idnits 2.17.1 draft-ietf-ntp-yang-data-model-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 184 has weird spacing: '...ss-mode acc...' == Line 211 has weird spacing: '...address rt-...' == Line 213 has weird spacing: '...address rt-...' == Line 238 has weird spacing: '...ss-mode acc...' == Line 331 has weird spacing: '...address rt-...' == (1 more instance...) -- The document date (January 22, 2020) is 1549 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 1305 (Obsoleted by RFC 5905) Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NTP Working Group N. Wu 3 Internet-Draft D. Dhody 4 Intended status: Standards Track Huawei 5 Expires: July 25, 2020 A. Sinha 6 A. Kumar S N 7 RtBrick Inc. 8 Y. Zhao 9 Ericsson 10 January 22, 2020 12 A YANG Data Model for NTP 13 draft-ietf-ntp-yang-data-model-08 15 Abstract 17 This document defines a YANG data model for Network Time Protocol 18 (NTP) implementations. The data model includes configuration data 19 and state data. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 25 "OPTIONAL" in this document are to be interpreted as described in BCP 26 14 [RFC2119] [RFC8174] when, and only when, they appear in all 27 capitals, as shown here. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on July 25, 2020. 46 Copyright Notice 48 Copyright (c) 2020 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 65 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 66 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 67 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 68 1.5. Refrences in the Model . . . . . . . . . . . . . . . . . 4 69 2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 4 70 3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 8 71 4. Relationship with RFC 7317 . . . . . . . . . . . . . . . . . 9 72 5. Access Rules . . . . . . . . . . . . . . . . . . . . . . . . 10 73 6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 10 74 7. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 10 75 8. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 35 76 8.1. Unicast association . . . . . . . . . . . . . . . . . . . 35 77 8.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 37 78 8.3. Authentication configuration . . . . . . . . . . . . . . 38 79 8.4. Access configuration . . . . . . . . . . . . . . . . . . 40 80 8.5. Multicast configuration . . . . . . . . . . . . . . . . . 40 81 8.6. Manycast configuration . . . . . . . . . . . . . . . . . 44 82 8.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 47 83 8.8. Get all association . . . . . . . . . . . . . . . . . . . 47 84 8.9. Global statistic . . . . . . . . . . . . . . . . . . . . 49 85 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 49 86 10. Security Considerations . . . . . . . . . . . . . . . . . . . 50 87 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 51 88 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 51 89 12.1. Normative References . . . . . . . . . . . . . . . . . . 51 90 12.2. Informative References . . . . . . . . . . . . . . . . . 53 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 53 93 1. Introduction 95 This document defines a YANG [RFC7950] data model for Network Time 96 Protocol [RFC5905] implementations. 98 The data model convers configuration of system parameters of NTP, 99 such as access rules, authentication and VPN Routing and Forwarding 100 (VRF) binding, and also associations of NTP in different modes and 101 parameters of per-interface. It also provides information about 102 running state of NTP implementations. 104 1.1. Operational State 106 NTP Operational State is included in the same tree as NTP 107 configuration, consistent with Network Management Datastore 108 Architecture [RFC8342]. NTP current state and statistics are also 109 maintained in the operational state. Additionally, the operational 110 state also include the associations state. 112 1.2. Terminology 114 The terminology used in this document is aligned to [RFC5905]. 116 1.3. Tree Diagrams 118 A simplified graphical representation of the data model is used in 119 this document. This document uses the graphical representation of 120 data models defined in [RFC8340]. 122 1.4. Prefixes in Data Node Names 124 In this document, names of data nodes and other data model objects 125 are often used without a prefix, as long as it is clear from the 126 context in which YANG module each name is defined. Otherwise, names 127 are prefixed using the standard prefix associated with the 128 corresponding YANG module, as shown in Table 1. 130 +-----------+--------------------------+-----------+ 131 | Prefix | YANG module | Reference | 132 +-----------+--------------------------+-----------+ 133 | yang | ietf-yang-types | [RFC6991] | 134 | inet | ietf-inet-types | [RFC6991] | 135 | if | ietf-interfaces | [RFC8343] | 136 | ianach | iana-crypt-hash | [RFC7317] | 137 | key-chain | ietf-key-chain | [RFC8177] | 138 | acl | ietf-access-control-list | [RFC8519] | 139 | rt-types | ietf-routing-types | [RFC8294] | 140 | nacm | ietf-netconf-acm | [RFC8341] | 141 +-----------+--------------------------+-----------+ 143 Table 1: Prefixes and corresponding YANG modules 145 1.5. Refrences in the Model 147 Following documents are refrenced in the model defined in this 148 document - 150 +-------------------------------------------------------+-----------+ 151 | Title | Reference | 152 +-------------------------------------------------------+-----------+ 153 | Network Time Protocol Version 4: Protocol and | [RFC5905] | 154 | Algorithms Specification | | 155 | Common YANG Data Types | [RFC6991] | 156 | A YANG Data Model for System Management | [RFC7317] | 157 | YANG Data Model for Key Chains | [RFC8177] | 158 | Common YANG Data Types for the Routing Area | [RFC8294] | 159 | Network Configuration Access Control Model | [RFC8341] | 160 | A YANG Data Model for Interface Management | [RFC8343] | 161 | YANG Data Model for Network Access Control Lists | [RFC8519] | 162 | (ACLs) | | 163 +-------------------------------------------------------+-----------+ 165 Table 2: Refrences in the YANG modules 167 2. NTP data model 169 This document defines the YANG module "ietf-ntp", which has the 170 following condensed structure: 172 module: ietf-ntp 173 +--rw ntp! 174 +--rw port? inet:port-number {ntp-port}? 175 +--rw refclock-master! 176 | +--rw master-stratum? ntp-stratum 177 +--rw authentication 178 | +--rw auth-enabled? boolean 179 | +--rw authentication-keys* [key-id] 180 | +--rw key-id uint32 181 | +--... 182 +--rw access-rules 183 | +--rw access-rule* [access-mode] 184 | +--rw access-mode access-mode 185 | +--rw acl? -> /acl:acls/acl/name 186 +--ro clock-state 187 | +--ro system-status 188 | +--ro clock-state ntp-clock-status 189 | +--ro clock-stratum ntp-stratum 190 | +--ro clock-refid union 191 | +--... 192 +--rw unicast-configuration* [address type] 193 | +--rw address inet:host 194 | +--rw type unicast-configuration-type 195 | +--... 196 +--ro associations* [address local-mode isconfigured] 197 | +--... 198 | +--ro ntp-statistics 199 | +--... 200 +--rw interfaces 201 | +--rw interface* [name] 202 | +--rw name if:interface-ref 203 | +--rw broadcast-server! 204 | | +--... 205 | +--rw broadcast-client! 206 | +--rw multicast-server* [address] 207 | | +--rw address 208 | | | rt-types:ip-multicast-group-address 209 | | +--... 210 | +--rw multicast-client* [address] 211 | | +--rw address rt-types:ip-multicast-group-address 212 | +--rw manycast-server* [address] 213 | | +--rw address rt-types:ip-multicast-group-address 214 | +--rw manycast-client* [address] 215 | +--rw address 216 | | rt-types:ip-multicast-group-address 217 | +--... 