idnits 2.17.1 draft-ietf-ntp-yang-data-model-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 4 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 163 has weird spacing: '...ss-mode acc...' == Line 254 has weird spacing: '...address rt-...' == Line 256 has weird spacing: '...address rt-...' -- The document date (October 15, 2018) is 2018 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-21) exists of draft-ietf-netmod-acl-model-20 ** Obsolete normative reference: RFC 1305 (Obsoleted by RFC 5905) Summary: 2 errors (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NTP Working Group N. Wu 3 Internet-Draft D. Dhody 4 Intended status: Standards Track Huawei 5 Expires: April 18, 2019 A. Sinha 6 A. Kumar S N 7 RtBrick Inc. 8 Y. Zhao 9 Ericsson 10 October 15, 2018 12 A YANG Data Model for NTP 13 draft-ietf-ntp-yang-data-model-04 15 Abstract 17 This document defines a YANG data model for Network Time Protocol 18 (NTP) implementations. The data model includes configuration data 19 and state data. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 25 "OPTIONAL" in this document are to be interpreted as described in BCP 26 14 [RFC2119] [RFC8174] when, and only when, they appear in all 27 capitals, as shown here. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on April 18, 2019. 46 Copyright Notice 48 Copyright (c) 2018 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 65 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 66 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 67 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 68 2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 4 69 3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 7 70 4. Relationship with RFC 7317 . . . . . . . . . . . . . . . . . 9 71 5. Access Rules . . . . . . . . . . . . . . . . . . . . . . . . 9 72 6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 9 73 7. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 10 74 8. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 31 75 8.1. Unicast association . . . . . . . . . . . . . . . . . . . 31 76 8.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 33 77 8.3. Authentication configuration . . . . . . . . . . . . . . 34 78 8.4. Access configuration . . . . . . . . . . . . . . . . . . 36 79 8.5. Multicast configuration . . . . . . . . . . . . . . . . . 36 80 8.6. Manycast configuration . . . . . . . . . . . . . . . . . 40 81 8.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 43 82 8.8. Get all association . . . . . . . . . . . . . . . . . . . 43 83 8.9. Global statistic . . . . . . . . . . . . . . . . . . . . 45 84 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 45 85 10. Security Considerations . . . . . . . . . . . . . . . . . . . 46 86 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 47 87 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 47 88 12.1. Normative References . . . . . . . . . . . . . . . . . . 47 89 12.2. Informative References . . . . . . . . . . . . . . . . . 49 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 49 92 1. Introduction 94 This document defines a YANG [RFC7950] data model for Network Time 95 Protocol [RFC5905] implementations. 97 The data model convers configuration of system parameters of NTP, 98 such as access rules, authentication and VPN Routing and Forwarding 99 (VRF) binding, and also associations of NTP in different modes and 100 parameters of per-interface. It also provides information about 101 running state of NTP implementations. 103 1.1. Operational State 105 NTP Operational State is included in the same tree as NTP 106 configuration, consistent with Network Management Datastore 107 Architecture [RFC8342]. NTP current state and statistics are also 108 maintained in the operational state. Additionally, the operational 109 state also include the associations state. 111 1.2. Terminology 113 The terminology used in this document is aligned to [RFC5905]. 115 1.3. Tree Diagrams 117 A simplified graphical representation of the data model is used in 118 this document. This document uses the graphical representation of 119 data models defined in [RFC8340]. 121 1.4. Prefixes in Data Node Names 123 In this document, names of data nodes and other data model objects 124 are often used without a prefix, as long as it is clear from the 125 context in which YANG module each name is defined. Otherwise, names 126 are prefixed using the standard prefix associated with the 127 corresponding YANG module, as shown in Table 1. 129 +----------+--------------------------+-----------------------------+ 130 | Prefix | YANG module | Reference | 131 +----------+--------------------------+-----------------------------+ 132 | yang | ietf-yang-types | [RFC6991] | 133 | inet | ietf-inet-types | [RFC6991] | 134 | if | ietf-interfaces | [RFC8343] | 135 | ianach | iana-crypt-hash | [RFC7317] | 136 | key- | ietf-key-chain | [RFC8177] | 137 | chain | | | 138 | acl | ietf-access-control-list | [I-D.ietf-netmod-acl-model] | 139 | rt-types | ietf-routing-types | [RFC8294] | 140 +----------+--------------------------+-----------------------------+ 142 Table 1: Prefixes and corresponding YANG modules 144 2. NTP data model 146 This document defines the YANG module "ietf-ntp", which has the 147 following structure: 149 module: ietf-ntp 150 +--rw ntp! 151 +--rw port? inet:port-number {ntp-port}? 152 +--rw refclock-master! 153 | +--rw master-stratum? ntp-stratum 154 +--rw authentication 155 | +--rw auth-enabled? boolean 156 | +--rw authentication-keys* [key-id] 157 | +--rw key-id uint32 158 | +--rw algorithm? identityref 159 | +--rw key? ianach:crypt-hash 160 | +--rw istrusted? boolean 161 +--rw access-rules 162 | +--rw access-rule* [access-mode] 163 | +--rw access-mode access-mode 164 | +--rw acl? -> /acl:acls/acl/name 165 +--ro clock-state 166 | +--ro system-status 167 | +--ro clock-state ntp-clock-status 168 | +--ro clock-stratum ntp-stratum 169 | +--ro clock-refid union 170 | +--ro associations-address? -> /ntp/associations/address 171 | +--ro associations-local-mode? 172 | | -> /ntp/associations/local-mode 173 | +--ro associations-isconfigured? 174 | | -> /ntp/associations/isconfigured 175 | +--ro nominal-freq decimal64 176 | +--ro actual-freq decimal64 177 | +--ro clock-precision uint8 178 | +--ro clock-offset? decimal64 179 | +--ro root-delay? decimal64 180 | +--ro root-dispersion? decimal64 181 | +--ro reference-time? yang:date-and-time 182 | +--ro sync-state ntp-sync-state 183 +--rw unicast-configuration* [address type] 184 | +--rw address inet:host 185 | +--rw type unicast-configuration-type 186 | +--rw authentication 187 | | +--rw (authentication-type)? 