idnits 2.17.1 draft-ietf-ntp-yang-data-model-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 25 instances of too long lines in the document, the longest one being 4 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 215 has weird spacing: '...ss-mode ide...' == Line 247 has weird spacing: '...address rt-...' == Line 249 has weird spacing: '...address rt-...' == Line 2757 has weird spacing: '...ss-mode ide...' == Line 2854 has weird spacing: '...address rt-...' == (1 more instance...) -- The document date (20 March 2022) is 739 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 1305 (Obsoleted by RFC 5905) Summary: 1 error (**), 0 flaws (~~), 7 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NTP Working Group N. Wu 3 Internet-Draft D. Dhody, Ed. 4 Intended status: Standards Track Huawei 5 Expires: 21 September 2022 A. Sinha, Ed. 6 A. Kumar S N 7 RtBrick Inc. 8 Y. Zhao 9 Ericsson 10 20 March 2022 12 A YANG Data Model for NTP 13 draft-ietf-ntp-yang-data-model-17 15 Abstract 17 This document defines a YANG data model for Network Time Protocol 18 (NTP) version 4 implementations. It can also be used to configure 19 version 3. The data model includes configuration data and state 20 data. 22 Requirements Language 24 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 25 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 26 "OPTIONAL" in this document are to be interpreted as described in BCP 27 14 [RFC2119] [RFC8174] when, and only when, they appear in all 28 capitals, as shown here. 30 Status of This Memo 32 This Internet-Draft is submitted in full conformance with the 33 provisions of BCP 78 and BCP 79. 35 Internet-Drafts are working documents of the Internet Engineering 36 Task Force (IETF). Note that other groups may also distribute 37 working documents as Internet-Drafts. The list of current Internet- 38 Drafts is at https://datatracker.ietf.org/drafts/current/. 40 Internet-Drafts are draft documents valid for a maximum of six months 41 and may be updated, replaced, or obsoleted by other documents at any 42 time. It is inappropriate to use Internet-Drafts as reference 43 material or to cite them other than as "work in progress." 45 This Internet-Draft will expire on 21 September 2022. 47 Copyright Notice 49 Copyright (c) 2022 IETF Trust and the persons identified as the 50 document authors. All rights reserved. 52 This document is subject to BCP 78 and the IETF Trust's Legal 53 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 54 license-info) in effect on the date of publication of this document. 55 Please review these documents carefully, as they describe your rights 56 and restrictions with respect to this document. Code Components 57 extracted from this document must include Revised BSD License text as 58 described in Section 4.e of the Trust Legal Provisions and are 59 provided without warranty as described in the Revised BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 64 1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 65 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 66 1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 67 1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 68 1.5. References in the Model . . . . . . . . . . . . . . . . . 4 69 2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 5 70 3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 7 71 4. Relationship with RFC 7317 . . . . . . . . . . . . . . . . . 9 72 5. Access Rules . . . . . . . . . . . . . . . . . . . . . . . . 9 73 6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 10 74 7. NTP Version . . . . . . . . . . . . . . . . . . . . . . . . . 10 75 8. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 11 76 9. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 41 77 9.1. Unicast association . . . . . . . . . . . . . . . . . . . 41 78 9.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 44 79 9.3. Authentication configuration . . . . . . . . . . . . . . 44 80 9.4. Access configuration . . . . . . . . . . . . . . . . . . 45 81 9.5. Multicast configuration . . . . . . . . . . . . . . . . . 46 82 9.6. Manycast configuration . . . . . . . . . . . . . . . . . 50 83 9.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 53 84 9.8. Get all association . . . . . . . . . . . . . . . . . . . 53 85 9.9. Global statistic . . . . . . . . . . . . . . . . . . . . 55 86 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 87 10.1. IETF XML Registry . . . . . . . . . . . . . . . . . . . 55 88 10.2. YANG Module Names . . . . . . . . . . . . . . . . . . . 55 89 11. Security Considerations . . . . . . . . . . . . . . . . . . . 56 90 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 57 91 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 58 92 13.1. Normative References . . . . . . . . . . . . . . . . . . 58 93 13.2. Informative References . . . . . . . . . . . . . . . . . 59 94 Appendix A. Full YANG Tree . . . . . . . . . . . . . . . . . . . 60 95 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 64 97 1. Introduction 99 This document defines a YANG [RFC7950] data model for Network Time 100 Protocol [RFC5905] implementations. Note that the model could also 101 be used to configure NTPv3 [RFC1305] (see Section 7). 103 The data model covers configuration of system parameters of NTP, such 104 as access rules, authentication and VPN Routing and Forwarding (VRF) 105 binding, and also various modes of NTP and per-interface parameters. 106 It also provides access to information about running state of NTP 107 implementations. 109 1.1. Operational State 111 NTP Operational State is included in the same tree as NTP 112 configuration, consistent with Network Management Datastore 113 Architecture (NMDA) [RFC8342]. NTP current state and statistics are 114 also maintained in the operational state. The operational state also 115 includes the NTP association state. 117 1.2. Terminology 119 The terminology used in this document is aligned to [RFC5905] and 120 [RFC1305]. 122 1.3. Tree Diagrams 124 A simplified graphical representation of the data model is used in 125 this document. This document uses the graphical representation of 126 data models defined in [RFC8340]. 128 1.4. Prefixes in Data Node Names 130 In this document, names of data nodes and other data model objects 131 are often used without a prefix, as long as it is clear from the 132 context in which YANG module each name is defined. Otherwise, names 133 are prefixed using the standard prefix associated with the 134 corresponding YANG module, as shown in Table 1. 