 888 path "/acl:acls/acl:acl/acl:name"; 889 } 890 description 891 "NTP ACL."; 892 } 894 } 895 } 897 container clock-state { 898 config "false"; 899 description 900 "Operational state of the NTP."; 902 container system-status { 903 description 904 "System status of NTP."; 905 leaf clock-state { 906 type ntp-clock-status; 907 mandatory true; 908 description "Indicates the state of system clock."; 909 } 910 leaf clock-stratum { 911 type ntp-stratum; 912 mandatory true; 913 description 914 "Indicates the stratum of the reference clock."; 915 } 916 leaf clock-refid { 917 type union { 918 type inet:ipv4-address; 919 type binary { 920 length "4"; 921 } 922 type string { 923 length "4"; 924 } 925 } 926 mandatory true; 927 description 928 "IPv4 address or first 32 bits of the MD5 hash of 929 the IPv6 address or reference clock of the peer to 930 which clock is synchronized."; 931 } 933 uses association-ref { 934 description 935 "Reference to Association mode"; 936 } 937 leaf nominal-freq { 938 type decimal64 { 939 fraction-digits 4; 940 } 941 mandatory true; 942 description 943 "Indicates the nominal frequency of the 944 local clock, in Hz."; 945 } 946 leaf actual-freq { 947 type decimal64 { 948 fraction-digits 4; 949 } 950 mandatory true; 951 description 952 "Indicates the actual frequency of the 953 local clock, in Hz."; 954 } 955 leaf clock-precision { 956 type uint8; 957 mandatory true; 958 description 959 "Precision of the clock of this system 960 in Hz.(prec=2^(-n))"; 961 } 962 leaf clock-offset { 963 type decimal64 { 964 fraction-digits 4; 965 } 966 description 967 "Offset of clock to synchronized peer, 968 in milliseconds."; 969 } 970 leaf root-delay { 971 type decimal64 { 972 fraction-digits 2; 973 } 974 description 975 "Total delay along path to root clock, 976 in milliseconds."; 977 } 978 leaf root-dispersion { 979 type decimal64 { 980 fraction-digits 2; 981 } 982 description 983 "Indicates the dispersion between the local clock 984 and the master reference clock, in milliseconds."; 985 } 986 leaf reference-time { 987 type yang:date-and-time; 988 description 989 "Indicates reference timestamp."; 991 } 992 leaf sync-state { 993 type ntp-sync-state; 994 mandatory true; 995 description 996 "Indicates the synchronization status of 997 the local clock."; 998 } 999 } 1000 } 1001 list unicast-configuration { 1002 key "address type"; 1003 description 1004 "list of unicast-configuration."; 1005 leaf address { 1006 type inet:host; 1007 description 1008 "The address of this association."; 1009 } 1010 leaf type { 1011 type unicast-configuration-type; 1012 description 1013 "Type for this NTP configuration"; 1014 } 1015 container authentication{ 1016 description 1017 "Authentication type."; 1018 uses authentication-type-param; 1019 } 1020 leaf prefer { 1021 type boolean; 1022 default "false"; 1023 description 1024 "Whether this association is preferred."; 1025 } 1026 leaf burst { 1027 type boolean; 1028 default "false"; 1029 description 1030 "Sends a series of packets instead of a single packet 1031 within each synchronization interval to achieve faster 1032 synchronization."; 1033 } 1034 leaf iburst { 1035 type boolean; 1036 default "false"; 1037 description 1038 "Sends a series of packets instead of a single packet 1039 within the initial synchronization interval to achieve 1040 faster initial synchronization."; 1041 } 1042 leaf source { 1043 type if:interface-ref; 1044 description 1045 "The interface whose ip address this association used 1046 as source address."; 1047 } 1048 uses comman-attributes { 1049 description 1050 "Common attribute like port, version, min and max 1051 poll."; 1052 } 1053 } 1054 list associations { 1055 key "address local-mode isConfigured"; 1056 config "false"; 1057 description 1058 "list of NTP association."; 1059 leaf address { 1060 type