188 | | +--:(symmetric-key) 189 | | +--rw key-id? leafref 190 | +--rw prefer? boolean 191 | +--rw burst? boolean 192 | +--rw iburst? boolean 193 | +--rw source? if:interface-ref 194 | +--rw minpoll? ntp-minpoll 195 | +--rw maxpoll? ntp-maxpoll 196 | +--rw port? inet:port-number {ntp-port}? 197 | +--rw version? ntp-version 198 +--ro associations* [address local-mode isconfigured] 199 | +--ro address inet:host 200 | +--ro local-mode association-mode 201 | +--ro isconfigured boolean 202 | +--ro stratum? ntp-stratum 203 | +--ro refid? union 204 | +--ro authentication? 205 | | -> /ntp/authentication/authentication-keys/key-id 206 | +--ro prefer? boolean 207 | +--ro peer-interface? if:interface-ref 208 | +--ro minpoll? ntp-minpoll 209 | +--ro maxpoll? ntp-maxpoll 210 | +--ro port? inet:port-number {ntp-port}? 211 | +--ro version? ntp-version 212 | +--ro reach? uint8 213 | +--ro unreach? uint8 214 | +--ro poll? uint8 215 | +--ro now? uint32 216 | +--ro offset? decimal64 217 | +--ro delay? decimal64 218 | +--ro dispersion? decimal64 219 | +--ro originate-time? yang:date-and-time 220 | +--ro receive-time? yang:date-and-time 221 | +--ro transmit-time? yang:date-and-time 222 | +--ro input-time? yang:date-and-time 223 | +--ro ntp-statistics 224 | +--ro packet-sent? yang:counter32 225 | +--ro packet-sent-fail? yang:counter32 226 | +--ro packet-received? yang:counter32 227 | +--ro packet-dropped? yang:counter32 228 +--rw interfaces 229 | +--rw interface* [name] 230 | +--rw name if:interface-ref 231 | +--rw broadcast-server! 232 | | +--rw ttl? uint8 233 | | +--rw authentication 234 | | | +--rw (authentication-type)? 235 | | | +--:(symmetric-key) 236 | | | +--rw key-id? leafref 237 | | +--rw minpoll? ntp-minpoll 238 | | +--rw maxpoll? ntp-maxpoll 239 | | +--rw port? inet:port-number {ntp-port}? 240 | | +--rw version? ntp-version 241 | +--rw broadcast-client! 242 | +--rw multicast-server* [address] 243 | | +--rw address rt-types:ip-multicast-group-address 244 | | +--rw ttl? uint8 245 | | +--rw authentication 246 | | | +--rw (authentication-type)? 247 | | | +--:(symmetric-key) 248 | | | +--rw key-id? leafref 249 | | +--rw minpoll? ntp-minpoll 250 | | +--rw maxpoll? ntp-maxpoll 251 | | +--rw port? inet:port-number {ntp-port}? 252 | | +--rw version? ntp-version 253 | +--rw multicast-client* [address] 254 | | +--rw address rt-types:ip-multicast-group-address 255 | +--rw manycast-server* [address] 256 | | +--rw address rt-types:ip-multicast-group-address 257 | +--rw manycast-client* [address] 258 | +--rw address rt-types:ip-multicast-group-address 259 | +--rw authentication 260 | | +--rw (authentication-type)? 261 | | +--:(symmetric-key) 262 | | +--rw key-id? leafref 263 | +--rw ttl? uint8 264 | +--rw minclock? uint8 265 | +--rw maxclock? uint8 266 | +--rw beacon? uint8 267 | +--rw minpoll? ntp-minpoll 268 | +--rw maxpoll? ntp-maxpoll 269 | +--rw port? inet:port-number {ntp-port}? 270 | +--rw version? ntp-version 271 +--ro ntp-statistics 272 +--ro packet-sent? yang:counter32 273 +--ro packet-sent-fail? yang:counter32 274 +--ro packet-received? yang:counter32 275 +--ro packet-dropped? yang:counter32 276 groupings: 277 authentication 278 +---- (authentication-type)? 279 +--:(symmetric-key) 280 +---- key-id? 281 -> /ntp/authentication/authentication-keys/key-id 283 statistics 284 +---- packet-sent? yang:counter32 285 +---- packet-sent-fail? yang:counter32 286 +---- packet-received? yang:counter32 287 +---- packet-dropped? yang:counter32 289 authentication-key 290 +---- key-id? uint32 291 +---- algorithm? identityref 292 +---- key? ianach:crypt-hash 293 +---- istrusted? boolean 295 association-ref 296 +---- associations-address? -> /ntp/associations/address 297 +---- associations-local-mode? -> /ntp/associations/local-mode 298 +---- associations-isconfigured? -> /ntp/associations/isconfigured 300 common-attributes 301 +---- minpoll? ntp-minpoll 302 +---- maxpoll? ntp-maxpoll 303 +---- port? inet:port-number {ntp-port}? 304 +---- version? ntp-version 306 This data model defines one top-level container which includes both 307 the NTP configuration and the NTP running state including access 308 rules, authentication, associations, unicast configurations, 309 interfaces, system status and associations. 311 3. Relationship with NTPv4-MIB 313 If the device implements the NTPv4-MIB [RFC5907], data nodes from 314 YANG module can be mapped to table entries in NTPv4-MIB. 316 The following tables list the YANG data nodes with corresponding 317 objects in the NTPv4-MIB. 319 +--------------------------+--------------------------+ 320 | YANG data nodes in /ntp/ | NTPv4-MIB objects | 321 +--------------------------+--------------------------+ 322 | ntp-enabled | ntpEntStatusCurrentMode | 323 +--------------------------+--------------------------+ 325 +--------------------------------------+---------------------+ 326 | YANG data nodes in /ntp/associations | NTPv4-MIB objects | 327 +--------------------------------------+---------------------+ 328 | address | ntpAssocAddressType | 329 | | ntpAssocAddress | 330 +--------------------------------------+---------------------+ 332 YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects 334 +---------------------------------+---------------------------------+ 335 | YANG data nodes in /ntp/clock- | NTPv4-MIB objects | 336 | state/system-status | | 337 +---------------------------------+---------------------------------+ 338 | clock-state | ntpEntStatusCurrentMode | 339 | clock-stratum | ntpEntStatusStratum | 340 | clock-refid | ntpEntStatusActiveRefSourceId | 341 | | ntpEntStatusActiveRefSourceName | 342 | clock-precision | ntpEntTimePrecision | 343 | clock-offset | ntpEntStatusActiveOffset | 344 | root-dispersion | ntpEntStatusDispersion | 345 +---------------------------------+---------------------------------+ 347 +---------------------------------------+---------------------------+ 348 | YANG data nodes in /ntp/associations/ | NTPv4-MIB objects | 349 +---------------------------------------+---------------------------+ 350 | address | ntpAssocAddressType | 351 | | ntpAssocAddress | 352 | stratum | ntpAssocStratum | 353 | refid | ntpAssocRefId | 354 | offset | ntpAssocOffset | 355 | delay | ntpAssocStatusDelay | 356 | dispersion | ntpAssocStatusDispersion | 357 | ntp-statistics/packet-sent | ntpAssocStatOutPkts | 358 | ntp-statistics/packet-received | ntpAssocStatInPkts | 359 | ntp-statistics/packet-dropped | ntpAssocStatProtocolError | 360 +---------------------------------------+---------------------------+ 362 YANG NTP State Data Nodes and Related NTPv4-MIB Objects 364 4. Relationship with RFC 7317 366 This section describes the relationship with NTP definition in 367 Section 3.2 System Time Management of [RFC7317] . YANG data nodes in 368 /ntp/ also supports per-interface configurations which is not 369 supported in /system/ntp. If the yang model defined in this document 370 is implemented, then /system/ntp SHOULD NOT be used and MUST be 371 ignored. 