136 +==========+==========================+===========+ 137 | Prefix | YANG module | Reference | 138 +==========+==========================+===========+ 139 | yang | ietf-yang-types | [RFC6991] | 140 +----------+--------------------------+-----------+ 141 | inet | ietf-inet-types | [RFC6991] | 142 +----------+--------------------------+-----------+ 143 | if | ietf-interfaces | [RFC8343] | 144 +----------+--------------------------+-----------+ 145 | sys | ietf-system | [RFC7317] | 146 +----------+--------------------------+-----------+ 147 | acl | ietf-access-control-list | [RFC8519] | 148 +----------+--------------------------+-----------+ 149 | rt-types | ietf-routing-types | [RFC8294] | 150 +----------+--------------------------+-----------+ 151 | nacm | ietf-netconf-acm | [RFC8341] | 152 +----------+--------------------------+-----------+ 154 Table 1: Prefixes and corresponding YANG modules 156 1.5. References in the Model 158 Following documents are referenced in the model defined in this 159 document - 160 +=======================================+===========+ 161 | Title | Reference | 162 +=======================================+===========+ 163 | Network Time Protocol Version 4: | [RFC5905] | 164 | Protocol and Algorithms Specification | | 165 +---------------------------------------+-----------+ 166 | Common YANG Data Types | [RFC6991] | 167 +---------------------------------------+-----------+ 168 | A YANG Data Model for System | [RFC7317] | 169 | Management | | 170 +---------------------------------------+-----------+ 171 | Common YANG Data Types for the | [RFC8294] | 172 | Routing Area | | 173 +---------------------------------------+-----------+ 174 | Network Configuration Access Control | [RFC8341] | 175 | Model | | 176 +---------------------------------------+-----------+ 177 | A YANG Data Model for Interface | [RFC8343] | 178 | Management | | 179 +---------------------------------------+-----------+ 180 | YANG Data Model for Network Access | [RFC8519] | 181 | Control Lists (ACLs) | | 182 +---------------------------------------+-----------+ 183 | Message Authentication Code for the | [RFC8573] | 184 | Network Time Protocol | | 185 +---------------------------------------+-----------+ 186 | The AES-CMAC Algorithm | [RFC4493] | 187 +---------------------------------------+-----------+ 188 | The MD5 Message-Digest Algorithm | [RFC1321] | 189 +---------------------------------------+-----------+ 190 | US Secure Hash Algorithm 1 (SHA1) | [RFC3174] | 191 +---------------------------------------+-----------+ 192 | FIPS 180-4: Secure Hash Standard | [SHS] | 193 | (SHS) | | 194 +---------------------------------------+-----------+ 196 Table 2: References in the YANG modules 198 2. NTP data model 200 This document defines the YANG module "ietf-ntp", which has the 201 following condensed structure: 203 module: ietf-ntp 204 +--rw ntp! 205 +--rw port? inet:port-number {ntp-port}? 206 +--rw refclock-master! 207 | +--rw master-stratum? ntp-stratum 208 +--rw authentication {authentication}? 209 | +--rw auth-enabled? boolean 210 | +--rw authentication-keys* [key-id] 211 | +--rw key-id uint32 212 | +--... 213 +--rw access-rules {access-rules}? 214 | +--rw access-rule* [access-mode] 215 | +--rw access-mode identityref 216 | +--rw acl? -> /acl:acls/acl/name 217 +--ro clock-state 218 | +--ro system-status 219 | +--ro clock-state identityref 220 | +--ro clock-stratum ntp-stratum 221 | +--ro clock-refid refid 222 | +--... 223 +--rw unicast-configuration* [address type] 224 | {unicast-configuration}? 225 | +--rw address inet:ip-address 226 | +--rw type identityref 227 | +--... 228 +--rw associations 229 | +--ro association* [address local-mode isconfigured] 230 | +--ro address inet:ip-address 231 | +--ro local-mode identityref 232 | +--ro isconfigured boolean 233 | +--... 234 | +--ro ntp-statistics 235 | +--... 236 +--rw interfaces 237 | +--rw interface* [name] 238 | +--rw name if:interface-ref 239 | +--rw broadcast-server! {broadcast-server}? 240 | | +--... 241 | +--rw broadcast-client! {broadcast-client}? 242 | +--rw multicast-server* [address] {multicast-server}? 243 | | +--rw address 244 | | | rt-types:ip-multicast-group-address 245 | | +--... 246 | +--rw multicast-client* [address] {multicast-client}? 247 | | +--rw address rt-types:ip-multicast-group-address 248 | +--rw manycast-server* [address] {manycast-server}? 249 | | +--rw address rt-types:ip-multicast-group-address 250 | +--rw manycast-client* [address] {manycast-client}? 251 | +--rw address 252 | | rt-types:ip-multicast-group-address 253 | +--... 254 +--ro ntp-statistics 255 +--... 257 rpcs: 258 +---x statistics-reset 259 +---w input 260 +---w (association-or-all)? 261 +--:(association) 262 | +---w associations-address? 263 | | -> /ntp/associations/association/address 264 | +---w associations-local-mode? 265 | | -> /ntp/associations/association/local-mode 266 | +---w associations-isconfigured? 267 | -> /ntp/associations/association/isconfigured 268 +--:(all) 270 The full data model tree for the YANG module "ietf-ntp" is in 271 Appendix A. 273 This data model defines one top-level container which includes both 274 the NTP configuration and the NTP running state including access 275 rules, authentication, associations, unicast configurations, 276 interfaces, system status and associations. 278 3. Relationship with NTPv4-MIB 280 If the device implements the NTPv4-MIB [RFC5907], data nodes from 281 YANG module can be mapped to table entries in NTPv4-MIB. 283 The following tables list the YANG data nodes with corresponding 284 objects in the NTPv4-MIB. 286 YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects 288 +===========================+=================================+ 289 | YANG data nodes in /ntp/ | NTPv4-MIB objects | 290 | clock-state/system-status | | 291 +===========================+=================================+ 292 | clock-state | ntpEntStatusCurrentMode | 293 +---------------------------+---------------------------------+ 294 | clock-stratum | ntpEntStatusStratum | 295 +---------------------------+---------------------------------+ 296 | clock-refid | ntpEntStatusActiveRefSourceId | 297 +---------------------------+---------------------------------+ 298 | | ntpEntStatusActiveRefSourceName | 299 +---------------------------+---------------------------------+ 300 | clock-precision | ntpEntTimePrecision | 301 +---------------------------+---------------------------------+ 302 | clock-offset | ntpEntStatusActiveOffset | 303 +---------------------------+---------------------------------+ 304 | root-dispersion | ntpEntStatusDispersion | 305 +---------------------------+---------------------------------+ 307 Table 3 309 +=======================================+===========================+ 310 | YANG data nodes in | NTPv4-MIB objects | 311 | /ntp/associations/ | | 312 +=======================================+===========================+ 313 | address | ntpAssocAddressType | 314 +---------------------------------------+---------------------------+ 315 | | ntpAssocAddress | 316 +---------------------------------------+---------------------------+ 317 | stratum | ntpAssocStratum | 318 +---------------------------------------+---------------------------+ 319 | refid | ntpAssocRefId | 320 +---------------------------------------+---------------------------+ 321 | offset | ntpAssocOffset | 322 +---------------------------------------+---------------------------+ 323 | delay | ntpAssocStatusDelay | 324 +---------------------------------------+---------------------------+ 325 | dispersion | ntpAssocStatusDispersion | 326 +---------------------------------------+---------------------------+ 327 | ntp-statistics/ | ntpAssocStatOutPkts | 328 | packet-sent | | 329 +---------------------------------------+---------------------------+ 330 | ntp-statistics/ | ntpAssocStatInPkts | 331 | packet-received | | 332 +---------------------------------------+---------------------------+ 333 | ntp-statistics/ | ntpAssocStatProtocolError | 334 | packet-dropped | | 335 +---------------------------------------+---------------------------+ 337 Table 4 339 YANG NTP State Data Nodes and Related NTPv4-MIB Objects 341 4. Relationship with RFC 7317 343 This section describes the relationship with NTP definition in 344 Section 3.2 System Time Management of [RFC7317] . YANG data nodes in 345 /ntp/ also support per-interface configuration which is not supported 346 in /system/ntp. If the yang model defined in this document is 347 implemented, then /system/ntp SHOULD NOT be used and MUST be ignored. 349 +===============================+================================+ 350 | YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | 351 +===============================+================================+ 352 | ntp! | enabled | 353 +-------------------------------+--------------------------------+ 354 | unicast-configuration | server | 355 +-------------------------------+--------------------------------+ 356 | | server/name | 357 +-------------------------------+--------------------------------+ 358 | unicast-configuration/address | server/transport/udp/address | 359 +-------------------------------+--------------------------------+ 360 | unicast-configuration/port | server/transport/udp/port | 361 +-------------------------------+--------------------------------+ 362 | unicast-configuration/type | server/association-type | 363 +-------------------------------+--------------------------------+ 364 | unicast-configuration/iburst | server/iburst | 365 +-------------------------------+--------------------------------+ 366 | unicast-configuration/prefer | server/prefer | 367 +-------------------------------+--------------------------------+ 369 Table 5 371 YANG NTP Configuration Data Nodes and counterparts in RFC 7317 372 Objects 374 5. Access Rules 376 The access rules in this section refers to the on-the-wire access 377 control to the NTP service and completely independent of any 378 management API access control, e.g., NETCONF Access Control Model 379 (NACM) ([RFC8341]). 381 An Access Control List (ACL) is one of the basic elements used to 382 configure device-forwarding behavior. An ACL is a user-ordered set 383 of rules that is used to filter traffic on a networking device. 385 As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), NTP could 386 include an access-control feature that prevents unauthorized access 387 and controls which peers are allowed to update the local clock. 388 Further it is useful to differentiate between the various kinds of 389 access and attach a different acl-rule to each. For this, the YANG 390 module allows such configuration via /ntp/access-rules. The access- 391 rule itself is configured via [RFC8519]. 393 Following access modes are supported - 395 * Peer: Permit others to synchronize their time with the NTP entity 396 or it can synchronize its time with others. NTP control queries 397 are also accepted. 399 * Server: Permit others to synchronize their time with the NTP 400 entity, but vice versa is not supported. NTP control queries are 401 accepted. 403 * Server-only: Permit others to synchronize their time with NTP 404 entity, but vice versa is not supported. NTP control queries are 405 not accepted. 407 * Query-only: Only control queries are accepted. 409 Query-only is the most restricted where as the peer is the full 410 access authority. The ability to give different ACL rules for 411 different access modes allows for a greater control by the operator. 413 6. Key Management 415 As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), when 416 authentication is enabled, NTP employs a crypto-checksum, computed by 417 the sender and checked by the receiver, together with a set of 418 predistributed algorithms, and cryptographic keys indexed by a key 419 identifier included in the NTP message. This key-id is a 32-bit 420 unsigned integer that MUST be configured on the NTP peers before the 421 authentication could be used. For this reason, this YANG module 422 allows such configuration via /ntp/authentication/authentication- 423 keys/. Further at the time of configuration of NTP association (for 424 example unicast-server), the key-id is specified. 426 The 'nacm:default-deny-all' is used to prevent retrieval of the 427 actual key information after it is set. 429 7. NTP Version 431 This YANG model allow a version to be configured for the NTP 432 association i.e. an operator can control the use of NTPv3 [RFC1305] 433 or NTPv4 [RFC5905] for each association it forms. This allows 434 backward compatibility with a legacy system. Note that the version 3 435 of NTP [RFC1305] is obsoleted by NTPv4 [RFC5905]. 437 8. NTP YANG Module 439 file "ietf-ntp@2022-03-21.yang" 440 module ietf-ntp { 441 yang-version 1.1; 442 namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; 443 prefix ntp; 445 import ietf-yang-types { 446 prefix yang; 447 reference 448 "RFC 6991: Common YANG Data Types"; 449 } 450 import ietf-inet-types { 451 prefix inet; 452 reference 453 "RFC 6991: Common YANG Data Types"; 454 } 455 import ietf-interfaces { 456 prefix if; 457 reference 458 "RFC 8343: A YANG Data Model for Interface Management"; 459 } 460 import ietf-system { 461 prefix sys; 462 reference 463 "RFC 7317: A YANG Data Model for System Management"; 464 } 465 import ietf-access-control-list { 466 prefix acl; 467 reference 468 "RFC 8519: YANG Data Model for Network Access Control 469 Lists (ACLs)"; 470 } 471 import ietf-routing-types { 472 prefix rt-types; 473 reference 474 "RFC 8294: Common YANG Data Types for the Routing Area"; 475 } 476 import ietf-netconf-acm { 477 prefix nacm; 478 reference 479 "RFC 8341: Network Configuration Protocol (NETCONF) Access 480 Control Model"; 481 } 483 organization 484 "IETF NTP (Network Time Protocol) Working Group"; 486 contact 487 "WG Web: 488 WG List: 491 Editor: Ankit Kumar Sinha 492 "; 493 description 494 "This document defines a YANG data model for Network Time Protocol 495 (NTP) implementations. The data model includes configuration data 496 and state data. 498 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL 499 NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 500 'MAY', and 'OPTIONAL' in this document are to be interpreted as 501 described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, 502 they appear in all capitals, as shown here. 504 Copyright (c) 2022 IETF Trust and the persons identified as 505 authors of the code. All rights reserved. 