inet:host; 1061 description 1062 "The address of this association."; 1063 } 1064 leaf local-mode { 1065 type association-modes; 1066 description 1067 "Local mode for this NTP association."; 1068 } 1069 leaf isConfigured { 1070 type boolean; 1071 description 1072 "Whether this association is configured or 1073 dynamically learnt."; 1074 } 1075 leaf stratum { 1076 type ntp-stratum; 1077 description 1078 "Indicates the stratum of the reference clock."; 1079 } 1080 leaf refid { 1081 type union { 1082 type inet:ipv4-address; 1083 type binary { 1084 length "4"; 1085 } 1086 type string { 1087 length "4"; 1088 } 1089 } 1090 description 1091 "Reference clock type or address for the peer."; 1092 } 1093 leaf authentication{ 1094 type leafref { 1095 path "/ntp:ntp/ntp:authentication/" 1096 + "ntp:authentication-keys/ntp:key-id"; 1097 } 1098 description 1099 "Authentication Key used for this association."; 1100 } 1101 leaf prefer { 1102 type boolean; 1103 default "false"; 1104 description 1105 "Whether this association is preferred."; 1106 } 1107 leaf peer-interface { 1108 type if:interface-ref; 1109 description 1110 "The interface which is used for communication."; 1111 } 1112 uses comman-attributes { 1113 description 1114 "Common attribute like port, version, min and 1115 max poll."; 1116 } 1117 leaf reach { 1118 type uint8; 1119 description 1120 "Indicates the reachability of the configured 1121 server or peer."; 1122 } 1123 leaf unreach { 1124 type uint8; 1125 description 1126 "Indicates the unreachability of the configured 1127 server or peer."; 1128 } 1129 leaf poll { 1130 type uint8; 1131 description 1132 "Indicates the polling interval for current, 1133 in seconds."; 1134 } 1135 leaf now { 1136 type uint32; 1137 description 1138 "Indicates the time since the NTP packet was 1139 not received or last synchronized, in seconds."; 1140 } 1141 leaf offset { 1142 type decimal64 { 1143 fraction-digits 4; 1144 } 1145 description 1146 "Indicates the offset between the local clock 1147 and the superior reference clock."; 1148 } 1149 leaf delay { 1150 type decimal64 { 1151 fraction-digits 2; 1152 } 1153 description 1154 "Indicates the delay between the local clock 1155 and the superior reference clock."; 1156 } 1157 leaf dispersion { 1158 type decimal64 { 1159 fraction-digits 2; 1160 } 1161 description 1162 "Indicates the dispersion between the local 1163 clock and the superior reference clock."; 1164 } 1165 leaf originate-time { 1166 type yang:date-and-time; 1167 description 1168 "Indicates packet originate timestamp(T1)."; 1169 } 1170 leaf receive-time { 1171 type yang:date-and-time; 1172 description 1173 "Indicates packet receive timestamp(T2)."; 1174 } 1175 leaf transmit-time { 1176 type yang:date-and-time; 1177 description 1178 "Indicates packet transmit timestamp(T3)."; 1179 } 1180 leaf input-time { 1181 type yang:date-and-time; 1182 description 1183 "Indicates packet input timestamp(T4)."; 1184 } 1185 container ntp-statistics { 1186 description 1187 "Per Peer packet send and receive statistic."; 1188 uses statistics { 1189 description 1190 "NTP send and receive packet statistic."; 1191 } 1192 } 1193 } 1195 container interfaces { 1196 description 1197 "Configuration parameters for NTP interfaces."; 1198 list interface { 1199 key "name"; 1200 description 1201 "List of interfaces."; 1202 leaf name { 1203 type if:interface-ref; 1204 description 1205 "The interface name."; 1206 } 1208 container broadcast-server { 1209 presence 1210 "NTP broadcast-server is configured"; 1211 description 1212 "Configuration of broadcast server."; 1213 leaf ttl { 1214 type uint8; 1215 description 1216 "Specifies the time to live (TTL) of a 1217 broadcast packet."; 1218 } 1219 container authentication{ 1220 description 1221 "Authentication type."; 1222 uses authentication-type-param; 1223 } 