218 +--ro ntp-statistics 219 +--... 221 The full data model tree for the YANG module "ietf-ntp" is 222 represented as - 224 module: ietf-ntp 225 +--rw ntp! 226 +--rw port? inet:port-number {ntp-port}? 227 +--rw refclock-master! 228 | +--rw master-stratum? ntp-stratum 229 +--rw authentication 230 | +--rw auth-enabled? boolean 231 | +--rw authentication-keys* [key-id] 232 | +--rw key-id uint32 233 | +--rw algorithm? identityref 234 | +--rw key? ianach:crypt-hash 235 | +--rw istrusted? boolean 236 +--rw access-rules 237 | +--rw access-rule* [access-mode] 238 | +--rw access-mode access-mode 239 | +--rw acl? -> /acl:acls/acl/name 240 +--ro clock-state 241 | +--ro system-status 242 | +--ro clock-state ntp-clock-status 243 | +--ro clock-stratum ntp-stratum 244 | +--ro clock-refid union 245 | +--ro associations-address? 246 | | -> /ntp/associations/address 247 | +--ro associations-local-mode? 248 | | -> /ntp/associations/local-mode 249 | +--ro associations-isconfigured? 250 | | -> /ntp/associations/isconfigured 251 | +--ro nominal-freq decimal64 252 | +--ro actual-freq decimal64 253 | +--ro clock-precision uint8 254 | +--ro clock-offset? decimal64 255 | +--ro root-delay? decimal64 256 | +--ro root-dispersion? decimal64 257 | +--ro reference-time? yang:date-and-time 258 | +--ro sync-state ntp-sync-state 259 +--rw unicast-configuration* [address type] 260 | +--rw address inet:host 261 | +--rw type unicast-configuration-type 262 | +--rw authentication 263 | | +--rw (authentication-type)? 264 | | +--:(symmetric-key) 265 | | +--rw key-id? leafref 266 | +--rw prefer? boolean 267 | +--rw burst? boolean 268 | +--rw iburst? boolean 269 | +--rw source? if:interface-ref 270 | +--rw minpoll? ntp-minpoll 271 | +--rw maxpoll? ntp-maxpoll 272 | +--rw port? inet:port-number {ntp-port}? 273 | +--rw version? ntp-version 274 +--ro associations* [address local-mode isconfigured] 275 | +--ro address inet:host 276 | +--ro local-mode association-mode 277 | +--ro isconfigured boolean 278 | +--ro stratum? ntp-stratum 279 | +--ro refid? union 280 | +--ro authentication? 281 | | -> /ntp/authentication/authentication-keys/key-id 282 | +--ro prefer? boolean 283 | +--ro peer-interface? if:interface-ref 284 | +--ro minpoll? ntp-minpoll 285 | +--ro maxpoll? ntp-maxpoll 286 | +--ro port? inet:port-number {ntp-port}? 287 | +--ro version? ntp-version 288 | +--ro reach? uint8 289 | +--ro unreach? uint8 290 | +--ro poll? uint8 291 | +--ro now? uint32 292 | +--ro offset? decimal64 293 | +--ro delay? decimal64 294 | +--ro dispersion? decimal64 295 | +--ro originate-time? yang:date-and-time 296 | +--ro receive-time? yang:date-and-time 297 | +--ro transmit-time? yang:date-and-time 298 | +--ro input-time? yang:date-and-time 299 | +--ro ntp-statistics 300 | +--ro packet-sent? yang:counter32 301 | +--ro packet-sent-fail? yang:counter32 302 | +--ro packet-received? yang:counter32 303 | +--ro packet-dropped? yang:counter32 304 +--rw interfaces 305 | +--rw interface* [name] 306 | +--rw name if:interface-ref 307 | +--rw broadcast-server! 308 | | +--rw ttl? uint8 309 | | +--rw authentication 310 | | | +--rw (authentication-type)? 311 | | | +--:(symmetric-key) 312 | | | +--rw key-id? leafref 313 | | +--rw minpoll? ntp-minpoll 314 | | +--rw maxpoll? ntp-maxpoll 315 | | +--rw port? inet:port-number {ntp-port}? 316 | | +--rw version? ntp-version 317 | +--rw broadcast-client! 318 | +--rw multicast-server* [address] 319 | | +--rw address 320 | | | rt-types:ip-multicast-group-address 321 | | +--rw ttl? uint8 322 | | +--rw authentication 323 | | | +--rw (authentication-type)? 324 | | | +--:(symmetric-key) 325 | | | +--rw key-id? leafref 326 | | +--rw minpoll? ntp-minpoll 327 | | +--rw maxpoll? ntp-maxpoll 328 | | +--rw port? inet:port-number {ntp-port}? 329 | | +--rw version? ntp-version 330 | +--rw multicast-client* [address] 331 | | +--rw address rt-types:ip-multicast-group-address 332 | +--rw manycast-server* [address] 333 | | +--rw address rt-types:ip-multicast-group-address 334 | +--rw manycast-client* [address] 335 | +--rw address 336 | | rt-types:ip-multicast-group-address 337 | +--rw authentication 338 | | +--rw (authentication-type)? 339 | | +--:(symmetric-key) 340 | | +--rw key-id? leafref 341 | +--rw ttl? uint8 342 | +--rw minclock? uint8 343 | +--rw maxclock? uint8 344 | +--rw beacon? uint8 345 | +--rw minpoll? ntp-minpoll 346 | +--rw maxpoll? ntp-maxpoll 347 | +--rw port? inet:port-number {ntp-port}? 348 | +--rw version? ntp-version 349 +--ro ntp-statistics 350 +--ro packet-sent? yang:counter32 351 +--ro packet-sent-fail? yang:counter32 352 +--ro packet-received? yang:counter32 353 +--ro packet-dropped? yang:counter32 355 This data model defines one top-level container which includes both 356 the NTP configuration and the NTP running state including access 357 rules, authentication, associations, unicast configurations, 358 interfaces, system status and associations. 360 3. Relationship with NTPv4-MIB 362 If the device implements the NTPv4-MIB [RFC5907], data nodes from 363 YANG module can be mapped to table entries in NTPv4-MIB. 365 The following tables list the YANG data nodes with corresponding 366 objects in the NTPv4-MIB. 368 YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects 370 +---------------------------------+---------------------------------+ 371 | YANG data nodes in /ntp/clock- | NTPv4-MIB objects | 372 | state/system-status | | 373 +---------------------------------+---------------------------------+ 374 | clock-state | ntpEntStatusCurrentMode | 375 | clock-stratum | ntpEntStatusStratum | 376 | clock-refid | ntpEntStatusActiveRefSourceId | 377 | | ntpEntStatusActiveRefSourceName | 378 | clock-precision | ntpEntTimePrecision | 379 | clock-offset | ntpEntStatusActiveOffset | 380 | root-dispersion | ntpEntStatusDispersion | 381 +---------------------------------+---------------------------------+ 383 +---------------------------------------+---------------------------+ 384 | YANG data nodes in /ntp/associations/ | NTPv4-MIB objects | 385 +---------------------------------------+---------------------------+ 386 | address | ntpAssocAddressType | 387 | | ntpAssocAddress | 388 | stratum | ntpAssocStratum | 389 | refid | ntpAssocRefId | 390 | offset | ntpAssocOffset | 391 | delay | ntpAssocStatusDelay | 392 | dispersion | ntpAssocStatusDispersion | 393 | ntp-statistics/packet-sent | ntpAssocStatOutPkts | 394 | ntp-statistics/packet-received | ntpAssocStatInPkts | 395 | ntp-statistics/packet-dropped | ntpAssocStatProtocolError | 396 +---------------------------------------+---------------------------+ 398 YANG NTP State Data Nodes and Related NTPv4-MIB Objects 400 4. Relationship with RFC 7317 402 This section describes the relationship with NTP definition in 403 Section 3.2 System Time Management of [RFC7317] . YANG data nodes in 404 /ntp/ also supports per-interface configurations which is not 405 supported in /system/ntp. If the yang model defined in this document 406 is implemented, then /system/ntp SHOULD NOT be used and MUST be 407 ignored. 