507 Redistribution and use in source and binary forms, with or 508 without modification, is permitted pursuant to, and subject 509 to the license terms contained in, the Revised BSD License 510 set forth in Section 4.c of the IETF Trust's Legal Provisions 511 Relating to IETF Documents 512 (https://trustee.ietf.org/license-info). 514 This version of this YANG module is part of RFC XXXX; see the 515 RFC itself for full legal notices."; 517 revision 2022-03-21 { 518 description 519 "Initial revision."; 520 reference 521 "RFC XXXX: A YANG Data Model for NTP."; 522 } 524 /* Note: The RFC Editor will replace XXXX with the number assigned 525 to this document once it becomes an RFC.*/ 526 /* Typedef Definitions */ 528 typedef ntp-stratum { 529 type uint8 { 530 range "1..16"; 531 } 532 description 533 "The level of each server in the hierarchy is defined by 534 a stratum. Primary servers are assigned with stratum 535 one; secondary servers at each lower level are assigned with 536 one stratum greater than the preceding level"; 537 reference 538 "RFC 5905: Network Time Protocol Version 4: Protocol and 539 Algorithms Specification, Section 3"; 540 } 542 typedef ntp-version { 543 type uint8 { 544 range "3..max"; 545 } 546 default "4"; 547 description 548 "The current NTP version supported by corresponding 549 association."; 550 reference 551 "RFC 5905: Network Time Protocol Version 4: Protocol and 552 Algorithms Specification, Section 1"; 553 } 555 typedef refid { 556 type union { 557 type inet:ipv4-address; 558 type uint32; 559 type string { 560 length "4"; 561 } 562 } 563 description 564 "A code identifying the particular server or reference 565 clock. The interpretation depends upon stratum. It 566 could be an IPv4 address or first 32 bits of the MD5 hash of 567 the IPv6 address or a string for the Reference Identifier 568 and KISS codes. Some examples: 569 -- a refclock ID like '127.127.1.0' for local clock sync 570 -- uni/multi/broadcast associations for IPv4 will look like 571 '203.0.113.1' and '0x4321FEDC' for IPv6 572 -- sync with primary source will look like 'DCN', 'NIST', 573 'ATOM' 574 -- KISS codes will look like 'AUTH', 'DROP', 'RATE' 575 Note that the use of MD5 hash for IPv6 address is not for 576 cryptographic purposes "; 577 reference 578 "RFC 5905: Network Time Protocol Version 4: Protocol and 579 Algorithms Specification, Section 7.3"; 580 } 581 typedef ntp-date-and-time { 582 type union { 583 type yang:date-and-time; 584 type uint8; 585 } 586 description 587 "Follows the date-and-time format when valid value exist, 588 otherwise allows for setting special value such as 589 zero."; 590 reference 591 "RFC 6991: Common YANG Data Types"; 592 } 594 typedef log2seconds { 595 type int8; 596 description 597 "An 8-bit signed integer that represents signed log2 598 seconds."; 599 } 601 /* features */ 603 feature ntp-port { 604 description 605 "Support for NTP port configuration"; 606 reference 607 "RFC 5905: Network Time Protocol Version 4: Protocol and 608 Algorithms Specification, Section 7.2"; 609 } 611 feature authentication { 612 description 613 "Support for NTP symmetric key authentication"; 614 reference 615 "RFC 5905: Network Time Protocol Version 4: Protocol and 616 Algorithms Specification, Section 7.3"; 617 } 619 feature deprecated { 620 description 621 "Support deprecated MD5-based authentication (RFC 8573) or 622 SHA-1 or any other deprecated authentication mechanism. 623 It is enabled to support legacy compatibility when secure 624 cryptographic algorithms are not available to use. 625 It is also used to configure keystrings in ASCII format."; 626 reference 627 "RFC 1321: The MD5 Message-Digest Algorithm 628 RFC 3174: US Secure Hash Algorithm 1 (SHA1) 629 FIPS 180-4: Secure Hash Standard (SHS)"; 630 } 632 feature hex-key-string { 633 description 634 "Support hexadecimal key string."; 635 } 637 feature access-rules { 638 description 639 "Support for NTP access control"; 640 reference 641 "RFC 5905: Network Time Protocol Version 4: Protocol and 642 Algorithms Specification, Section 9.2"; 643 } 645 feature unicast-configuration { 646 description 647 "Support for NTP client/server or active/passive 648 in unicast"; 649 reference 650 "RFC 5905: Network Time Protocol Version 4: Protocol and 651 Algorithms Specification, Section 3"; 652 } 654 feature broadcast-server { 655 description 656 "Support for broadcast server"; 657 reference 658 "RFC 5905: Network Time Protocol Version 4: Protocol and 659 Algorithms Specification, Section 3"; 660 } 662 feature broadcast-client { 663 description 664 "Support for broadcast client"; 665 reference 666 "RFC 5905: Network Time Protocol Version 4: Protocol and 667 Algorithms Specification, Section 3"; 668 } 670 feature multicast-server { 671 description 672 "Support for multicast server"; 673 reference 674 "RFC 5905: Network Time Protocol Version 4: Protocol and 675 Algorithms Specification, Section 3.1"; 676 } 677 feature multicast-client { 678 description 679 "Support for multicast client"; 680 reference 681 "RFC 5905: Network Time Protocol Version 4: Protocol and 682 Algorithms Specification, Section 3.1"; 683 } 685 feature manycast-server { 686 description 687 "Support for manycast server"; 688 reference 689 "RFC 5905: Network Time Protocol Version 4: Protocol and 690 Algorithms Specification, Section 3.1"; 691 } 693 feature manycast-client { 694 description 695 "Support for manycast client"; 696 reference 697 "RFC 5905: Network Time Protocol Version 4: Protocol and 698 Algorithms Specification, Section 3.1"; 699 } 701 /* Identity */ 702 /* unicast-configurations types */ 704 identity unicast-configuration-type { 705 if-feature "unicast-configuration"; 706 description 707 "This defines NTP unicast mode of operation as used 708 for unicast-configurations."; 709 } 711 identity uc-server { 712 if-feature "unicast-configuration"; 713 base unicast-configuration-type; 714 description 715 "Use client association mode where the unicast server 716 address is configured."; 717 } 719 identity uc-peer { 720 if-feature "unicast-configuration"; 721 base unicast-configuration-type; 722 description 723 "Use symmetric active association mode where the peer 724 address is configured."; 726 } 728 /* association-modes */ 730 identity association-mode { 731 description 732 "The NTP association modes."; 733 reference 734 "RFC 5905: Network Time Protocol Version 4: Protocol and 735 Algorithms Specification, Section 3"; 736 } 738 identity active { 739 base association-mode; 740 description 741 "Use symmetric active association mode (mode 1). 