1224 uses comman-attributes { 1225 description 1226 "Common attribute like port, version, min and 1227 max poll."; 1228 } 1229 } 1230 container broadcast-client { 1231 presence 1232 "NTP broadcast-client is configured"; 1233 description 1234 "Configuration of broadcast-client."; 1235 } 1237 list multicast-server { 1238 key "address"; 1239 description 1240 "Configuration of multicast server."; 1241 leaf address { 1242 type rt-types:ip-multicast-group-address; 1243 description 1244 "The IP address to send NTP multicast packets."; 1245 } 1246 leaf ttl { 1247 type uint8; 1248 description 1249 "Specifies the time to live (TTL) of a 1250 multicast packet."; 1251 } 1252 container authentication{ 1253 description 1254 "Authentication type."; 1255 uses authentication-type-param; 1256 } 1257 uses comman-attributes { 1258 description 1259 "Common attribute like port, version, min and 1260 max poll."; 1261 } 1262 } 1263 list multicast-client { 1264 key "address"; 1265 description 1266 "Configuration of multicast-client."; 1267 leaf address { 1268 type rt-types:ip-multicast-group-address; 1269 description 1270 "The IP address of the multicast group to 1271 join."; 1272 } 1273 } 1274 list manycast-server { 1275 key "address"; 1276 description 1277 "Configuration of manycast server."; 1279 leaf address { 1280 type rt-types:ip-multicast-group-address; 1281 description 1282 "The multicast group IP address to receive 1283 manycast client messages ."; 1284 } 1285 reference 1286 "RFC 5905"; 1287 } 1288 list manycast-client { 1289 key "address"; 1290 description 1291 "Configuration of manycast-client."; 1292 leaf address { 1293 type rt-types:ip-multicast-group-address; 1294 description 1295 "The group IP address that the manycast client 1296 broadcasts the request message to."; 1297 } 1298 container authentication{ 1299 description 1300 "Authentication type."; 1301 uses authentication-type-param; 1302 } 1303 leaf ttl { 1304 type uint8; 1305 description 1306 "Specifies the maximum time to live (TTL) for 1307 the expanding ring search."; 1308 } 1309 leaf minclock { 1310 type uint8; 1311 description 1312 "The minimum manycast survivors in this 1313 association."; 1314 } 1315 leaf maxclock { 1316 type uint8; 1317 description 1318 "The maximum manycast candidates in this 1319 association."; 1320 } 1321 leaf beacon { 1322 type uint8; 1323 description 1324 "The maximum interval between beacons in this 1325 association."; 1326 } 1327 uses comman-attributes { 1328 description 1329 "Common attribute like port, version, min and 1330 max poll."; 1331 } 1332 reference 1333 "RFC 5905"; 1334 } 1335 } 1336 } 1337 container ntp-statistics { 1338 config "false"; 1339 description 1340 "Total NTP packet statistic."; 1341 uses statistics { 1342 description 1343 "NTP send and receive packet statistic."; 1344 } 1345 } 1346 } 1347 } 1349 1351 6. Usage Example 1353 6.1. Unicast association 1355 Below is the example on how to configure a preferred unicast server 1356 present at 192.0.2.1 running at port 1025 with authentication-key 10 1357 and version 4 1358 1359 1360 1361 1362 1363 1364 1365
192.0.2.1
1366 server 1367 true 1368 4 1369 1025 1370 1371 1372 10 1373 1374 1375 1376 1377 1378 1380 An example with IPv6 would used the an IPv6 address (say 2001:DB8::1) 1381 in the "address" leaf with no change in any other data tree. 1383 Below is the example on how to get unicast configuration 1385 1386 1387 1388 1389 1390 1391 1392 1394 1395 1396 1397
192.0.2.1