409 +-------------------------------+--------------------------------+ 410 | YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | 411 +-------------------------------+--------------------------------+ 412 | ntp! | enabled | 413 | unicast-configuration | server | 414 | | server/name | 415 | unicast-configuration/address | server/transport/udp/address | 416 | unicast-configuration/port | server/transport/udp/port | 417 | unicast-configuration/type | server/association-type | 418 | unicast-configuration/iburst | server/iburst | 419 | unicast-configuration/prefer | server/prefer | 420 +-------------------------------+--------------------------------+ 422 YANG NTP Configuration Data Nodes and counterparts in RFC 7317 423 Objects 425 5. Access Rules 427 As per [RFC1305] and [RFC5905], NTP could include an access-control 428 feature that prevents unauthorized access and controls which peers 429 are allowed to update the local clock. Further it is useful to 430 differentiate between the various kinds of access (such as peer or 431 server; refer access-mode) and attach different acl-rule to each. 432 For this, the YANG module allow such configuration via /ntp/access- 433 rules. The access-rule itself is configured via [RFC8519]. 435 6. Key Management 437 As per [RFC1305] and [RFC5905], when authentication is enabled, NTP 438 employs a crypto-checksum, computed by the sender and checked by the 439 receiver, together with a set of predistributed algorithms, and 440 cryptographic keys indexed by a key identifier included in the NTP 441 message. This key-id is 32-bits unsigned integer that MUST be 442 configured on the NTP peers before the authentication could be used. 443 For this reason, this YANG modules allow such configuration via 444 /ntp/authentication/authentication-keys/. Further at the time of 445 configuration of NTP association (for example unicast-server), the 446 key-id is specefied. 448 7. NTP YANG Module 450 file "ietf-ntp@2020-01-22.yang" 451 module ietf-ntp { 452 yang-version 1.1; 453 namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; 454 prefix ntp; 456 import ietf-yang-types { 457 prefix yang; 458 reference 459 "RFC 6991: Common YANG Data Types"; 460 } 461 import ietf-inet-types { 462 prefix inet; 463 reference 464 "RFC 6991: Common YANG Data Types"; 465 } 466 import ietf-interfaces { 467 prefix if; 468 reference 469 "RFC 8343: A YANG Data Model for Interface Management"; 470 } 471 import iana-crypt-hash { 472 prefix ianach; 473 reference 474 "RFC 7317: A YANG Data Model for System Management"; 475 } 476 import ietf-key-chain { 477 prefix key-chain; 478 reference 479 "RFC 8177: YANG Data Model for Key Chains"; 480 } 481 import ietf-access-control-list { 482 prefix acl; 483 reference 484 "RFC 8519: YANG Data Model for Network Access Control 485 Lists (ACLs)"; 486 } 487 import ietf-routing-types { 488 prefix rt-types; 489 reference 490 "RFC 8294: Common YANG Data Types for the Routing Area"; 491 } 492 import ietf-netconf-acm { 493 prefix nacm; 494 reference 495 "RFC 8341: Network Configuration Protocol (NETCONF) Access 496 Control Model"; 497 } 499 organization 500 "IETF NTP (Network Time Protocol) Working Group"; 501 contact 502 "WG Web: 503 WG List: 506 Editor: Anil Kumar S N 507 508 Editor: Yi Zhao 509 510 Editor: Dhruv Dhody 511 512 Editor: Ankit Kumar Sinha 513 "; 514 description 515 "This document defines a YANG data model for Network Time Protocol 516 (NTP) implementations. The data model includes configuration data 517 and state data. 519 Copyright (c) 2020 IETF Trust and the persons identified 520 as authors of the code. All rights reserved. 522 Redistribution and use in source and binary forms, 523 with or without modification, is permitted pursuant to, 524 and subject to the license terms contained in, the 525 Simplified BSD License set forth in Section 4.c of the 526 IETF Trust's Legal Provisions Relating to IETF Documents 527 (https://trustee.ietf.org/license-info). 529 This version of this YANG module is part of RFC XXXX; 530 see the RFC itself for full legal notices."; 532 revision 2020-01-22 { 533 description 534 "Initial revision."; 535 reference 536 "RFC XXXX: A YANG Data Model for NTP."; 537 } 539 /* Note: The RFC Editor will replace XXXX with the number assigned 540 to this document once it becomes an RFC.*/ 541 /* Typedef Definitions */ 543 typedef ntp-stratum { 544 type uint8 { 545 range "1..16"; 546 } 547 description 548 "The level of each server in the hierarchy is defined by 549 a stratum. Primary servers are assigned with stratum 550 one; secondary servers at each lower level are assigned with 551 one stratum greater than the preceding level"; 552 reference 553 "RFC 5905: Network Time Protocol Version 4: Protocol and 554 Algorithms Specification"; 555 } 557 typedef ntp-version { 558 type uint8; 559 default "3"; 560 description 561 "The current NTP version supported by corresponding 562 association."; 563 } 565 typedef ntp-minpoll { 566 type uint8 { 567 range "4..17"; 568 } 569 default "6"; 570 description 571 "The minimum poll exponent for this NTP association."; 572 reference 573 "RFC 5905: Network Time Protocol Version 4: Protocol and 574 Algorithms Specification"; 575 } 577 typedef ntp-maxpoll { 578 type uint8 { 579 range "4..17"; 580 } 581 default "10"; 582 description 583 "The maximum poll exponent for this NTP association."; 584 reference 585 "RFC 5905: Network Time Protocol Version 4: Protocol and 586 Algorithms Specification"; 587 } 589 typedef access-mode { 590 type enumeration { 591 enum peer { 592 value 0; 593 description 594 "Enables the full access authority. Both time 595 request and control query can be performed 596 on the local NTP service, and the local clock 597 can be synchronized with the remote server."; 598 } 599 enum server { 600 value 1; 601 description 602 "Enables the server access and query. 603 Both time requests and control query can be 604 performed on the local NTP service, but the 605 local clock cannot be synchronized with the 606 remote server."; 607 } 608 enum synchronization { 609 value 2; 610 description 611 "Enables the server to access. 612 Only time request can be performed on the 613 local NTP service."; 614 } 615 enum query { 616 value 3; 617 description 618 "Enables the maximum access limitation. 619 Control query can be performed only on the 620 local NTP service."; 621 } 622 } 623 description 624 "This defines NTP access modes."; 625 } 627 typedef unicast-configuration-type { 628 type enumeration { 629 enum server { 630 value 0; 631 description 632 "Use client association mode. This device 633 will not provide synchronization to the 634 configured NTP server."; 635 } 636 enum peer { 637 value 1; 638 description 639 "Use symmetric active association mode. 640 This device may provide synchronization 641 to the configured NTP server."; 642 } 643 } 644 description 645 "This defines NTP unicast mode of operation."; 646 } 648 typedef association-mode { 649 type enumeration { 650 enum client { 651 value 0; 652 description 653 "Use client association mode(mode 3). 654 This device will not provide synchronization 655 to the configured NTP server."; 656 } 657 enum active { 658 value 1; 659 description 660 "Use symmetric active association mode(mode 1). 661 This device may synchronize with its NTP peer, 662 or provide synchronization to configured NTP peer."; 663 } 664 enum passive { 665 value 2; 666 description 667 "Use symmetric passive association mode(mode 2). 668 This device has learned this association dynamically. 669 This device may synchronize with its NTP peer."; 670 } 671 enum broadcast { 672 value 3; 673 description 674 "Use broadcast mode(mode 5). 