742 This device may synchronize with its NTP peer, 743 or provide synchronization to configured NTP peer."; 744 } 746 identity passive { 747 base association-mode; 748 description 749 "Use symmetric passive association mode (mode 2). 750 This device has learned this association dynamically. 751 This device may synchronize with its NTP peer."; 752 } 754 identity client { 755 base association-mode; 756 description 757 "Use client association mode (mode 3). 758 This device will not provide synchronization 759 to the configured NTP server."; 760 } 762 identity server { 763 base association-mode; 764 description 765 "Use server association mode (mode 4). 766 This device will provide synchronization to 767 NTP clients."; 768 } 770 identity broadcast-server { 771 base association-mode; 772 description 773 "Use broadcast server mode (mode 5). 775 This mode defines that its either working 776 as broadcast-server or multicast-server."; 777 } 779 identity broadcast-client { 780 base association-mode; 781 description 782 "This mode defines that its either working 783 as broadcast-client (mode 6) or multicast-client."; 784 } 786 /* access-mode */ 788 identity access-mode { 789 if-feature "access-rules"; 790 description 791 "This defines NTP access modes. These identify 792 how the ACL is applied with NTP."; 793 reference 794 "RFC 5905: Network Time Protocol Version 4: Protocol and 795 Algorithms Specification, Section 9.2"; 796 } 798 identity peer-access-mode { 799 if-feature "access-rules"; 800 base access-mode; 801 description 802 "Permit others to synchronize their time with this NTP 803 entity or it can synchronize its time with others. 804 NTP control queries are also accepted. This enables 805 full access authority."; 806 } 808 identity server-access-mode { 809 if-feature "access-rules"; 810 base access-mode; 811 description 812 "Permit others to synchronize their time with this NTP 813 entity, but vice versa is not supported. NTP control 814 queries are accepted."; 815 } 817 identity server-only-access-mode { 818 if-feature "access-rules"; 819 base access-mode; 820 description 821 "Permit others to synchronize their time with this NTP 822 entity, but vice versa is not supported. NTP control 823 queries are not accepted."; 824 } 826 identity query-only-access-mode { 827 if-feature "access-rules"; 828 base access-mode; 829 description 830 "Only control queries are accepted."; 831 } 833 /* clock-state */ 835 identity clock-state { 836 description 837 "This defines NTP clock status at a high level."; 838 } 840 identity synchronized { 841 base clock-state; 842 description 843 "Indicates that the local clock has been synchronized with 844 an NTP server or the reference clock."; 845 } 847 identity unsynchronized { 848 base clock-state; 849 description 850 "Indicates that the local clock has not been synchronized 851 with any NTP server."; 852 } 854 /* ntp-sync-state */ 856 identity ntp-sync-state { 857 description 858 "This defines NTP clock sync state at a more granular 859 level. Referred as 'Clock state definitions' in RFC 5905"; 860 reference 861 "RFC 5905: Network Time Protocol Version 4: Protocol and 862 Algorithms Specification, Appendix A.1.1"; 863 } 865 identity clock-never-set { 866 base ntp-sync-state; 867 description 868 "Indicates the clock was never set."; 869 } 870 identity freq-set-by-cfg { 871 base ntp-sync-state; 872 description 873 "Indicates the clock frequency is set by 874 NTP configuration or file."; 875 } 877 identity spike { 878 base ntp-sync-state; 879 description 880 "Indicates a spike is detected."; 881 } 883 identity freq { 884 base ntp-sync-state; 885 description 886 "Indicates the frequency mode."; 887 } 889 identity clock-synchronized { 890 base ntp-sync-state; 891 description 892 "Indicates that the clock is synchronized"; 893 } 895 /* crypto-algorithm */ 897 identity crypto-algorithm { 898 description 899 "Base identity of cryptographic algorithm options."; 900 } 902 identity md5 { 903 if-feature "deprecated"; 904 base crypto-algorithm; 905 description 906 "The MD5 algorithm. Note that RFC 8573 907 deprecates the use of MD5-based authentication."; 908 reference 909 "RFC 1321: The MD5 Message-Digest Algorithm"; 910 } 912 identity sha-1 { 913 if-feature "deprecated"; 914 base crypto-algorithm; 915 description 916 "The SHA-1 algorithm."; 917 reference 918 "RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; 919 } 921 identity hmac-sha-1 { 922 if-feature "deprecated"; 923 base crypto-algorithm; 924 description 925 "HMAC-SHA-1 authentication algorithm."; 926 reference 927 "FIPS 180-4: Secure Hash Standard (SHS)"; 928 } 930 identity hmac-sha1-12 { 931 if-feature "deprecated"; 932 base crypto-algorithm; 933 description 934 "The HMAC-SHA1-12 algorithm."; 935 } 937 identity hmac-sha-256 { 938 description 939 "HMAC-SHA-256 authentication algorithm."; 940 reference 941 "FIPS 180-4: Secure Hash Standard (SHS)"; 942 } 944 identity hmac-sha-384 { 945 description 946 "HMAC-SHA-384 authentication algorithm."; 947 reference 948 "FIPS 180-4: Secure Hash Standard (SHS)"; 949 } 951 identity hmac-sha-512 { 952 description 953 "HMAC-SHA-512 authentication algorithm."; 954 reference 955 "FIPS 180-4: Secure Hash Standard (SHS)"; 956 } 958 identity aes-cmac { 959 base crypto-algorithm; 960 description 961 "The AES-CMAC algorithm - required by 962 RFC 8573 for MAC for the NTP"; 963 reference 964 "RFC 4493: The AES-CMAC Algorithm 965 RFC 8573: Message Authentication Code for the Network 966 Time Protocol"; 967 } 969 /* Groupings */ 971 grouping key { 972 description 973 "The key."; 974 nacm:default-deny-all; 975 choice key-string-style { 976 description 977 "Key string styles"; 978 case keystring { 979 leaf keystring { 980 if-feature "deprecated"; 981 type string; 982 description 983 "Key string in ASCII format."; 984 } 985 } 986 case hexadecimal { 987 if-feature "hex-key-string"; 988 leaf hexadecimal-string { 989 type yang:hex-string; 990 description 991 "Key in hexadecimal string format. When compared 992 to ASCII, specification in hexadecimal affords 993 greater key entropy with the same number of 994 internal key-string octets. Additionally, it 995 discourages usage of well-known words or 996 numbers."; 997 } 998 } 999 } 1000 } 1002 grouping authentication-key { 1003 description 1004 "To define an authentication key for a Network Time 1005 Protocol (NTP) time source."; 1006 leaf key-id { 1007 type uint32 { 1008 range "1..max"; 1009 } 1010 description 1011 "Authentication key identifier."; 1012 } 1013 leaf algorithm { 1014 type identityref { 1015 base crypto-algorithm; 1016 } 1017 description 1018 "Authentication algorithm. Note