1398 server 1399 1400 1401 10 1402 1403 1404 true 1405 false 1406 true 1407 1408 6 1409 10 1410 1025 1411 4 1412 9 1413 20.1.1.1 1414 255 1415 0 1416 128 1417 10 1418 0.025 1419 0.5 1420 0.6 1421 10-10-2017 07:33:55.253 Z+05:30 1422 1423 10-10-2017 07:33:55.258 Z+05:30 1424 1425 10-10-2017 07:33:55.300 Z+05:30 1426 1427 10-10-2017 07:33:55.305 Z+05:30 1428 1429 1430 20 1431 0 1432 20 1433 0 1434 1435 1436 1437 1439 6.2. Refclock master 1441 Below is the example on how to configure reference clock with stratum 1442 8 1443 1444 1445 1446 1447 1448 1449 1450 8 1451 1452 1453 1454 1456 Below is the example on how to get reference clock configuration 1458 1459 1460 1461 1462 1463 1464 1465 1467 1468 1469 1470 8 1471 1472 1473 1475 6.3. Authentication configuration 1477 Below is the example on how to enable authentication and configure 1478 authentication key 10 with mode as md5 and password as abcd 1479 1480 1481 1482 1483 1484 1485 1486 true 1487 1488 10 1489 md5 1490 abcd 1491 1492 1493 1494 1495 1497 Below is the example on how to get authentication related 1498 configuration 1500 1501 1502 1503 1504 1505 1506 1507 1509 1510 1511 1512 false 1513 1514 1515 10 1516 md5 1517 abcd 1518 1519 1520 1521 1523 6.4. Access configuration 1525 Below is the example on how to configure acess type peer associated 1526 with acl 2000 1528 1529 1530 1531 1532 1533 1534 1535 1536 peer 1537 2000 1538 1539 1540 1541 1542 1544 Below is the example on how to get access related configuration 1546 1547 1548 1549 1550 1551 1552 1553 1555 1556 1557 1558 1559 peer 1560 2000 1561 1562 1563 1564 1566 6.5. Multicast configuration 1568 Below is the example on how to configure multicast-server with 1569 address as "224.1.1.1", port as 1025 and authentication keyid as 10 1570 1571 1572 1573 1574 1575 1576 1577 1578 Ethernet3/0/0 1579 1580
224.1.1.1
1581 1582 1583 10 1584 1585 1586 1025 1587 1588 1589 1590 1591 1592 1594 Below is the example on how to get multicast-server related 1595 configuration 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1609 1610 1611 1612 1613 Ethernet3/0/0 1614 1615
224.1.1.1
1616 224.1.1.1 1617 1618 1619 10 1620 1621 1622 6 1623 10 1624 1025 1625 3 1626 1627 1628 1629 1630 1632 Below is the example on how to configure multicast-client with 1633 address as "224.1.1.1" 1634 1635 1636 1637 1638 1639 1640 1641 1642 Ethernet3/0/0 1643 1644
224.1.1.1
1645 1646 1647 1648 1649 1650 1652 Below is the example on how to get multicast-client related 1653 configuration 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1668 1669 1670 1671 1672 Ethernet3/0/0 1673 1674
224.1.1.1
1675 1676 1677 1678 1679 1681 6.6. Manycast configuration 1683 Below is the example on how to configure manycast-client with address 1684 as "224.1.1.1", port as 1025 and authentication keyid as 10 1686 1687 1688 1689 1690 1691 1692 1693 1694 Ethernet3/0/0 1695 1696
224.1.1.1
1697 1698 1699 10 1700 1701 1702 1025 1703 1704 1705 1706 1707 1708 1710 Below is the example on how to get manycast-client related 1711 configuration 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1725 1726 1727 1728 1729 Ethernet3/0/0 1730 1731
224.1.1.1
1732 1733 1734 10 1735 1736 1737 255 1738 3 1739 10 1740 6 1741 6 1742 10 1743 1025 1744 1745 1746 1747 1748 1750 Below is the example on how to configure manycast-server with address 1751 as "224.1.1.1" 1752 1753 1754 1755 1756 1757 1758 1759 1760 Ethernet3/0/0 1761 1762
224.1.1.1
1763 1764 1765 1766 1767 1768 1770 Below is the example on how to get manycast-server related 1771 configuration 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1786 1787 1788 1789 1790 Ethernet3/0/0 1791 1792
224.1.1.1
1793 1794 1795 1796 1797 1799 6.7. Clock state 1801 Below is the example on how to get clock current state 1803 1804 1805 1806 1807 1808 1809 1810 1812 1813 1814 1815 1816 synchronized 1817 7 1818 192.0.2.1 1819 192.0.2.1 1820 1821 client 1822 1823 yes 1824 1825 100.0 1826 100.0 1827 18 1828 0.025 1829 0.5 1830 0.8 1831 10-10-2017 07:33:55.258 Z+05:30 1832 1833 clock-synchronized 1834 1835 1836 1837 1839 6.8. Get all association 1841 Below is the example on how to get all association present 1842 1843 1844 1845 1846 1847 1848 1849 1851 1852 1853 1854