373 +-------------------------------+--------------------------------+ 374 | YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | 375 +-------------------------------+--------------------------------+ 376 | ntp-enabled | enabled | 377 | unicast-configuration | server | 378 | | server/name | 379 | unicast-configuration/address | server/transport/udp/address | 380 | unicast-configuration/port | server/transport/udp/port | 381 | unicast-configuration/type | server/association-type | 382 | unicast-configuration/iburst | server/iburst | 383 | unicast-configuration/prefer | server/prefer | 384 +-------------------------------+--------------------------------+ 386 YANG NTP Configuration Data Nodes and counterparts in RFC 7317 387 Objects 389 5. Access Rules 391 As per [RFC1305], NTP could include an access-control feature that 392 prevents unauthorized access and controls which peers are allowed to 393 update the local clock. Further it is useful to differentiate 394 between the various kinds of access (such as peer or server; refer 395 access-mode) and attach different acl-rule to each. For this, the 396 YANG module allow such configuration via /ntp/access-rules. The 397 access-rule itself is configured via [I-D.ietf-netmod-acl-model]. 399 6. Key Management 401 As per [RFC1305], when authentication is enabled, NTP employs a 402 crypto-checksum, computed by the sender and checked by the receiver, 403 together with a set of predistributed algorithms, and cryptographic 404 keys indexed by a key identifier included in the NTP message. This 405 key-id is 32-bits unsigned integer that MUST be configured on the NTP 406 peers before the authentication could be used. For this reason, this 407 YANG modules allow such configuration via /ntp/authentication/ 408 authentication-keys/. Further at the time of configuration of NTP 409 association (for example unicast-server), the key-id is specefied. 411 7. NTP YANG Module 413 file "ietf-ntp@2018-10-15.yang" 414 module ietf-ntp { 416 yang-version 1.1; 418 namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; 420 prefix "ntp"; 422 import ietf-yang-types { 423 prefix "yang"; 424 reference "RFC 6991"; 425 } 427 import ietf-inet-types { 428 prefix "inet"; 429 reference "RFC 6991"; 430 } 432 import ietf-interfaces { 433 prefix "if"; 434 reference "RFC 8343"; 435 } 437 import iana-crypt-hash { 438 prefix "ianach"; 439 reference "RFC 7317"; 440 } 442 import ietf-key-chain { 443 prefix "key-chain"; 444 reference "RFC 8177"; 445 } 447 import ietf-access-control-list { 448 prefix "acl"; 449 reference "RFC XXXX"; 450 } 451 import ietf-routing-types { 452 prefix "rt-types"; 453 reference "RFC 8294"; 455 } 457 organization 458 "IETF NTP (Network Time Protocol) Working Group"; 460 contact 461 "WG Web: 462 WG List: 465 Editor: Anil Kumar S N 466 467 Editor: Yi Zhao 468 469 Editor: Dhruv Dhody 470 471 Editor: Ankit Kumar Sinha 472 "; 473 description 474 "This YANG module defines essential components for the 475 management of a routing subsystem. 477 Copyright (c) 2018 IETF Trust and the persons identified 478 as authors of the code. All rights reserved. 480 Redistribution and use in source and binary forms, 481 with or without modification, is permitted pursuant to, 482 and subject to the license terms contained in, the 483 Simplified BSD License set forth in Section 4.c of the 484 IETF Trust's Legal Provisions Relating to IETF Documents 485 (http://trustee.ietf.org/license-info). 487 This version of this YANG module is part of RFC XXXX; 488 see the RFC itself for full legal notices."; 490 revision 2018-10-15 { 491 description 492 "Updated revision."; 493 reference 494 "RFC XXXX: A YANG Data Model for NTP Management"; 495 } 497 /* Typedef Definitions */ 499 typedef ntp-stratum { 500 type uint8 { 501 range "1..16"; 502 } 503 description 504 "The level of each server in the hierarchy is defined by 505 a stratum. Primary servers are assigned with stratum 506 one; secondary servers at each lower level are assigned with 507 one stratum greater than the preceding level"; 509 } 511 typedef ntp-version { 512 type uint8 { 513 range "1..4"; 514 } 515 default "3"; 516 description 517 "The current NTP version supported by corresponding 518 association."; 519 } 521 typedef ntp-minpoll { 522 type uint8 { 523 range "4..17"; 524 } 525 default "6"; 526 description 527 "The minimum poll exponent for this NTP association."; 528 } 530 typedef ntp-maxpoll { 531 type uint8 { 532 range "4..17"; 533 } 534 default "10"; 535 description 536 "The maximum poll exponent for this NTP association."; 537 } 539 typedef access-mode { 540 type enumeration { 541 enum peer { 542 value "0"; 543 description 544 "Enables the full access authority. Both time 545 request and control query can be performed 546 on the local NTP service, and the local clock 547 can be synchronized with the remote server."; 548 } 549 enum server { 550 value "1"; 551 description 552 "Enables the server access and query. 553 Both time requests and control query can be 554 performed on the local NTP service, but the 555 local clock cannot be synchronized with the 556 remote server."; 558 } 559 enum synchronization { 560 value "2"; 561 description 562 "Enables the server to access. 563 Only time request can be performed on the 564 local NTP service."; 565 } 566 enum query { 567 value "3"; 568 description 569 "Enables the maximum access limitation. 570 Control query can be performed only on the 571 local NTP service."; 572 } 573 } 574 description 575 "This defines NTP access modes."; 576 } 578 typedef unicast-configuration-type { 579 type enumeration { 580 enum server { 581 value "0"; 582 description 583 "Use client association mode. This device 584 will not provide synchronization to the 585 configured NTP server."; 586 } 587 enum peer { 588 value "1"; 589 description 590 "Use symmetric active association mode. 591 This device may provide synchronization 592 to the configured NTP server."; 593 } 594 } 595 description 596 "This defines NTP unicast mode of operation."; 597 } 598 typedef association-mode { 599 type enumeration { 600 enum client { 601 value "0"; 602 description 603 "Use client association mode(mode 3). 