that RFC 8573 1019 deprecates the use of MD5-based authentication 1020 and recommends AES-CMAC."; 1021 } 1022 container key { 1023 uses key; 1024 description 1025 "The key. Note that RFC 8573 deprecates the use 1026 of MD5-based authentication."; 1027 } 1028 leaf istrusted { 1029 type boolean; 1030 description 1031 "Key-id is trusted or not"; 1032 } 1033 reference 1034 "RFC 5905: Network Time Protocol Version 4: Protocol and 1035 Algorithms Specification, Section 7.3 and 7.4"; 1036 } 1038 grouping authentication { 1039 description 1040 "Authentication."; 1041 choice authentication-type { 1042 description 1043 "Type of authentication."; 1044 case symmetric-key { 1045 leaf key-id { 1046 type leafref { 1047 path "/ntp:ntp/ntp:authentication/" 1048 + "ntp:authentication-keys/ntp:key-id"; 1049 } 1050 description 1051 "Authentication key id referenced in this 1052 association."; 1053 } 1054 } 1055 } 1056 } 1058 grouping statistics { 1059 description 1060 "NTP packet statistic."; 1061 leaf discontinuity-time { 1062 type ntp-date-and-time; 1063 description 1064 "The time on the most recent occasion at which any one or 1065 more of this NTP counters suffered a discontinuity. If 1066 no such discontinuities have occurred, then this node 1067 contains the time the NTP association was 1068 (re-)initialized."; 1069 } 1070 leaf packet-sent { 1071 type yang:counter32; 1072 description 1073 "The total number of NTP packets delivered to the 1074 transport service by this NTP entity for this 1075 association. 1076 Discontinuities in the value of this counter can occur 1077 upon cold start or reinitialization of the NTP entity, the 1078 management system and at other times."; 1079 } 1080 leaf packet-sent-fail { 1081 type yang:counter32; 1082 description 1083 "The number of times NTP packets sending failed."; 1084 } 1085 leaf packet-received { 1086 type yang:counter32; 1087 description 1088 "The total number of NTP packets delivered to the 1089 NTP entity from this association. 1090 Discontinuities in the value of this counter can occur 1091 upon cold start or reinitialization of the NTP entity, the 1092 management system and at other times."; 1093 } 1094 leaf packet-dropped { 1095 type yang:counter32; 1096 description 1097 "The total number of NTP packets that were delivered 1098 to this NTP entity from this association and this entity 1099 was not able to process due to an NTP protocol error. 1100 Discontinuities in the value of this counter can occur 1101 upon cold start or reinitialization of the NTP entity, the 1102 management system and at other times."; 1103 } 1104 } 1106 grouping common-attributes { 1107 description 1108 "NTP common attributes for configuration."; 1109 leaf minpoll { 1110 type log2seconds; 1111 default "6"; 1112 description 1113 "The minimum poll interval used in this association."; 1114 reference 1115 "RFC 5905: Network Time Protocol Version 4: Protocol and 1116 Algorithms Specification, Section 7.2"; 1117 } 1118 leaf maxpoll { 1119 type log2seconds; 1120 default "10"; 1121 description 1122 "The maximum poll interval used in this association."; 1123 reference 1124 "RFC 5905: Network Time Protocol Version 4: Protocol and 1125 Algorithms Specification, Section 7.2"; 1126 } 1127 leaf port { 1128 if-feature "ntp-port"; 1129 type inet:port-number { 1130 range "123 | 1024..max"; 1131 } 1132 default "123"; 1133 description 1134 "Specify the port used to send NTP packets."; 1135 reference 1136 "RFC 5905: Network Time Protocol Version 4: Protocol and 1137 Algorithms Specification, Section 7.2"; 1138 } 1139 leaf version { 1140 type ntp-version; 1141 description 1142 "NTP version."; 1143 } 1144 reference 1145 "RFC 5905: Network Time Protocol Version 4: Protocol and 1146 Algorithms Specification"; 1147 } 1149 grouping association-ref { 1150 description 1151 "Reference to NTP association mode"; 1152 leaf associations-address { 1153 type leafref { 1154 path "/ntp:ntp/ntp:associations/ntp:association" 1155 + "/ntp:address"; 1156 } 1157 description 1158 "Indicates the association's address 1159 which result in clock synchronization."; 1160 } 1161 leaf associations-local-mode { 1162 type leafref { 1163 path "/ntp:ntp/ntp:associations/ntp:association" 1164 + "/ntp:local-mode"; 1165 } 1166 description 1167 "Indicates the association's local-mode 1168 which result in clock synchronization."; 1169 } 1170 leaf associations-isconfigured { 1171 type leafref { 1172 path "/ntp:ntp/ntp:associations/ntp:association/" 1173 + "ntp:isconfigured"; 1174 } 1175 description 1176 "Indicates if the association (that resulted in the 1177 clock synchronization) is explicitly configured."; 1178 } 1179 } 1181 container ntp { 1182 when 'false() = boolean(/sys:system/sys:ntp)' { 1183 description 1184 "Applicable when the system /sys/ntp/ is not used."; 1185 } 1186 presence "NTP is enabled and system should attempt to 1187 synchronize the system clock with an NTP server 1188 from the 'ntp/associations' list."; 1189 description 1190 "Configuration parameters for NTP."; 1191 leaf port { 1192 if-feature "ntp-port"; 1193 type inet:port-number { 1194 range "123 | 1024..max"; 1195 } 1196 default "123"; 1197 description 1198 "Specify the port used to send and receive NTP packets."; 1199 reference 1200 "RFC 5905: Network Time Protocol Version 4: Protocol and 1201 Algorithms Specification, Section 7.2"; 1202 } 1203 container refclock-master { 1204 presence "NTP master clock is enabled."; 1205 description 1206 "Configures the local clock of this device as NTP server."; 1207 leaf master-stratum { 1208 type ntp-stratum; 1209 default "16"; 1210 description 1211 "Stratum level from which NTP clients get their time 1212 synchronized."; 1213 } 1214 } 1215 container authentication { 1216 if-feature "authentication"; 1217 description 1218 "Configuration of authentication."; 1219 leaf auth-enabled { 1220 type boolean; 1221 default "false"; 1222 description 1223 "Controls whether NTP authentication is enabled 1224 or disabled on this device."; 1225 } 1226 list authentication-keys { 1227 key "key-id"; 1228 uses authentication-key; 1229 description 1230 "List of authentication keys."; 1231 } 1232 } 1233 container access-rules { 1234 if-feature "access-rules"; 1235 description 1236 "Configuration to control access to NTP service 1237 by using NTP access-group feature. 