675 This mode defines that its either working 676 as broadcast-server or multicast-server."; 677 } 678 enum broadcast-client { 679 value 4; 680 description 681 "This mode defines that its either working 682 as broadcast-client or multicast-client."; 683 } 684 } 685 description 686 "The NTP association modes."; 687 } 689 typedef ntp-clock-status { 690 type enumeration { 691 enum synchronized { 692 value 0; 693 description 694 "Indicates that the local clock has been 695 synchronized with an NTP server or 696 the reference clock."; 698 } 699 enum unsynchronized { 700 value 1; 701 description 702 "Indicates that the local clock has not been 703 synchronized with any NTP server."; 704 } 705 } 706 description 707 "This defines NTP clock status."; 708 } 710 typedef ntp-sync-state { 711 type enumeration { 712 enum clock-not-set { 713 value 0; 714 description 715 "Indicates the clock is not updated."; 716 } 717 enum freq-set-by-cfg { 718 value 1; 719 description 720 "Indicates the clock frequency is set by 721 NTP configuration."; 722 } 723 enum clock-set { 724 value 2; 725 description 726 "Indicates the clock is set."; 727 } 728 enum freq-not-determined { 729 value 3; 730 description 731 "Indicates the clock is set but the frequency 732 is not determined."; 733 } 734 enum clock-synchronized { 735 value 4; 736 description 737 "Indicates that the clock is synchronized"; 738 } 739 enum spike { 740 value 5; 741 description 742 "Indicates a time difference of more than 128 743 milliseconds is detected between NTP server 744 and client clock. The clock change will take 745 effect in XXX seconds."; 747 } 748 } 749 description 750 "This defines NTP clock sync states."; 751 } 753 /* features */ 755 feature ntp-port { 756 description 757 "Support for NTP port configuration"; 758 reference 759 "RFC 5905: Network Time Protocol Version 4: Protocol and 760 Algorithms Specification"; 761 } 763 feature authentication { 764 description 765 "Support for NTP symmetric key authentication"; 766 reference 767 "RFC 5905: Network Time Protocol Version 4: Protocol and 768 Algorithms Specification"; 769 } 771 feature access-rules { 772 description 773 "Support for NTP access control"; 774 reference 775 "RFC 5905: Network Time Protocol Version 4: Protocol and 776 Algorithms Specification"; 777 } 779 feature unicast-configuration { 780 description 781 "Support for NTP client/server or active/passive 782 in unicast"; 783 reference 784 "RFC 5905: Network Time Protocol Version 4: Protocol and 785 Algorithms Specification"; 786 } 788 feature broadcast-server { 789 description 790 "Support for broadcast server"; 791 reference 792 "RFC 5905: Network Time Protocol Version 4: Protocol and 793 Algorithms Specification"; 794 } 795 feature broadcast-client { 796 description 797 "Support for broadcast client"; 798 reference 799 "RFC 5905: Network Time Protocol Version 4: Protocol and 800 Algorithms Specification"; 801 } 803 feature multicast-server { 804 description 805 "Support for multicast server"; 806 reference 807 "RFC 5905: Network Time Protocol Version 4: Protocol and 808 Algorithms Specification"; 809 } 811 feature multicast-client { 812 description 813 "Support for multicast client"; 814 reference 815 "RFC 5905: Network Time Protocol Version 4: Protocol and 816 Algorithms Specification"; 817 } 819 feature manycast-server { 820 description 821 "Support for manycast server"; 822 reference 823 "RFC 5905: Network Time Protocol Version 4: Protocol and 824 Algorithms Specification"; 825 } 827 feature manycast-client { 828 description 829 "Support for manycast client"; 830 reference 831 "RFC 5905: Network Time Protocol Version 4: Protocol and 832 Algorithms Specification"; 833 } 835 /* Groupings */ 837 grouping authentication-key { 838 description 839 "To define an authentication key for a Network Time 840 Protocol (NTP) time source."; 841 leaf key-id { 842 type uint32 { 843 range "1..max"; 844 } 845 description 846 "Authentication key identifier."; 847 } 848 leaf algorithm { 849 type identityref { 850 base key-chain:crypto-algorithm; 851 } 852 description 853 "Authentication algorithm."; 854 } 855 leaf key { 856 nacm:default-deny-all; 857 type ianach:crypt-hash; 858 description 859 "The key"; 860 } 861 leaf istrusted { 862 type boolean; 863 description 864 "Key-id is trusted or not"; 865 } 866 reference 867 "RFC 5905: Network Time Protocol Version 4: Protocol and 868 Algorithms Specification"; 869 } 871 grouping authentication { 872 description 873 "Authentication."; 874 choice authentication-type { 875 description 876 "Type of authentication."; 877 case symmetric-key { 878 leaf key-id { 879 type leafref { 880 path "/ntp:ntp/ntp:authentication/" 881 + "ntp:authentication-keys/ntp:key-id"; 882 } 883 description 884 "Authentication key id referenced in this 885 association."; 886 } 887 } 888 } 889 } 890 grouping statistics { 891 description 892 "NTP packet statistic."; 893 leaf packet-sent { 894 type yang:counter32; 895 description 896 "The total number of NTP packets delivered to the 897 transport service by this NTP entity for this 898 association. 899 Discountinuities in the value of this counter can occur 900 upon cold start or reinitialization of the NTP entity, the 901 management system and at other times as indicated by 902 discontinuities in the value of sysUpTime."; 903 } 904 leaf packet-sent-fail { 905 type yang:counter32; 906 description 907 "The number of times NTP packets sending failed."; 908 } 909 leaf packet-received { 910 type yang:counter32; 911 description 912 "The total number of NTP packets delivered to the 913 NTP entity from this association. 914 Discountinuities in the value of this counter can occur 915 upon cold start or reinitialization of the NTP entity, the 916 management system and at other times as indicated by 917 discontinuities in the value of sysUpTime."; 918 } 919 leaf packet-dropped { 920 type yang:counter32; 921 description 922 "The total number of NTP packets that were delivered 923 to this NTP entity from this association and this entity 924 was not able to process due to an NTP protocol error. 925 Discountinuities in the value of this counter can occur 926 upon cold start or reinitialization of the NTP entity, the 927 management system and at other times as indicated by 928 discontinuities in the value of sysUpTime."; 929 } 930 } 932 grouping common-attributes { 933 description 934 "NTP common attributes for configuration."; 935 leaf minpoll { 936 type ntp-minpoll; 937 description 938 "The minimum poll interval used in this association."; 939 } 940 leaf maxpoll { 941 type ntp-maxpoll; 942 description 943 "The maximum poll interval used in this association."; 944 } 945 leaf port { 946 if-feature "ntp-port"; 947 type inet:port-number { 948 range "123 | 1025..max"; 949 } 950 default "123"; 951 description 952 "Specify the port used to send NTP packets."; 953 } 954 leaf version { 955 type ntp-version; 956 description 957 "NTP version."; 958 } 959 reference 960 "RFC 5905: Network Time Protocol Version 4: Protocol and 961 Algorithms Specification"; 962 } 964 grouping association-ref { 965 description 966 "Reference to NTP association mode"; 967 leaf associations-address { 968 type leafref { 969 path "/ntp:ntp/ntp:associations/ntp:address"; 970 } 971 description 972 "Indicates the association's address 973 which result in clock synchronization."; 974 } 975 leaf associations-local-mode { 976 type leafref { 977 path "/ntp:ntp/ntp:associations/ntp:local-mode"; 978 } 979 description 980 "Indicates the association's local-mode 981 which result in clock synchronization."; 982 } 983 leaf associations-isconfigured { 984 type leafref { 985 path "/ntp:ntp/ntp:associations/" 986 + "ntp:isconfigured"; 987 } 988 description 989 "The association was configured or dynamic 990 which result in clock synchronization."; 991 } 992 } 994 /* Configuration data nodes */ 996 container ntp { 997 presence "NTP is enabled and system should attempt to 998 synchronize the system clock with an NTP server 999 from the 'ntp/associations' list."; 1000 description 1001 "Configuration parameters for NTP."; 1002 leaf port { 1003 if-feature "ntp-port"; 1004 type inet:port-number { 1005 range "123 | 1025..max"; 1006 } 1007 default "123"; 1008 description 1009 "Specify the port used to send and receive NTP packets."; 1010 } 1011 container refclock-master { 1012 presence "NTP master clock is enabled."; 1013 description 1014 "Configures the local clock of this device as NTP server."; 1015 leaf master-stratum { 1016 type ntp-stratum; 1017 default "16"; 1018 description 1019 "Stratum level from which NTP 1020 clients get their time synchronized."; 1021 } 1022 } 1023 container authentication { 1024 description 1025 "Configuration of authentication."; 1026 leaf auth-enabled { 1027 type boolean; 1028 default "false"; 1029 description 1030 "Controls whether NTP authentication is enabled 1031 or disabled on this device."; 1032 } 1033 list authentication-keys { 1034 key "key-id"; 1035 uses authentication-key; 1036 description 1037 "List of authentication keys."; 1038 } 1039 } 1040 container access-rules { 1041 description 1042 "Configuration to control access to NTP service 1043 by using NTP access-group feature. 1044 The access-mode identifies how the acl is 1045 applied with NTP."; 1046 list access-rule { 1047 key "access-mode"; 1048 description 1049 "List of access rules."; 1050 leaf access-mode { 1051 type access-mode; 1052 description 1053 "NTP access mode. The defination of each possible values: 1054 peer(0): Both time request and control query can be 1055 performed. 1056 server(1): Enables the server access and query. 1057 synchronization(2): Enables the server access only. 1058 query(3): Enables control query only."; 1059 } 1060 leaf acl { 1061 type leafref { 1062 path "/acl:acls/acl:acl/acl:name"; 1063 } 1064 description 1065 "Control access configuration to be used."; 1066 } 1067 reference 1068 "RFC 5905: Network Time Protocol Version 4: Protocol and 1069 Algorithms Specification"; 1070 } 1071 } 1072 container clock-state { 1073 config false; 1074 description 1075 "Clock operational state of the NTP."; 1076 container system-status { 1077 description 1078 "System status of NTP."; 1079 leaf clock-state { 1080 type ntp-clock-status; 1081 mandatory true; 1082 description 1083 "The state of system clock. The definition of each 1084 possible value is: 1085 synchronized(0): Indicates local clock is synchronized. 1086 unsynchronized(1): Indicates local clock is not 1087 synchronized."; 1088 } 1089 leaf clock-stratum { 1090 type ntp-stratum; 1091 mandatory true; 1092 description 1093 "The NTP entity's own stratum value. Should be a stratum 1094 of syspeer + 1 (or 16 if no syspeer)."; 1095 reference 1096 "RFC 5905: Network Time Protocol Version 4: Protocol and 1097 Algorithms Specification"; 1098 } 1099 leaf clock-refid { 1100 type union { 1101 type inet:ipv4-address; 1102 type binary { 1103 length "4"; 1104 } 1105 type string { 1106 length "4"; 1107 } 1108 } 1109 mandatory true; 1110 description 1111 "IPv4 address or first 32 bits of the MD5 hash of 1112 the IPv6 address or reference clock of the peer to 1113 which clock is synchronized."; 1114 reference 1115 "RFC 5905: Network Time Protocol Version 4: Protocol and 1116 Algorithms Specification"; 1117 } 1118 uses association-ref { 1119 description 1120 "Reference to Association."; 1121 } 1122 leaf nominal-freq { 1123 type decimal64 { 1124 fraction-digits 4; 1125 } 1126 units "Hz"; 1127 mandatory true; 1128 description 1129 "The nominal frequency of the 1130 local clock."; 1131 reference 1132 "RFC 5905: Network Time Protocol Version 4: Protocol and 1133 Algorithms Specification"; 1134 } 1135 leaf actual-freq { 1136 type decimal64 { 1137 fraction-digits 4; 1138 } 1139 units "Hz"; 1140 mandatory true; 1141 description 1142 "The actual frequency of the 1143 local clock."; 1144 reference 1145 "RFC 5905: Network Time Protocol Version 4: Protocol and 1146 Algorithms Specification"; 1147 } 1148 leaf clock-precision { 1149 type uint8; 1150 units "Hz"; 1151 mandatory true; 1152 description 1153 "Clock precision of this system in integer format 1154 (prec=2^(-n)). A value of 5 would mean 2^-5 = 31.25 ms."; 1155 reference 1156 "RFC 5905: Network Time Protocol Version 4: Protocol and 1157 Algorithms Specification"; 1158 } 1159 leaf clock-offset { 1160 type decimal64 { 1161 fraction-digits 3; 1162 } 1163 units "milliseconds"; 1164 description 1165 "The time offset to the current selected reference time 1166 source e.g., '0.032' or '1.232'."; 1167 reference 1168 "RFC 5905: Network Time Protocol Version 4: Protocol and 1169 Algorithms Specification"; 1170 } 1171 leaf root-delay { 1172 type decimal64 { 1173 fraction-digits 3; 1174 } 1175 units "milliseconds"; 1176 description 1177 "Total delay along the path to root clock."; 1179 reference 1180 "RFC 5905: Network Time Protocol Version 4: Protocol and 1181 Algorithms Specification"; 1182 } 1183 leaf root-dispersion { 1184 type decimal64 { 1185 fraction-digits 3; 1186 } 1187 units "milliseconds"; 1188 description 1189 "The dispersion between the local clock 1190 and the root clock, e.g., '6.927'."; 1191 reference 1192 "RFC 5905: Network Time Protocol Version 4: Protocol and 1193 Algorithms Specification"; 1194 } 1195 leaf reference-time { 1196 type yang:date-and-time; 1197 description 1198 "The reference timestamp."; 1199 } 1200 leaf sync-state { 1201 type ntp-sync-state; 1202 mandatory true; 1203 description 1204 "The synchronization status of 1205 the local clock."; 1206 } 1207 } 1208 } 1209 list unicast-configuration { 1210 key "address type"; 1211 description 1212 "List of NTP unicast-configurations."; 1213 leaf address { 1214 type inet:host; 1215 description 1216 "Address of this association."; 1217 } 1218 leaf type { 1219 type unicast-configuration-type; 1220 description 1221 "Use client association mode. This device 1222 will not provide synchronization to the 1223 configured NTP server."; 1224 } 1225 container authentication { 1226 description 1227 "Authentication used for this association."; 1228 uses authentication; 1229 } 1230 leaf prefer { 1231 type boolean; 1232 default "false"; 1233 description 1234 "Whether this association is preferred or not."; 1235 } 1236 leaf burst { 1237 type boolean; 1238 default "false"; 1239 description 1240 "If set, a series of packets are sent instead of a single 1241 packet within each synchronization interval to achieve 1242 faster synchronization."; 1243 reference 1244 "RFC 5905: Network Time Protocol Version 4: Protocol and 1245 Algorithms Specification"; 1246 } 1247 leaf iburst { 1248 type boolean; 1249 default "false"; 1250 description 1251 "If set, a series of packets are sent instead of a single 1252 packet within the initial synchronization interval to 1253 achieve faster initial synchronization."; 1254 reference 1255 "RFC 5905: Network Time Protocol Version 4: Protocol and 1256 Algorithms Specification"; 1257 } 1258 leaf source { 1259 type if:interface-ref; 1260 description 1261 "The interface whose IP address is used by this association 1262 as the source address."; 1263 } 1264 uses common-attributes { 1265 description 1266 "Common attributes like port, version, min and max 1267 poll."; 1268 } 1269 } 1270 list associations { 1271 key "address local-mode isconfigured"; 1272 config false; 1273 description 1274 "List of NTP associations. Here address, local-mode 1275 and isconfigured is required to uniquely identify 1276 a particular association. Lets take following examples - 1278 1) If RT1 acting as broadcast server, 1279 and RT2 acting as broadcast client, then RT2 1280 will form dynamic association with address as RT1, 1281 local-mode as client and isconfigured as false. 