604 This device will not provide synchronization 605 to the configured NTP server."; 607 } 608 enum active { 609 value "1"; 610 description 611 "Use symmetric active association mode(mode 1). 612 This device may synchronize with its NTP peer, 613 or provide synchronization to configured NTP peer."; 614 } 615 enum passive { 616 value "2"; 617 description 618 "Use symmetric passive association mode(mode 2). 619 This device has learned this association dynamically. 620 This device may synchronize with its NTP peer."; 621 } 622 enum broadcast { 623 value "3"; 624 description 625 "Use broadcast mode(mode 5). 626 This mode defines that its either working 627 as broadcast-server or multicast-server."; 628 } 629 enum broadcast-client { 630 value "4"; 631 description 632 "This mode defines that its either working 633 as broadcast-client or multicast-client."; 634 } 635 } 636 description 637 "The NTP association modes."; 638 } 640 typedef ntp-clock-status { 641 type enumeration { 642 enum synchronized { 643 value "0"; 644 description 645 "Indicates that the local clock has been 646 synchronized with an NTP server or 647 the reference clock."; 648 } 649 enum unsynchronized { 650 value "1"; 651 description 652 "Indicates that the local clock has not been 653 synchronized with any NTP server."; 654 } 656 } 657 description 658 "This defines NTP clock status."; 659 } 661 typedef ntp-sync-state { 662 type enumeration { 663 enum clock-not-set { 664 value "0"; 665 description 666 "Indicates the clock is not updated."; 667 } 668 enum freq-set-by-cfg { 669 value "1"; 670 description 671 "Indicates the clock frequency is set by 672 NTP configuration."; 673 } 674 enum clock-set { 675 value "2"; 676 description 677 "Indicates the clock is set."; 678 } 679 enum freq-not-determined { 680 value "3"; 681 description 682 "Indicates the clock is set but the frequency 683 is not determined."; 684 } 685 enum clock-synchronized { 686 value "4"; 687 description 688 "Indicates that the clock is synchronized"; 689 } 690 enum spike { 691 value "5"; 692 description 693 "Indicates a time difference of more than 128 694 milliseconds is detected between NTP server 695 and client clock. The clock change will take 696 effect in XXX seconds."; 697 } 698 } 699 description 700 "This defines NTP clock sync states."; 701 } 703 /* features */ 704 feature ntp-port { 705 description 706 "Support for NTP port configuration"; 707 reference "RFC1305 - 3.2.7 Parameters"; 708 } 710 feature authentication { 711 description 712 "Support for NTP symmetric key authentication"; 713 reference "RFC1305 - 3.2.6 Authentication Variables"; 714 } 716 feature access-rules { 717 description 718 "Support for NTP access control"; 719 reference "RFC1305 - 3.6 Access Control Issues"; 720 } 722 feature unicast-configuration { 723 description 724 "Support for NTP client/server or active/passive 725 in unicast"; 726 reference "RFC1305 - 3.3 Modes of Operation"; 727 } 729 feature broadcast-server { 730 description 731 "Support for broadcast server"; 732 reference "RFC1305 - 3.3 Modes of Operation"; 733 } 735 feature broadcast-client { 736 description 737 "Support for broadcast client"; 738 reference "RFC1305 - 3.3 Modes of Operation"; 739 } 741 feature multicast-server { 742 description 743 "Support for multicast server"; 744 reference "RFC1305 - 3.3 Modes of Operation"; 745 } 747 feature multicast-client { 748 description 749 "Support for multicast client"; 750 reference "RFC1305 - 3.3 Modes of Operation"; 751 } 752 feature manycast-server { 753 description 754 "Support for manycast server"; 755 reference "RFC5905 - 3.1 Dynamic Server Discovery"; 756 } 758 feature manycast-client { 759 description 760 "Support for manycast client"; 761 reference "RFC5905 - 3.1 Dynamic Server Discovery"; 762 } 764 /* Groupings */ 765 grouping authentication-key { 766 description 767 "To define an authentication key for a Network Time 768 Protocol (NTP) time source."; 769 leaf key-id { 770 type uint32 { 771 range "1..max"; 772 } 773 description 774 "Authentication key identifier."; 775 } 776 leaf algorithm { 777 type identityref { 778 base key-chain:crypto-algorithm; 779 } 780 description 781 "Authentication algorithm."; 782 } 783 leaf key { 784 type ianach:crypt-hash; 785 description 786 "The key"; 787 } 788 leaf istrusted { 789 type boolean; 790 description 791 "Key-id is trusted or not"; 792 } 793 } 795 grouping authentication { 796 description 797 "Authentication."; 798 choice authentication-type { 799 description 800 "Type of authentication."; 801 case symmetric-key { 802 leaf key-id { 803 type leafref { 804 path "/ntp:ntp/ntp:authentication/" 805 + "ntp:authentication-keys/ntp:key-id"; 806 } 807 description 808 "Authentication key id referenced in this 809 association."; 810 } 811 } 812 } 813 } 815 grouping statistics { 816 description 817 "NTP packet statistic."; 818 leaf packet-sent { 819 type yang:counter32; 820 description 821 "The total number of packets sent."; 822 } 823 leaf packet-sent-fail { 824 type yang:counter32; 825 description 826 "The number of times packet 827 sending failed."; 828 } 829 leaf packet-received { 830 type yang:counter32; 831 description 832 "The total number of packets received."; 833 } 834 leaf packet-dropped { 835 type yang:counter32; 836 description 837 "The number of packets dropped."; 838 } 839 } 841 grouping common-attributes { 842 description 843 "NTP common attributes for configuration."; 844 leaf minpoll { 845 type ntp-minpoll; 846 description 847 "The minimum poll interval used in this association."; 849 } 850 leaf maxpoll { 851 type ntp-maxpoll; 852 description 853 "The maximum poll interval used in this association."; 854 } 855 leaf port { 856 if-feature ntp-port; 857 type inet:port-number { 858 range "123 | 1025..max"; 859 } 860 default "123"; 861 description 862 "Specify the port used to send NTP packets."; 863 } 864 leaf version { 865 type ntp-version; 866 description 867 "NTP version."; 868 } 869 } 871 grouping association-ref { 872 description 873 "Reference to NTP association mode"; 874 leaf associations-address { 875 type