1238 The access-mode identifies how the ACL is 1239 applied with NTP."; 1240 list access-rule { 1241 key "access-mode"; 1242 description 1243 "List of access rules."; 1244 leaf access-mode { 1245 type identityref { 1246 base access-mode; 1247 } 1248 description 1249 "The NTP access mode. Some of the possible value 1250 includes peer, server, synchronization, query 1251 etc."; 1252 } 1253 leaf acl { 1254 type leafref { 1255 path "/acl:acls/acl:acl/acl:name"; 1256 } 1257 description 1258 "Control access configuration to be used."; 1259 } 1260 reference 1261 "RFC 5905: Network Time Protocol Version 4: Protocol and 1262 Algorithms Specification, Section 9.2"; 1263 } 1264 } 1265 container clock-state { 1266 config false; 1267 description 1268 "Clock operational state of the NTP."; 1269 container system-status { 1270 description 1271 "System status of NTP."; 1272 leaf clock-state { 1273 type identityref { 1274 base clock-state; 1275 } 1276 mandatory true; 1277 description 1278 "The state of system clock. Some of the possible value 1279 includes synchronized and unsynchronized"; 1280 } 1281 leaf clock-stratum { 1282 type ntp-stratum; 1283 mandatory true; 1284 description 1285 "The NTP entity's own stratum value. Should be one greater 1286 than preceeding level. 16 if unsyncronized."; 1287 reference 1288 "RFC 5905: Network Time Protocol Version 4: Protocol and 1289 Algorithms Specification, Section 3"; 1290 } 1291 leaf clock-refid { 1292 type refid; 1293 mandatory true; 1294 description 1295 "A code identifying the particular server or reference 1296 clock. The interpretation depends upon stratum. It 1297 could be an IPv4 address or first 32 bits of the MD5 hash 1298 of the IPv6 address or a string for the Reference 1299 Identifier and KISS codes. Some examples: 1300 -- a refclock ID like '127.127.1.0' for local clock sync 1301 -- uni/multi/broadcast associations for IPv4 will look like 1302 '203.0.113.1' and '0x4321FEDC' for IPv6 1303 -- sync with primary source will look like 'DCN', 'NIST', 1304 'ATOM' 1305 -- KISS codes will look like 'AUTH', 'DROP', 'RATE' 1306 Note that the use of MD5 hash for IPv6 address is not for 1307 cryptographic purposes "; 1308 reference 1309 "RFC 5905: Network Time Protocol Version 4: Protocol and 1310 Algorithms Specification, Section 7.3"; 1311 } 1312 uses association-ref { 1313 description 1314 "Reference to Association."; 1315 } 1316 leaf nominal-freq { 1317 type decimal64 { 1318 fraction-digits 4; 1319 } 1320 units "Hz"; 1321 mandatory true; 1322 description 1323 "The nominal frequency of the local clock. An ideal 1324 frequency with zero uncertainty."; 1325 } 1326 leaf actual-freq { 1327 type decimal64 { 1328 fraction-digits 4; 1329 } 1330 units "Hz"; 1331 mandatory true; 1332 description 1333 "The actual frequency of the local clock."; 1334 } 1335 leaf clock-precision { 1336 type log2seconds; 1337 mandatory true; 1338 description 1339 "Clock precision of this system in signed integer format, 1340 in log 2 seconds - (prec=2^(-n)). A value of 5 would 1341 mean 2^-5 = 0.03125 seconds = 31.25 ms."; 1342 reference 1343 "RFC 5905: Network Time Protocol Version 4: Protocol and 1344 Algorithms Specification, Section 7.3"; 1345 } 1346 leaf clock-offset { 1347 type decimal64 { 1348 fraction-digits 3; 1349 } 1350 units "milliseconds"; 1351 description 1352 "The signed time offset to the current selected reference 1353 time source e.g., '0.032ms' or '1.232ms'. The negative 1354 value Indicates that the local clock is behind the 1355 current selected reference time source."; 1356 reference 1357 "RFC 5905: Network Time Protocol Version 4: Protocol and 1358 Algorithms Specification, Section 9.1"; 1359 } 1360 leaf root-delay { 1361 type decimal64 { 1362 fraction-digits 3; 1363 } 1364 units "milliseconds"; 1365 description 1366 "Total delay along the path to root clock."; 1367 reference 1368 "RFC 5905: Network Time Protocol Version 4: Protocol and 1369 Algorithms Specification, Section 4 and 7.3"; 1370 } 1371 leaf root-dispersion { 1372 type decimal64 { 1373 fraction-digits 3; 1374 } 1375 units "milliseconds"; 1376 description 1377 "The dispersion between the local clock 1378 and the root clock, e.g., '6.927ms'."; 1379 reference 1380 "RFC 5905: Network Time Protocol Version 4: Protocol and 1381 Algorithms Specification, Section 4, 7.3 and 10."; 1382 } 1383 leaf reference-time { 1384 type ntp-date-and-time; 1385 description 1386 "The reference timestamp. Time when the system clock was 1387 last set or corrected"; 1388 reference 1389 "RFC 5905: Network Time Protocol Version 4: Protocol and 1390 Algorithms Specification, Section 7.3"; 1391 } 1392 leaf sync-state { 1393 type identityref { 1394 base ntp-sync-state; 1395 } 1396 mandatory true; 1397 description 1398 "The synchronization status of the local clock. Referred to 1399 as 'Clock state definitions' in RFC 5905"; 1400 reference 1401 "RFC 5905: Network Time Protocol Version 4: Protocol and 1402 Algorithms Specification, Appendix A.1.1"; 1403 } 1404 } 1405 } 1406 list unicast-configuration { 1407 if-feature "unicast-configuration"; 1408 key "address type"; 1409 description 1410 "List of NTP unicast-configurations."; 1411 leaf address { 1412 type inet:ip-address; 1413 description 1414 "Address of this association."; 1415 } 1416 leaf type { 1417 type identityref { 1418 base unicast-configuration-type; 1419 } 1420 description 1421 "The unicast configuration type, for example 1422 unicast-server"; 1423 } 1424 container authentication { 1425 if-feature "authentication"; 1426 description 1427 "Authentication used for this association."; 1428 uses authentication; 1429 } 1430 leaf prefer { 1431 type boolean; 1432 default "false"; 1433 description 1434 "Whether this association is preferred or not."; 1435 } 1436 leaf burst { 1437 type boolean; 1438 default "false"; 1439 description 1440 "If set, a series of packets are sent instead of a single 1441 packet within each synchronization interval to achieve 1442 faster synchronization."; 1443 reference 1444 "RFC 5905: Network Time Protocol Version 4: Protocol and 1445 Algorithms Specification, Section 13.1"; 1447 } 1448 leaf iburst { 1449 type boolean; 1450 default "false"; 1451 description 1452 "If set, a series of packets are sent instead of a single 1453 packet within the initial synchronization interval to 1454 achieve faster initial synchronization."; 1455 reference 1456 "RFC 5905: Network Time Protocol Version 4: Protocol and 1457 Algorithms Specification, Section 13.1"; 1458 } 1459 leaf source { 1460 type if:interface-ref; 1461 description 1462 "The interface whose IP address is used by this association 1463 as the source address."; 1464 } 1465 uses common-attributes { 1466 description 1467 "Common attributes like port, version, min and max 1468 poll."; 1469 } 1470 } 1471 container associations { 1472 description 1473 "Association parameters"; 1474 list association { 1475 key "address local-mode isconfigured"; 1476 config false; 1477 description 1478 "List of NTP associations. Here address, local-mode 1479 and isconfigured are required to uniquely identify 1480 a particular association. Lets take following examples - 1482 1) If RT1 acting as broadcast server, 1483 and RT2 acting as broadcast client, then RT2 1484 will form dynamic association with address as RT1, 1485 local-mode as client and isconfigured as false. 