1283 2) When RT2 is configured 1284 with unicast-server RT1, then RT2 will form 1285 association with address as RT1, local-mode as client 1286 and isconfigured as true. 1288 Thus all 3 leaves are needed as key to unique identify 1289 the association."; 1290 leaf address { 1291 type inet:host; 1292 description 1293 "The address of this association. Represents the IP 1294 address of a unicast/multicast/broadcast address."; 1295 } 1296 leaf local-mode { 1297 type association-mode; 1298 description 1299 "Local mode of this NTP association."; 1300 } 1301 leaf isconfigured { 1302 type boolean; 1303 description 1304 "Indicates if this association is configured or 1305 dynamically learned."; 1306 } 1307 leaf stratum { 1308 type ntp-stratum; 1309 description 1310 "The association stratum value."; 1311 reference 1312 "RFC 5905: Network Time Protocol Version 4: Protocol and 1313 Algorithms Specification"; 1314 } 1315 leaf refid { 1316 type union { 1317 type inet:ipv4-address; 1318 type binary { 1319 length "4"; 1320 } 1321 type string { 1322 length "4"; 1324 } 1325 } 1326 description 1327 "The refclock driver ID, if available. 1328 -- a refclock driver ID like '127.127.1.0' for local clock 1329 sync 1330 -- uni/multi/broadcast associations will look like 1331 '20.1.1.1' 1332 -- sync with primary source will look like 'DCN', 'NIST', 1333 'ATOM'"; 1334 reference 1335 "RFC 5905: Network Time Protocol Version 4: Protocol and 1336 Algorithms Specification"; 1337 } 1338 leaf authentication { 1339 type leafref { 1340 path "/ntp:ntp/ntp:authentication/" 1341 + "ntp:authentication-keys/ntp:key-id"; 1342 } 1343 description 1344 "Authentication Key used for this association."; 1345 } 1346 leaf prefer { 1347 type boolean; 1348 default "false"; 1349 description 1350 "Indicates if this association is preferred."; 1351 } 1352 leaf peer-interface { 1353 type if:interface-ref; 1354 description 1355 "The interface which is used for communication."; 1356 } 1357 uses common-attributes { 1358 description 1359 "Common attributes like port, version, min and 1360 max poll."; 1361 } 1362 leaf reach { 1363 type uint8; 1364 description 1365 "The reachability of the configured 1366 server or peer."; 1367 reference 1368 "RFC 5905: Network Time Protocol Version 4: Protocol and 1369 Algorithms Specification"; 1370 } 1371 leaf unreach { 1372 type uint8; 1373 description 1374 "The unreachability of the configured 1375 server or peer."; 1376 reference 1377 "RFC 5905: Network Time Protocol Version 4: Protocol and 1378 Algorithms Specification"; 1379 } 1380 leaf poll { 1381 type uint8; 1382 units "seconds"; 1383 description 1384 "The polling interval for current association"; 1385 reference 1386 "RFC 5905: Network Time Protocol Version 4: Protocol and 1387 Algorithms Specification"; 1388 } 1389 leaf now { 1390 type uint32; 1391 units "seconds"; 1392 description 1393 "The time since the NTP packet was 1394 not received or last synchronized."; 1395 reference 1396 "RFC 5905: Network Time Protocol Version 4: Protocol and 1397 Algorithms Specification"; 1398 } 1399 leaf offset { 1400 type decimal64 { 1401 fraction-digits 3; 1402 } 1403 units "milliseconds"; 1404 description 1405 "The offset between the local clock 1406 and the peer clock, e.g., '0.032' or '1.232'"; 1407 reference 1408 "RFC 5905: Network Time Protocol Version 4: Protocol and 1409 Algorithms Specification"; 1410 } 1411 leaf delay { 1412 type decimal64 { 1413 fraction-digits 3; 1414 } 1415 units "milliseconds"; 1416 description 1417 "The network delay between the local clock 1418 and the peer clock."; 1419 reference 1420 "RFC 5905: Network Time Protocol Version 4: Protocol and 1421 Algorithms Specification"; 1422 } 1423 leaf dispersion { 1424 type decimal64 { 1425 fraction-digits 3; 1426 } 1427 units "milliseconds"; 1428 description 1429 "The root dispersion between the local clock 1430 and the peer clock."; 1431 reference 1432 "RFC 5905: Network Time Protocol Version 4: Protocol and 1433 Algorithms Specification"; 1434 } 1435 leaf originate-time { 1436 type yang:date-and-time; 1437 description 1438 "This is the local time, in timestamp format, 1439 when latest NTP packet was sent to peer(T1)."; 1440 reference 1441 "RFC 5905: Network Time Protocol Version 4: Protocol and 1442 Algorithms Specification"; 1443 } 1444 leaf receive-time { 1445 type yang:date-and-time; 1446 description 1447 "This is the local time, in timestamp format, 1448 when latest NTP packet arrived at peer(T2). 1449 If the peer becomes unreachable the value is set to zero."; 1450 reference 1451 "RFC 5905: Network Time Protocol Version 4: Protocol and 1452 Algorithms Specification"; 1453 } 1454 leaf transmit-time { 1455 type yang:date-and-time; 1456 description 1457 "This is the local time, in timestamp format, 1458 at which the NTP packet departed the peer(T3). 1459 If the peer becomes unreachable the value is set to zero."; 1460 reference 1461 "RFC 5905: Network Time Protocol Version 4: Protocol and 1462 Algorithms Specification"; 1463 } 1464 leaf input-time { 1465 type yang:date-and-time; 1466 description 1467 "This is the local time, in timestamp format, 1468 when the latest NTP message from the peer arrived(T4). 1469 If the peer becomes unreachable the value is set to zero."; 1470 reference 1471 "RFC 5905: Network Time Protocol Version 4: Protocol and 1472 Algorithms Specification"; 1473 } 1474 container ntp-statistics { 1475 description 1476 "Per Peer packet send and receive statistics."; 1477 uses statistics { 1478 description 1479 "NTP send and receive packet statistics."; 1480 } 1481 } 1482 } 1483 container interfaces { 1484 description 1485 "Configuration parameters for NTP interfaces."; 1486 list interface { 1487 key "name"; 1488 description 1489 "List of interfaces."; 1490 leaf name { 1491 type if:interface-ref; 1492 description 1493 "The interface name."; 1494 } 1495 container broadcast-server { 1496 presence "NTP broadcast-server is configured"; 1497 description 1498 "Configuration of broadcast server."; 1499 leaf ttl { 1500 type uint8; 1501 description 1502 "Specifies the time to live (TTL) for a 1503 broadcast packet."; 1504 } 1505 container authentication { 1506 description 1507 "Authentication used for this association."; 1508 uses authentication; 1509 } 1510 uses common-attributes { 1511 description 1512 "Common attribute like port, version, min and 1513 max poll."; 1514 } 1515 reference 1516 "RFC 5905: Network Time Protocol Version 4: Protocol and 1517 Algorithms Specification"; 1518 } 1519 container broadcast-client { 1520 presence "NTP broadcast-client is configured."; 1521 description 1522 "Configuration of broadcast-client."; 1523 reference 1524 "RFC 5905: Network Time Protocol Version 4: Protocol and 1525 Algorithms Specification"; 1526 } 1527 list multicast-server { 1528 key "address"; 1529 description 1530 "Configuration of multicast server."; 1531 leaf address { 1532 type rt-types:ip-multicast-group-address; 1533 description 1534 "The IP address to send NTP multicast packets."; 1535 } 1536 leaf ttl { 1537 type uint8; 1538 description 1539 "Specifies the time to live (TTL) for a 1540 multicast packet."; 1541 } 1542 container authentication { 1543 description 1544 "Authentication used for this association."; 1545 uses authentication; 1546 } 1547 uses common-attributes { 1548 description 1549 "Common attributes like port, version, min and 1550 max poll."; 1551 } 1552 reference 1553 "RFC 5905: Network Time Protocol Version 4: Protocol and 1554 Algorithms Specification"; 1555 } 1556 list multicast-client { 1557 key "address"; 