192.0.2.1
1855 9 1856 20.1.1.1 1857 client 1858 true 1859 10 1860 true 1861 Ethernet3/0/0 1862 6 1863 10 1864 1025 1865 4 1866 255 1867 0 1868 128 1869 10 1870 0.025 1871 0.5 1872 0.6 1873 10-10-2017 07:33:55.253 Z+05:30 1874 1875 10-10-2017 07:33:55.258 Z+05:30 1876 1877 10-10-2017 07:33:55.300 Z+05:30 1878 1879 10-10-2017 07:33:55.305 Z+05:30 1880 1881 1882 20 1883 0 1884 20 1885 0 1886 1887 1888 1889 1891 6.9. Global statistic 1893 Below is the example on how to get clock current state 1895 1896 1897 1898 1899 1900 1901 1902 1904 1905 1906 1907 30 1908 5 1909 20 1910 2 1911 1912 1913 1915 7. IANA Considerations 1917 This document registers a URI in the "IETF XML Registry" [RFC3688]. 1918 Following the format in RFC 3688, the following registration has been 1919 made. 1921 URI: urn:ietf:params:xml:ns:yang:ietf-ntp 1923 Registrant Contact: The NETMOD WG of the IETF. 1925 XML: N/A; the requested URI is an XML namespace. 1927 This document registers a YANG module in the "YANG Module Names" 1928 registry [RFC6020]. 1930 Name: ietf-ntp 1932 Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp 1934 Prefix: ntp 1936 Reference: RFC XXXX 1938 8. Security Considerations 1940 The YANG module specified in this document defines a schema for data 1941 that is designed to be accessed via network management protocols such 1942 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 1943 is the secure transport layer, and the mandatory-to-implement secure 1944 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 1945 is HTTPS, and the mandatory-to-implement secure transport is TLS 1946 [RFC5246]. 1948 The NETCONF access control model [RFC8341] provides the means to 1949 restrict access for particular NETCONF or RESTCONF users to a 1950 preconfigured subset of all available NETCONF or RESTCONF protocol 1951 operations and content. 1953 There are a number of data nodes defined in this YANG module that are 1954 writable/creatable/deletable (i.e., config true, which is the 1955 default). These data nodes may be considered sensitive or vulnerable 1956 in some network environments. Write operations (e.g., edit-config) 1957 to these data nodes without proper protection can have a negative 1958 effect on network operations. These are the subtrees and data nodes 1959 and their sensitivity/vulnerability: 1961 /ntp/port - This data node specify the port number to be used to 1962 send NTP packets. Unexpected changes could lead to disruption 1963 and/or network misbehavior. 1965 /ntp/authentication and /ntp/access-rules - The entries in the 1966 list include the authentication and access control configurations. 1967 Car should be taken while setting these parameters. 1969 /ntp/unicast-configuration - The entries in the list include all 1970 unicast configurations (server or peer mode), and indirectly 1971 creates or modify the NTP associations. Unexpected changes could 1972 lead to disruption and/or network misbehavior. 1974 /ntp/interfaces/interface - The entries in the list inclide all 1975 per-interface configurations related to broadcast, multicast and 1976 manycast mode, and indirectly creates or modify the NTP 1977 associations. Unexpected changes could lead to disruption and/or 1978 network misbehavior. 1980 Some of the readable data nodes in this YANG module may be considered 1981 sensitive or vulnerable in some network environments. It is thus 1982 important to control read access (e.g., via get, get-config, or 1983 notification) to these data nodes. These are the subtrees and data 1984 nodes and their sensitivity/vulnerability: 1986 /ntp/associations - The entries in the list includes all active 1987 NTP associations of all modes. Unauthorized access to this needs 1988 to be curtailed. 