leafref { 876 path "/ntp:ntp/ntp:associations/ntp:address"; 877 } 878 description 879 "Indicates the association's address 880 which result in clock synchronization."; 881 } 882 leaf associations-local-mode { 883 type leafref { 884 path "/ntp:ntp/ntp:associations/ntp:local-mode"; 885 } 886 description 887 "Indicates the association's local-mode 888 which result in clock synchronization."; 889 } 890 leaf associations-isconfigured { 891 type leafref { 892 path "/ntp:ntp/ntp:associations/" 893 + "ntp:isconfigured"; 894 } 895 description 896 "The association was configured or dynamic 897 which result in clock synchronization."; 898 } 899 } 901 /* Configuration data nodes */ 902 container ntp { 903 presence 904 "NTP is enabled"; 905 description 906 "Configuration parameters for NTP."; 907 leaf port { 908 if-feature ntp-port; 909 type inet:port-number { 910 range "123 | 1025..max"; 911 } 912 default "123"; 913 description 914 "Specify the port used to send NTP packets."; 915 } 916 container refclock-master { 917 presence 918 "NTP master clock is enabled"; 919 description 920 "Configures the device as NTP server."; 921 leaf master-stratum { 922 type ntp-stratum; 923 default "16"; 924 description 925 "Stratum level from which NTP 926 clients get their time synchronized."; 927 } 928 } 929 container authentication { 930 description 931 "Configuration of authentication."; 932 leaf auth-enabled { 933 type boolean; 934 default false; 935 description 936 "Controls whether NTP authentication is enabled 937 or disabled on this device."; 938 } 939 list authentication-keys { 940 key "key-id"; 941 uses authentication-key; 942 description 943 "List of authentication keys."; 944 } 946 } 948 container access-rules { 949 description 950 "Configuration to control access to NTP service 951 by using NTP access-group feature. 952 The access-mode identifies how the acl is 953 applied with NTP"; 954 list access-rule { 955 key "access-mode"; 956 description 957 "List of access rules."; 958 leaf access-mode { 959 type access-mode; 960 description 961 "NTP access mode."; 962 } 963 leaf acl { 964 type leafref { 965 path "/acl:acls/acl:acl/acl:name"; 966 } 967 description 968 "NTP ACL."; 969 } 970 reference 971 "RFC 1305"; 972 } 973 } 975 container clock-state { 976 config "false"; 977 description 978 "Operational state of the NTP."; 980 container system-status { 981 description 982 "System status of NTP."; 983 leaf clock-state { 984 type ntp-clock-status; 985 mandatory true; 986 description 987 "The state of system clock."; 988 } 989 leaf clock-stratum { 990 type ntp-stratum; 991 mandatory true; 992 description 993 "The stratum of the reference clock."; 995 } 996 leaf clock-refid { 997 type union { 998 type inet:ipv4-address; 999 type binary { 1000 length "4"; 1001 } 1002 type string { 1003 length "4"; 1004 } 1005 } 1006 mandatory true; 1007 description 1008 "IPv4 address or first 32 bits of the MD5 hash of 1009 the IPv6 address or reference clock of the peer to 1010 which clock is synchronized."; 1011 } 1013 uses association-ref { 1014 description 1015 "Reference to Association"; 1016 } 1017 leaf nominal-freq { 1018 type decimal64 { 1019 fraction-digits 4; 1020 } 1021 units Hz; 1022 mandatory true; 1023 description 1024 "The nominal frequency of the 1025 local clock"; 1026 } 1027 leaf actual-freq { 1028 type decimal64 { 1029 fraction-digits 4; 1030 } 1031 units Hz; 1032 mandatory true; 1033 description 1034 "The actual frequency of the 1035 local clock"; 1036 } 1037 leaf clock-precision { 1038 type uint8; 1039 units Hz; 1040 mandatory true; 1041 description 1042 "Clock precision of this system 1043 (prec=2^(-n))"; 1044 } 1045 leaf clock-offset { 1046 type decimal64 { 1047 fraction-digits 4; 1048 } 1049 units milliseconds; 1050 description 1051 "Clock offset with the synchronized peer"; 1052 } 1053 leaf root-delay { 1054 type decimal64 { 1055 fraction-digits 2; 1056 } 1057 units milliseconds; 1058 description 1059 "Total delay along the path to root clock"; 1060 } 1061 leaf root-dispersion { 1062 type decimal64 { 1063 fraction-digits 2; 1064 } 1065 units milliseconds; 1066 description 1067 "The dispersion between the local clock 1068 and the master reference clock."; 1069 } 1070 leaf reference-time { 1071 type yang:date-and-time; 1072 description 1073 "The reference timestamp."; 1074 } 1075 leaf sync-state { 1076 type ntp-sync-state; 1077 mandatory true; 1078 description 1079 "The synchronization status of 1080 the local clock."; 1081 } 1082 } 1083 } 1084 list unicast-configuration { 1085 key "address type"; 1086 description 1087 "List of unicast-configuration."; 1088 leaf address { 1089 type inet:host; 1090 description 1091 "Address of this association."; 1092 } 1093 leaf type { 1094 type unicast-configuration-type; 1095 description 1096 "Type of unicast configuration"; 1097 } 1098 container authentication{ 1099 description 1100 "Authentication."; 1101 uses authentication; 1102 } 1103 leaf prefer { 1104 type boolean; 1105 default "false"; 1106 description 1107 "Whether this association is preferred."; 1108 } 1109 leaf burst { 1110 type boolean; 1111 default "false"; 1112 description 1113 "If set, a series of packets are sent instead of a single 1114 packet within each synchronization interval to achieve faster 1115 synchronization."; 1116 } 1117 leaf iburst { 1118 type boolean; 1119 default "false"; 1120 description 1121 "If set, a series of packets are sent instead of a single 1122 packet within the initial synchronization interval to achieve 1123 faster initial synchronization."; 1124 } 1125 leaf source { 1126 type if:interface-ref; 1127 description 1128 "The interface whose IP address is used by this association 1129 as the source address."; 1130 } 1131 uses common-attributes { 1132 description 1133 "Common attributes like port, version, min and max 1134 poll."; 1135 } 1136 } 1137 list associations { 1138 key "address local-mode isconfigured"; 1139 config "false"; 1140 description 1141 "list of NTP associations. Here address,local-mode 1142 and isconfigured is required to uniquely identify 1143 a particular association. Lets take following examples 1145 1) If RT1 acting as broadcast server, 1146 and RT2 acting as broadcast client, then RT2 1147 will form dynamic association with address as RT1, 1148 local-mode as client and isconfigured as false. 