1558 description 1559 "Configuration of multicast-client."; 1560 leaf address { 1561 type rt-types:ip-multicast-group-address; 1562 description 1563 "The IP address of the multicast group to 1564 join."; 1565 } 1566 } 1567 list manycast-server { 1568 key "address"; 1569 description 1570 "Configuration of manycast server."; 1571 leaf address { 1572 type rt-types:ip-multicast-group-address; 1573 description 1574 "The multicast group IP address to receive 1575 manycast client messages."; 1576 } 1577 reference 1578 "RFC 5905: Network Time Protocol Version 4: Protocol and 1579 Algorithms Specification"; 1580 } 1581 list manycast-client { 1582 key "address"; 1583 description 1584 "Configuration of manycast-client."; 1585 leaf address { 1586 type rt-types:ip-multicast-group-address; 1587 description 1588 "The group IP address that the manycast client 1589 broadcasts the request message to."; 1590 } 1591 container authentication { 1592 description 1593 "Authentication used for this association."; 1594 uses authentication; 1595 } 1596 leaf ttl { 1597 type uint8; 1598 description 1599 "Specifies the maximum time to live (TTL) for 1600 the expanding ring search."; 1601 } 1602 leaf minclock { 1603 type uint8; 1604 description 1605 "The minimum manycast survivors in this 1606 association."; 1607 } 1608 leaf maxclock { 1609 type uint8; 1610 description 1611 "The maximum manycast candidates in this 1612 association."; 1613 } 1614 leaf beacon { 1615 type uint8; 1616 description 1617 "The maximum interval between beacons in this 1618 association."; 1619 } 1620 uses common-attributes { 1621 description 1622 "Common attributes like port, version, min and 1623 max poll."; 1624 } 1625 reference 1626 "RFC 5905: Network Time Protocol Version 4: Protocol and 1627 Algorithms Specification"; 1628 } 1629 } 1630 } 1631 container ntp-statistics { 1632 config false; 1633 description 1634 "Total NTP packet statistics."; 1635 uses statistics { 1636 description 1637 "NTP send and receive packet statistics."; 1638 } 1639 } 1640 } 1641 } 1642 1644 8. Usage Example 1646 This section include examples for illustration purporses. 1648 8.1. Unicast association 1650 This example describes how to configure a preferred unicast server 1651 present at 192.0.2.1 running at port 1025 with authentication-key 10 1652 and version 4 1653 1654 1655 1656 1657 1658 1659 1660
192.0.2.1
1661 server 1662 true 1663 4 1664 1025 1665 1666 1667 10 1668 1669 1670 1671 1672 1673 1675 An example with IPv6 would used the an IPv6 address (say 2001:DB8::1) 1676 in the "address" leaf with no change in any other data tree. 1678 This example is for retriving unicast configurations - 1680 1681 1682 1683 1684 1685 1686 1687 1689 1690 1691 1692
192.0.2.1
1693 server 1694 1695 1696 10 1697 1698 1699 true 1700 false 1701 true 1702 1703 6 1704 10 1705 1025 1706 4 1707 9 1708 20.1.1.1 1709 255 1710 0 1711 128 1712 10 1713 0.025 1714 0.5 1715 0.6 1716 10-10-2017 07:33:55.253 Z+05:30\ 1717 1718 10-10-2017 07:33:55.258 Z+05:30\ 1719 1720 10-10-2017 07:33:55.300 Z+05:30\ 1721 1722 10-10-2017 07:33:55.305 Z+05:30\ 1723 1724 1725 20 1726 0 1727 20 1728 0 1729 1730 1731 1732 1734 8.2. Refclock master 1736 This example describes how to configure reference clock with stratum 1737 8 - 1738 1739 1740 1741 1742 1743 1744 1745 8 1746 1747 1748 1749 1751 This example describes how to get reference clock configuration - 1753 1754 1755 1756 1757 1758 1759 1760 1762 1763 1764 1765 8 1766 1767 1768 1770 8.3. Authentication configuration 1772 This example describes how to enable authentication and configure 1773 trusted authentication key 10 with mode as md5 and key as 'abcd' - 1774 1775 1776 1777 1778 1779 1780 1781 true 1782 1783 10 1784 md5 1785 abcd 1786 true 1787 1788 1789 1790 1791 1793 This example describes how to get authentication related 1794 configuration - 1796 1797 1798 1799 1800 1801 1802 1803 1805 1806 1807 1808 false 1809 1810 1811 10 1812 md5 1813 abcd 1814 true 1815 1816 1817 1818 1820 8.4. Access configuration 1822 This example describes how to configure access mode "peer" associated 1823 with acl 2000 - 1825 1826 1827 1828 1829 1830 1831 1832 1833 peer 1834 2000 1835 1836 1837 1838 1839 1841 This example describes how to get access related configuration - 1843 1844 1845 1846 1847 1848 1849 1850 1852 1853 1854 1855 1856 peer 1857 2000 1858 1859 1860 1861 1863 8.5. Multicast configuration 1865 This example describes how to configure multicast-server with address 1866 as "224.1.1.1", port as 1025 and authentication keyid as 10 - 1867 1868 1869 1870 1871 1872 1873 1874 1875 Ethernet3/0/0 1876 1877
224.1.1.1
1878 1879 1880 10 1881 1882 1883 1025 1884 1885 1886 1887 1888 1889 1891 This example describes how to get multicast-server related 1892 configuration - 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1906 1907 1908 1909 1910 Ethernet3/0/0 1911 1912
224.1.1.1
1913 224.1.1.1 1914 1915 1916 10 1917 1918 1919 6 1920 10 1921 1025 1922 3 1923 1924 1925 1926 1927 1929 This example describes how to configure multicast-client with address 1930 as "224.1.1.1" - 1931 1932 1933 1934 1935 1936 1937 1938 1939 Ethernet3/0/0 1940 1941
224.1.1.1
1942 1943 1944 1945 1946 1947 1949 This example describes how to get multicast-client related 1950 configuration - 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1965 1966 1967 1968 1969 Ethernet3/0/0 1970 1971
224.1.1.1
1972 1973 1974 1975 1976 1978 8.6. Manycast configuration 1980 This example describes how to configure manycast-client with address 1981 as "224.1.1.1", port as 1025 and authentication keyid as 10 - 1983 1984 1985 1986 1987 1988 1989 1990 1991 Ethernet3/0/0 1992 1993
224.1.1.1
1994 1995 1996 10 1997 1998 1999 1025 2000 2001 2002 2003 2004 2005 2007 This example describes how to get manycast-client related 2008 configuration - 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2022 2023 2024 2025 2026 Ethernet3/0/0 2027 2028
224.1.1.1
2029 2030 2031 10 2032 2033 2034 255 2035 3 2036 10 2037 6 2038 6 2039 10 2040 1025 2041 2042 2043 2044 2045 2047 This example describes how to configure manycast-server with address 2048 as "224.1.1.1" - 2049 2050 2051 2052 2053 2054 2055 2056 2057 Ethernet3/0/0 2058 2059
224.1.1.1
2060 2061 2062 2063 2064 2065 2067 This example describes how to get manycast-server related 2068 configuration - 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2083 2084 2085 2086 2087 Ethernet3/0/0 2088 2089
224.1.1.1
2090 2091 2092 2093 2094 2096 8.7. Clock state 2098 This example describes how to get clock current state - 2100 2101 2102 2103 2104 2105 2106 2107 2109 2110 2111 2112 2113 synchronized 2114 7 2115 192.0.2.1 2116 192.0.2.1\ 2117 2118 client\ 2119 2120 yes\ 2121 2122 100.0 2123 100.0 2124 18 2125 0.025 2126 0.5 2127 0.8 2128 10-10-2017 07:33:55.258 Z+05:30\ 2129 2130 clock-synchronized 2131 2132 2133 2134 2136 8.8. Get all association 2138 This example describes how to get all association present in the 2139 system - 2140 2141 2142 2143 2144 2145 2146 2147 2149 2150 2151 2152
192.0.2.1