1990 9. Acknowledgments 1992 The authors would like to express their thanks to Sladjana Zoric, 1993 Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, and 1994 Maurice Angermann for their review and suggestions. 1996 10. References 1998 10.1. Normative References 2000 [I-D.ietf-netmod-acl-model] 2001 Jethanandani, M., Huang, L., Agarwal, S., and D. Blair, 2002 "Network Access Control List (ACL) YANG Data Model", 2003 draft-ietf-netmod-acl-model-19 (work in progress), April 2004 2018. 2006 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2007 Requirement Levels", BCP 14, RFC 2119, 2008 DOI 10.17487/RFC2119, March 1997, 2009 . 2011 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2012 DOI 10.17487/RFC3688, January 2004, 2013 . 2015 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 2016 (TLS) Protocol Version 1.2", RFC 5246, 2017 DOI 10.17487/RFC5246, August 2008, 2018 . 2020 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 2021 "Network Time Protocol Version 4: Protocol and Algorithms 2022 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 2023 . 2025 [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., 2026 "Definitions of Managed Objects for Network Time Protocol 2027 Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June 2028 2010, . 2030 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2031 the Network Configuration Protocol (NETCONF)", RFC 6020, 2032 DOI 10.17487/RFC6020, October 2010, 2033 . 2035 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2036 and A. Bierman, Ed., "Network Configuration Protocol 2037 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2038 . 2040 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2041 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2042 . 2044 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2045 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2046 . 2048 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2049 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2050 . 2052 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2053 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2054 May 2017, . 2056 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 2057 Zhang, "YANG Data Model for Key Chains", RFC 8177, 2058 DOI 10.17487/RFC8177, June 2017, 2059 . 2061 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2062 "Common YANG Data Types for the Routing Area", RFC 8294, 2063 DOI 10.17487/RFC8294, December 2017, 2064 . 2066 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2067 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2068 . 2070 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2071 Access Control Model", STD 91, RFC 8341, 2072 DOI 10.17487/RFC8341, March 2018, 2073 . 2075 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2076 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2077 . 2079 10.2. Informative References 2081 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for 2082 System Management", RFC 7317, DOI 10.17487/RFC7317, August 2083 2014, . 2085 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2086 and R. Wilton, "Network Management Datastore Architecture 2087 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2088 . 2090 Authors' Addresses 2092 Nan Wu 2093 Huawei 2094 Huawei Bld., No.156 Beiqing Rd. 2095 Beijing 100095 2096 China 2098 Email: eric.wu@huawei.com 2100 Anil Kumar S N 2101 RtBrick Inc. 2102 Bangalore, Kanataka 2103 India 2105 Email: anil.ietf@gmail.com 2107 Yi Zhao 2108 Ericsson 2109 China Digital Kingdom Bld., No.1 WangJing North Rd. 2110 Beijing 100102 2111 China 2113 Email: yi.z.zhao@ericsson.com 2115 Dhruv Dhody 2116 Huawei 2117 Divyashree Techno Park, Whitefield 2118 Bangalore, Kanataka 560066 2119 India 2121 Email: dhruv.ietf@gmail.com 2122 Ankit kumar Sinha 2123 RtBrick Inc. 2124 Bangalore, Kanataka 2125 India 2127 Email: ankit.ietf@gmail.com