1150 2) When RT2 is configured 1151 with unicast-server RT1, then RT2 will form 1152 association with address as RT1, local-mode as client 1153 and isconfigured as true. 1155 Thus all 3 leaves are needed as key to unique identify 1156 the association."; 1157 leaf address { 1158 type inet:host; 1159 description 1160 "The address of this association."; 1161 } 1162 leaf local-mode { 1163 type association-mode; 1164 description 1165 "Local mode for this NTP association."; 1166 } 1167 leaf isconfigured { 1168 type boolean; 1169 description 1170 "Indicates if this association is configured or 1171 dynamically learned."; 1172 } 1173 leaf stratum { 1174 type ntp-stratum; 1175 description 1176 "Indicates the stratum of the reference clock."; 1177 } 1178 leaf refid { 1179 type union { 1180 type inet:ipv4-address; 1181 type binary { 1182 length "4"; 1183 } 1184 type string { 1185 length "4"; 1186 } 1188 } 1189 description 1190 "Reference clock type or address for the peer."; 1191 } 1192 leaf authentication{ 1193 type leafref { 1194 path "/ntp:ntp/ntp:authentication/" 1195 + "ntp:authentication-keys/ntp:key-id"; 1196 } 1197 description 1198 "Authentication Key used for this association."; 1199 } 1200 leaf prefer { 1201 type boolean; 1202 default "false"; 1203 description 1204 "Indicates if this association is preferred."; 1205 } 1206 leaf peer-interface { 1207 type if:interface-ref; 1208 description 1209 "The interface which is used for communication."; 1210 } 1211 uses common-attributes { 1212 description 1213 "Common attributes like port, version, min and 1214 max poll."; 1215 } 1216 leaf reach { 1217 type uint8; 1218 description 1219 "The reachability of the configured 1220 server or peer."; 1221 } 1222 leaf unreach { 1223 type uint8; 1224 description 1225 "The unreachability of the configured 1226 server or peer."; 1227 } 1228 leaf poll { 1229 type uint8; 1230 units seconds; 1231 description 1232 "The polling interval for current association"; 1233 } 1234 leaf now { 1235 type uint32; 1236 units seconds; 1237 description 1238 "The time since the NTP packet was 1239 not received or last synchronized."; 1240 } 1241 leaf offset { 1242 type decimal64 { 1243 fraction-digits 4; 1244 } 1245 description 1246 "The offset between the local clock 1247 and the superior reference clock."; 1248 } 1249 leaf delay { 1250 type decimal64 { 1251 fraction-digits 2; 1252 } 1253 description 1254 "The delay between the local clock 1255 and the superior reference clock."; 1256 } 1257 leaf dispersion { 1258 type decimal64 { 1259 fraction-digits 2; 1260 } 1261 description 1262 "The dispersion between the local clock 1263 and the superior reference clock."; 1264 } 1265 leaf originate-time { 1266 type yang:date-and-time; 1267 description 1268 "The packet originate timestamp(T1)."; 1269 } 1270 leaf receive-time { 1271 type yang:date-and-time; 1272 description 1273 "The packet receive timestamp(T2)."; 1274 } 1275 leaf transmit-time { 1276 type yang:date-and-time; 1277 description 1278 "The packet transmit timestamp(T3)."; 1279 } 1280 leaf input-time { 1281 type yang:date-and-time; 1282 description 1283 "The packet input timestamp(T4)."; 1285 } 1286 container ntp-statistics { 1287 description 1288 "Per Peer packet send and receive statistics."; 1289 uses statistics { 1290 description 1291 "NTP send and receive packet statistics."; 1292 } 1293 } 1294 } 1296 container interfaces { 1297 description 1298 "Configuration parameters for NTP interfaces."; 1299 list interface { 1300 key "name"; 1301 description 1302 "List of interfaces."; 1303 leaf name { 1304 type if:interface-ref; 1305 description 1306 "The interface name."; 1307 } 1309 container broadcast-server { 1310 presence 1311 "NTP broadcast-server is configured"; 1312 description 1313 "Configuration of broadcast server."; 1314 leaf ttl { 1315 type uint8; 1316 description 1317 "Specifies the time to live (TTL) of a 1318 broadcast packet."; 1319 } 1320 container authentication{ 1321 description 1322 "Authentication."; 1323 uses authentication; 1324 } 1325 uses common-attributes { 1326 description 1327 "Common attribute like port, version, min and 1328 max poll."; 1329 } 1330 } 1332 container broadcast-client { 1333 presence 1334 "NTP broadcast-client is configured"; 1335 description 1336 "Configuration of broadcast-client."; 1337 } 1339 list multicast-server { 1340 key "address"; 1341 description 1342 "Configuration of multicast server."; 1343 leaf address { 1344 type rt-types:ip-multicast-group-address; 1345 description 1346 "The IP address to send NTP multicast packets."; 1347 } 1348 leaf ttl { 1349 type uint8; 1350 description 1351 "Specifies the time to live (TTL) of a 1352 multicast packet."; 1353 } 1354 container authentication{ 1355 description 1356 "Authentication."; 1357 uses authentication; 1358 } 1359 uses common-attributes { 1360 description 1361 "Common attributes like port, version, min and 1362 max poll."; 1363 } 1364 } 1365 list multicast-client { 1366 key "address"; 1367 description 1368 "Configuration of multicast-client."; 1369 leaf address { 1370 type rt-types:ip-multicast-group-address; 1371 description 1372 "The IP address of the multicast group to 1373 join."; 1374 } 1375 } 1376 list manycast-server { 1377 key "address"; 1378 description 1379 "Configuration of manycast server."; 1380 leaf address { 1381 type rt-types:ip-multicast-group-address; 1382 description 1383 "The multicast group IP address to receive 1384 manycast client messages ."; 1385 } 1386 reference 1387 "RFC 5905"; 1388 } 1389 list manycast-client { 1390 key "address"; 1391 description 1392 "Configuration of manycast-client."; 1393 leaf address { 1394 type rt-types:ip-multicast-group-address; 1395 description 1396 "The group IP address that the manycast client 1397 broadcasts the request message to."; 1398 } 1399 container authentication{ 1400 description 1401 "Authentication."; 1402 uses authentication; 1403 } 1404 leaf ttl { 1405 type uint8; 1406 description 1407 "Specifies the maximum time to live (TTL) for 1408 the expanding ring search."; 1409 } 1410 leaf minclock { 1411 type uint8; 1412 description 1413 "The minimum manycast survivors in this 1414 association."; 1415 } 1416 leaf maxclock { 1417 type uint8; 1418 description 1419 "The maximum manycast candidates in this 1420 association."; 1421 } 1422 leaf beacon { 1423 type uint8; 1424 description 1425 "The maximum interval between beacons in this 1426 association."; 1427 } 1428 uses common-attributes { 1429 description 1430 "Common attributes like port, version, min and 1431 max poll."; 1432 } 1433 reference 1434 "RFC 5905"; 1435 } 1436 } 1437 } 1438 container ntp-statistics { 1439 config "false"; 1440 description 1441 "Total NTP packet statistics."; 1442 uses statistics { 1443 description 1444 "NTP send and receive packet statistics."; 1445 } 1446 } 1447 } 1448 } 1449 1451 8. Usage Example 1453 8.1. Unicast association 1455 Below is the example on how to configure a preferred unicast server 1456 present at 192.0.2.1 running at port 1025 with authentication-key 10 1457 and version 4 1458 1459 1460 1461 1462 1463 1464 1465