2153 9 2154 20.1.1.1 2155 client 2156 true 2157 10 2158 true 2159 Ethernet3/0/0 2160 6 2161 10 2162 1025 2163 4 2164 255 2165 0 2166 128 2167 10 2168 0.025 2169 0.5 2170 0.6 2171 10-10-2017 07:33:55.253 Z+05:30\ 2172 2173 10-10-2017 07:33:55.258 Z+05:30\ 2174 2175 10-10-2017 07:33:55.300 Z+05:30\ 2176 2177 10-10-2017 07:33:55.305 Z+05:30\ 2178 2179 2180 20 2181 0 2182 20 2183 0 2184 2185 2186 2187 2189 8.9. Global statistic 2191 This example describes how to get clock current state - 2193 2194 2195 2196 2197 2198 2199 2200 2202 2203 2204 2205 30 2206 5 2207 20 2208 2 2209 2210 2211 2213 9. IANA Considerations 2215 This document registers a URI in the "IETF XML Registry" [RFC3688]. 2216 Following the format in RFC 3688, the following registration has been 2217 made. 2219 URI: urn:ietf:params:xml:ns:yang:ietf-ntp 2221 Registrant Contact: The IESG. 2223 XML: N/A; the requested URI is an XML namespace. 2225 This document registers a YANG module in the "YANG Module Names" 2226 registry [RFC6020]. 2228 Name: ietf-ntp 2230 Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp 2232 Prefix: ntp 2234 Reference: RFC XXXX 2235 Note: The RFC Editor will replace XXXX with the number assigned to 2236 this document once it becomes an RFC. 2238 10. Security Considerations 2240 The YANG module specified in this document defines a schema for data 2241 that is designed to be accessed via network management protocols such 2242 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2243 is the secure transport layer, and the mandatory-to-implement secure 2244 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2245 is HTTPS, and the mandatory-to-implement secure transport is TLS 2246 [RFC8446]. 2248 The NETCONF access control model [RFC8341] provides the means to 2249 restrict access for particular NETCONF or RESTCONF users to a 2250 preconfigured subset of all available NETCONF or RESTCONF protocol 2251 operations and content. 2253 There are a number of data nodes defined in this YANG module that are 2254 writable/creatable/deletable (i.e., config true, which is the 2255 default). These data nodes may be considered sensitive or vulnerable 2256 in some network environments. Write operations (e.g., edit-config) 2257 to these data nodes without proper protection can have a negative 2258 effect on network operations. These are the subtrees and data nodes 2259 and their sensitivity/vulnerability: 2261 /ntp/port - This data node specify the port number to be used to 2262 send NTP packets. Unexpected changes could lead to disruption 2263 and/or network misbehavior. 2265 /ntp/authentication and /ntp/access-rules - The entries in the 2266 list include the authentication and access control configurations. 2267 Care should be taken while setting these parameters. 2269 /ntp/unicast-configuration - The entries in the list include all 2270 unicast configurations (server or peer mode), and indirectly 2271 creates or modify the NTP associations. Unexpected changes could 2272 lead to disruption and/or network misbehavior. 2274 /ntp/interfaces/interface - The entries in the list inclide all 2275 per-interface configurations related to broadcast, multicast and 2276 manycast mode, and indirectly creates or modify the NTP 2277 associations. Unexpected changes could lead to disruption and/or 2278 network misbehavior. 2280 Some of the readable data nodes in this YANG module may be considered 2281 sensitive or vulnerable in some network environments. It is thus 2282 important to control read access (e.g., via get, get-config, or 2283 notification) to these data nodes. These are the subtrees and data 2284 nodes and their sensitivity/vulnerability: 2286 /ntp/authentication/authentication-keys - The entries in the list 2287 includes all the NTP authentication keys. This information is 2288 sensitive and can be exploited and thus unauthorized access to 2289 this needs to be curtailed. 2291 /ntp/associations - The entries in the list includes all active 2292 NTP associations of all modes. Unauthorized access to this also 2293 needs to be curtailed. 2295 11. Acknowledgments 2297 The authors would like to express their thanks to Sladjana Zoric, 2298 Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice 2299 Angermann, Watson Ladd, and Rich Salz for their review and 2300 suggestions. 2302 12. References 2304 12.1. Normative References 2306 [RFC1305] Mills, D., "Network Time Protocol (Version 3) 2307 Specification, Implementation and Analysis", RFC 1305, 2308 DOI 10.17487/RFC1305, March 1992, 2309 . 2311 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2312 Requirement Levels", BCP 14, RFC 2119, 2313 DOI 10.17487/RFC2119, March 1997, 2314 . 2316 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2317 DOI 10.17487/RFC3688, January 2004, 2318 . 2320 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 2321 "Network Time Protocol Version 4: Protocol and Algorithms 2322 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 2323 . 2325 [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., 2326 "Definitions of Managed Objects for Network Time Protocol 2327 Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June 2328 2010, . 2330 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2331 the Network Configuration Protocol (NETCONF)", RFC 6020, 2332 DOI 10.17487/RFC6020, October 2010, 2333 . 2335 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2336 and A. Bierman, Ed., "Network Configuration Protocol 2337 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2338 . 2340 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2341 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2342 . 2344 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2345 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2346 . 2348 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2349 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2350 . 2352 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2353 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2354 . 2356 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2357 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2358 May 2017, . 2360 [RFC8177] Lindem, A., Ed., Qu, Y., Yeung, D., Chen, I., and J. 2361 Zhang, "YANG Data Model for Key Chains", RFC 8177, 2362 DOI 10.17487/RFC8177, June 2017, 2363 . 2365 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2366 "Common YANG Data Types for the Routing Area", RFC 8294, 2367 DOI 10.17487/RFC8294, December 2017, 2368 . 2370 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2371 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2372 . 2374 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2375 Access Control Model", STD 91, RFC 8341, 2376 DOI 10.17487/RFC8341, March 2018, 2377 . 2379 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2380 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2381 . 2383 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2384 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2385 . 2387 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2388 "YANG Data Model for Network Access Control Lists (ACLs)", 2389 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2390 . 2392 12.2. Informative References 2394 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for 2395 System Management", RFC 7317, DOI 10.17487/RFC7317, August 2396 2014, . 2398 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2399 and R. Wilton, "Network Management Datastore Architecture 2400 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2401 . 2403 Authors' Addresses 2405 Nan Wu 2406 Huawei 2407 Huawei Bld., No.156 Beiqing Rd. 2408 Beijing 100095 2409 China 2411 Email: eric.wu@huawei.com 2413 Dhruv Dhody 2414 Huawei 2415 Divyashree Techno Park, Whitefield 2416 Bangalore, Kanataka 560066 2417 India 2419 Email: dhruv.ietf@gmail.com 2420 Ankit kumar Sinha 2421 RtBrick Inc. 2422 Bangalore, Kanataka 2423 India 2425 Email: ankit.ietf@gmail.com 2427 Anil Kumar S N 2428 RtBrick Inc. 2429 Bangalore, Kanataka 2430 India 2432 Email: anil.ietf@gmail.com 2434 Yi Zhao 2435 Ericsson 2436 China Digital Kingdom Bld., No.1 WangJing North Rd. 2437 Beijing 100102 2438 China 2440 Email: yi.z.zhao@ericsson.com