192.0.2.1
1466 server 1467 true 1468 4 1469 1025 1470 1471 1472 10 1473 1474 1475 1476 1477 1478 1480 An example with IPv6 would used the an IPv6 address (say 2001:DB8::1) 1481 in the "address" leaf with no change in any other data tree. 1483 Below is the example on how to get unicast configuration 1485 1486 1487 1488 1489 1490 1491 1492 1494 1495 1496 1497
192.0.2.1
1498 server 1499 1500 1501 10 1502 1503 1504 true 1505 false 1506 true 1507 1508 6 1509 10 1510 1025 1511 4 1512 9 1513 20.1.1.1 1514 255 1515 0 1516 128 1517 10 1518 0.025 1519 0.5 1520 0.6 1521 10-10-2017 07:33:55.253 Z+05:30\ 1522 1523 10-10-2017 07:33:55.258 Z+05:30\ 1524 1525 10-10-2017 07:33:55.300 Z+05:30\ 1526 1527 10-10-2017 07:33:55.305 Z+05:30\ 1528 1529 1530 20 1531 0 1532 20 1533 0 1534 1535 1536 1537 1539 8.2. Refclock master 1541 Below is the example on how to configure reference clock with stratum 1542 8 1543 1544 1545 1546 1547 1548 1549 1550 8 1551 1552 1553 1554 1556 Below is the example on how to get reference clock configuration 1558 1559 1560 1561 1562 1563 1564 1565 1567 1568 1569 1570 8 1571 1572 1573 1575 8.3. Authentication configuration 1577 Below is the example on how to enable authentication and configure 1578 trusted authentication key 10 with mode as md5 and key as abcd 1579 1580 1581 1582 1583 1584 1585 1586 true 1587 1588 10 1589 md5 1590 abcd 1591 true 1592 1593 1594 1595 1596 1598 Below is the example on how to get authentication related 1599 configuration 1601 1602 1603 1604 1605 1606 1607 1608 1610 1611 1612 1613 false 1614 1615 1616 10 1617 md5 1618 abcd 1619 true 1620 1621 1622 1623 1625 8.4. Access configuration 1627 Below is the example on how to configure access mode "peer" 1628 associated with acl 2000. 1630 1631 1632 1633 1634 1635 1636 1637 1638 peer 1639 2000 1640 1641 1642 1643 1644 1646 Below is the example on how to get access related configuration 1648 1649 1650 1651 1652 1653 1654 1655 1657 1658 1659 1660 1661 peer 1662 2000 1663 1664 1665 1666 1668 8.5. Multicast configuration 1670 Below is the example on how to configure multicast-server with 1671 address as "224.1.1.1", port as 1025 and authentication keyid as 10 1672 1673 1674 1675 1676 1677 1678 1679 1680 Ethernet3/0/0 1681 1682
224.1.1.1
1683 1684 1685 10 1686 1687 1688 1025 1689 1690 1691 1692 1693 1694 1696 Below is the example on how to get multicast-server related 1697 configuration 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1711 1712 1713 1714 1715 Ethernet3/0/0 1716 1717
224.1.1.1
1718 224.1.1.1 1719 1720 1721 10 1722 1723 1724 6 1725 10 1726 1025 1727 3 1728 1729 1730 1731 1732 1734 Below is the example on how to configure multicast-client with 1735 address as "224.1.1.1" 1736 1737 1738 1739 1740 1741 1742 1743 1744 Ethernet3/0/0 1745 1746
224.1.1.1
1747 1748 1749 1750 1751 1752 1754 Below is the example on how to get multicast-client related 1755 configuration 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1770 1771 1772 1773 1774 Ethernet3/0/0 1775 1776
224.1.1.1
1777 1778 1779 1780 1781 1783 8.6. Manycast configuration 1785 Below is the example on how to configure manycast-client with address 1786 as "224.1.1.1", port as 1025 and authentication keyid as 10 1788 1789 1790 1791 1792 1793 1794 1795 1796 Ethernet3/0/0 1797 1798
224.1.1.1
1799 1800 1801 10 1802 1803 1804 1025 1805 1806 1807 1808 1809 1810 1812 Below is the example on how to get manycast-client related 1813 configuration 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1827 1828 1829 1830 1831 Ethernet3/0/0 1832 1833
224.1.1.1
1834 1835 1836 10 1837 1838 1839 255 1840 3 1841 10 1842 6 1843 6 1844 10 1845 1025 1846 1847 1848 1849 1850 1852 Below is the example on how to configure manycast-server with address 1853 as "224.1.1.1" 1854 1855 1856 1857 1858 1859 1860 1861 1862 Ethernet3/0/0 1863 1864
224.1.1.1
1865 1866 1867 1868 1869 1870 1872 Below is the example on how to get manycast-server related 1873 configuration 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1888 1889 1890 1891 1892 Ethernet3/0/0 1893 1894
224.1.1.1
1895 1896 1897 1898 1899 1901 8.7. Clock state 1903 Below is the example on how to get clock current state 1905 1906 1907 1908 1909 1910 1911 1912 1914 1915 1916 1917 1918 synchronized 1919 7 1920 192.0.2.1 1921 192.0.2.1\ 1922 1923 client\ 1924 1925 yes\ 1926 1927 100.0 1928 100.0 1929 18 1930 0.025 1931 0.5 1932 0.8 1933 10-10-2017 07:33:55.258 Z+05:30\ 1934 1935 clock-synchronized 1936 1937 1938 1939 1941 8.8. Get all association 1943 Below is the example on how to get all association present 1944 1945 1946 1947 1948 1949 1950 1951 1953 1954 1955 1956
192.0.2.1
1957 9 1958 20.1.1.1 1959 client 1960 true 1961 10 1962 true 1963 Ethernet3/0/0 1964 6 1965 10 1966 1025 1967 4 1968 255 1969 0 1970 128 1971 10 1972 0.025 1973 0.5 1974 0.6 1975 10-10-2017 07:33:55.253 Z+05:30\ 1976 1977 10-10-2017 07:33:55.258 Z+05:30\ 1978 1979 10-10-2017 07:33:55.300 Z+05:30\ 1980 1981 10-10-2017 07:33:55.305 Z+05:30\ 1982 1983 1984 20 1985 0 1986 20 1987 0 1988 1989 1990 1991 1993 8.9. Global statistic 1995 Below is the example on how to get clock current state 1997 1998 1999 2000 2001 2002 2003 2004 2006 2007 2008 2009 30 2010 5 2011 20 2012 2 2013 2014 2015 2017 9. IANA Considerations 2019 This document registers a URI in the "IETF XML Registry" [RFC3688]. 2020 Following the format in RFC 3688, the following registration has been 2021 made. 2023 URI: urn:ietf:params:xml:ns:yang:ietf-ntp 2025 Registrant Contact: The NETMOD WG of the IETF. 2027 XML: N/A; the requested URI is an XML namespace. 2029 This document registers a YANG module in the "YANG Module Names" 2030 registry [RFC6020]. 2032 Name: ietf-ntp 2034 Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp 2036 Prefix: ntp 2038 Reference: RFC XXXX 2040 10. Security Considerations 2042 The YANG module specified in this document defines a schema for data 2043 that is designed to be accessed via network management protocols such 2044 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2045 is the secure transport layer, and the mandatory-to-implement secure 2046 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2047 is HTTPS, and the mandatory-to-implement secure transport is TLS 2048 [RFC8446]. 2050 The NETCONF access control model [RFC8341] provides the means to 2051 restrict access for particular NETCONF or RESTCONF users to a 2052 preconfigured subset of all available NETCONF or RESTCONF protocol 2053 operations and content. 2055 There are a number of data nodes defined in this YANG module that are 2056 writable/creatable/deletable (i.e., config true, which is the 2057 default). These data nodes may be considered sensitive or vulnerable 2058 in some network environments. Write operations (e.g., edit-config) 2059 to these data nodes without proper protection can have a negative 2060 effect on network operations. These are the subtrees and data nodes 2061 and their sensitivity/vulnerability: 2063 /ntp/port - This data node specify the port number to be used to 2064 send NTP packets. Unexpected changes could lead to disruption 2065 and/or network misbehavior. 2067 /ntp/authentication and /ntp/access-rules - The entries in the 2068 list include the authentication and access control configurations. 2069 Care should be taken while setting these parameters. 2071 /ntp/unicast-configuration - The entries in the list include all 2072 unicast configurations (server or peer mode), and indirectly 2073 creates or modify the NTP associations. Unexpected changes could 2074 lead to disruption and/or network misbehavior. 2076 /ntp/interfaces/interface - The entries in the list inclide all 2077 per-interface configurations related to broadcast, multicast and 2078 manycast mode, and indirectly creates or modify the NTP 2079 associations. Unexpected changes could lead to disruption and/or 2080 network misbehavior. 2082 Some of the readable data nodes in this YANG module may be considered 2083 sensitive or vulnerable in some network environments. It is thus 2084 important to control read access (e.g., via get, get-config, or 2085 notification) to these data nodes. These are the subtrees and data 2086 nodes and their sensitivity/vulnerability: 2088 /ntp/associations - The entries in the list includes all active 2089 NTP associations of all modes. Unauthorized access to this needs 2090 to be curtailed. 2092 11. Acknowledgments 2094 The authors would like to express their thanks to Sladjana Zoric, 2095 Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, and 2096 Maurice Angermann for their review and suggestions. 2098 12. References 2100 12.1. Normative References 2102 [I-D.ietf-netmod-acl-model] 2103 Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2104 "Network Access Control List (ACL) YANG Data Model", 2105 draft-ietf-netmod-acl-model-20 (work in progress), October 2106 2018. 2108 [RFC1305] Mills, D., "Network Time Protocol (Version 3) 2109 Specification, Implementation and Analysis", RFC 1305, 2110 DOI 10.17487/RFC1305, March 1992, 2111 . 2113 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2114 Requirement Levels", BCP 14, RFC 2119, 2115 DOI 10.17487/RFC2119, March 1997, 2116 . 2118 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2119 DOI 10.17487/RFC3688, January 2004, 2120 . 2122 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 2123 "Network Time Protocol Version 4: Protocol and Algorithms 2124 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 2125 . 2127 [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., 2128 "Definitions of Managed Objects for Network Time Protocol 2129 Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June 2130 2010, . 2132 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2133 the Network Configuration Protocol (NETCONF)", RFC 6020, 2134 DOI 10.17487/RFC6020, October 2010, 2135 . 2137 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2138 and A. Bierman, Ed., "Network Configuration Protocol 2139 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2140 . 2142 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2143 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2144 . 2146 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2147 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2148 . 2150 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2151 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2152 . 2154 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2155 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2156 . 2158 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2159 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2160 May 2017, . 2162 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 2163 Zhang, "YANG Data Model for Key Chains", RFC 8177, 2164 DOI 10.17487/RFC8177, June 2017, 2165 . 2167 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2168 "Common YANG Data Types for the Routing Area", RFC 8294, 2169 DOI 10.17487/RFC8294, December 2017, 2170 . 2172 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2173 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2174 . 2176 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2177 Access Control Model", STD 91, RFC 8341, 2178 DOI 10.17487/RFC8341, March 2018, 2179 . 2181 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2182 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2183 . 2185 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2186 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2187 . 2189 12.2. Informative References 2191 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for 2192 System Management", RFC 7317, DOI 10.17487/RFC7317, August 2193 2014, . 2195 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2196 and R. Wilton, "Network Management Datastore Architecture 2197 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2198 . 2200 Authors' Addresses 2202 Nan Wu 2203 Huawei 2204 Huawei Bld., No.156 Beiqing Rd. 2205 Beijing 100095 2206 China 2208 Email: eric.wu@huawei.com 2210 Dhruv Dhody 2211 Huawei 2212 Divyashree Techno Park, Whitefield 2213 Bangalore, Kanataka 560066 2214 India 2216 Email: dhruv.ietf@gmail.com 2218 Ankit kumar Sinha 2219 RtBrick Inc. 2220 Bangalore, Kanataka 2221 India 2223 Email: ankit.ietf@gmail.com 2224 Anil Kumar S N 2225 RtBrick Inc. 2226 Bangalore, Kanataka 2227 India 2229 Email: anil.ietf@gmail.com 2231 Yi Zhao 2232 Ericsson 2233 China Digital Kingdom Bld., No.1 WangJing North Rd. 2234 Beijing 100102 2235 China 2237 Email: yi.z.zhao@ericsson.com