1487 2) When RT2 is configured 1488 with unicast-server RT1, then RT2 will form 1489 association with address as RT1, local-mode as client 1490 and isconfigured as true. 1492 Thus all 3 leaves are needed as key to unique identify 1493 the association."; 1494 leaf address { 1495 type inet:ip-address; 1496 description 1497 "The remote address of this association. Represents the 1498 IP address of a unicast/multicast/broadcast address."; 1499 } 1500 leaf local-mode { 1501 type identityref { 1502 base association-mode; 1503 } 1504 description 1505 "Local mode of this NTP association."; 1506 } 1507 leaf isconfigured { 1508 type boolean; 1509 description 1510 "Indicates if this association is configured (true) or 1511 dynamically learned (false)."; 1512 } 1513 leaf stratum { 1514 type ntp-stratum; 1515 description 1516 "The association stratum value."; 1517 reference 1518 "RFC 5905: Network Time Protocol Version 4: Protocol and 1519 Algorithms Specification, Section 3"; 1520 } 1521 leaf refid { 1522 type refid; 1523 description 1524 "A code identifying the particular server or reference 1525 clock. The interpretation depends upon stratum. It 1526 could be an IPv4 address or first 32 bits of the MD5 hash of 1527 the IPv6 address or a string for the Reference Identifier 1528 and KISS codes. Some examples: 1529 -- a refclock ID like '127.127.1.0' for local clock sync 1530 -- uni/multi/broadcast associations for IPv4 will look like 1531 '203.0.113.1' and '0x4321FEDC' for IPv6 1532 -- sync with primary source will look like 'DCN', 'NIST', 1533 'ATOM' 1534 -- KISS codes will look like 'AUTH', 'DROP', 'RATE' 1535 Note that the use of MD5 hash for IPv6 address is not for 1536 cryptographic purposes"; 1537 reference 1538 "RFC 5905: Network Time Protocol Version 4: Protocol and 1539 Algorithms Specification, Section 7.3"; 1540 } 1541 leaf authentication { 1542 if-feature "authentication"; 1543 type leafref { 1544 path "/ntp:ntp/ntp:authentication/" 1545 + "ntp:authentication-keys/ntp:key-id"; 1546 } 1547 description 1548 "Authentication Key used for this association."; 1549 } 1550 leaf prefer { 1551 type boolean; 1552 default "false"; 1553 description 1554 "Indicates if this association is preferred."; 1555 } 1556 leaf peer-interface { 1557 type if:interface-ref; 1558 description 1559 "The interface which is used for communication."; 1560 } 1561 uses common-attributes { 1562 description 1563 "Common attributes like port, version, min and 1564 max poll."; 1565 } 1566 leaf reach { 1567 type uint8; 1568 description 1569 "It is an 8-bit shift register that tracks packet 1570 generation and receipt. It is used to determine 1571 whether the server is reachable and the data are 1572 fresh."; 1573 reference 1574 "RFC 5905: Network Time Protocol Version 4: Protocol and 1575 Algorithms Specification, Section 9.2 and 13"; 1576 } 1577 leaf unreach { 1578 type uint8; 1579 units "seconds"; 1580 description 1581 "It is a count of how long in second the server has been 1582 unreachable i.e. the reach value has been zero."; 1583 reference 1584 "RFC 5905: Network Time Protocol Version 4: Protocol and 1585 Algorithms Specification, Section 9.2 and 13"; 1586 } 1587 leaf poll { 1588 type log2seconds; 1589 description 1590 "The polling interval for current association in signed 1591 log2 seconds."; 1592 reference 1593 "RFC 5905: Network Time Protocol Version 4: Protocol and 1594 Algorithms Specification, Section 7.3"; 1595 } 1596 leaf now { 1597 type uint32; 1598 units "seconds"; 1599 description 1600 "The time since the last NTP packet was 1601 received or last synchronized."; 1602 } 1603 leaf offset { 1604 type decimal64 { 1605 fraction-digits 3; 1606 } 1607 units "milliseconds"; 1608 description 1609 "The signed offset between the local clock 1610 and the peer clock, e.g., '0.032ms' or '1.232ms'. The 1611 negative value Indicates that the local clock is behind 1612 the peer."; 1613 reference 1614 "RFC 5905: Network Time Protocol Version 4: Protocol and 1615 Algorithms Specification, Section 8"; 1616 } 1617 leaf delay { 1618 type decimal64 { 1619 fraction-digits 3; 1620 } 1621 units "milliseconds"; 1622 description 1623 "The network delay between the local clock 1624 and the peer clock."; 1625 reference 1626 "RFC 5905: Network Time Protocol Version 4: Protocol and 1627 Algorithms Specification, Section 8"; 1628 } 1629 leaf dispersion { 1630 type decimal64 { 1631 fraction-digits 3; 1632 } 1633 units "milliseconds"; 1634 description 1635 "The root dispersion between the local clock 1636 and the peer clock."; 1637 reference 1638 "RFC 5905: Network Time Protocol Version 4: Protocol and 1639 Algorithms Specification, Section 10"; 1640 } 1641 leaf originate-time { 1642 type ntp-date-and-time; 1643 description 1644 "This is the local time, in timestamp format, 1645 when latest NTP packet was sent to peer (called T1)."; 1646 reference 1647 "RFC 5905: Network Time Protocol Version 4: Protocol and 1648 Algorithms Specification, Section 8"; 1649 } 1650 leaf receive-time { 1651 type ntp-date-and-time; 1652 description 1653 "This is the local time, in timestamp format, 1654 when latest NTP packet arrived at peer (called T2). 1655 If the peer becomes unreachable the value is set to zero."; 1656 reference 1657 "RFC 5905: Network Time Protocol Version 4: Protocol and 1658 Algorithms Specification, Section 8"; 1659 } 1660 leaf transmit-time { 1661 type ntp-date-and-time; 1662 description 1663 "This is the local time, in timestamp format, 1664 at which the NTP packet departed the peer (called T3). 1665 If the peer becomes unreachable the value is set to zero."; 1666 reference 1667 "RFC 5905: Network Time Protocol Version 4: Protocol and 1668 Algorithms Specification, Section 8"; 1669 } 1670 leaf input-time { 1671 type ntp-date-and-time; 1672 description 1673 "This is the local time, in timestamp format, 1674 when the latest NTP message from the peer arrived (called 1675 T4). If the peer becomes unreachable the value is set to 1676 zero."; 1677 reference 1678 "RFC 5905: Network Time Protocol Version 4: Protocol and 1679 Algorithms Specification, Section 8"; 1680 } 1681 container ntp-statistics { 1682 description 1683 "Per Peer packet send and receive statistics."; 1684 uses statistics { 1685 description 1686 "NTP send and receive packet statistics."; 1688 } 1689 } 1690 } 1691 } 1692 container interfaces { 1693 description 1694 "Configuration parameters for NTP interfaces."; 1695 list interface { 1696 key "name"; 1697 description 1698 "List of interfaces."; 1699 leaf name { 1700 type if:interface-ref; 1701 description 1702 "The interface name."; 1703 } 1704 container broadcast-server { 1705 if-feature "broadcast-server"; 1706 presence "NTP broadcast-server is configured on this 1707 interface"; 1708 description 1709 "Configuration of broadcast server."; 1710 leaf ttl { 1711 type uint8; 1712 description 1713 "Specifies the time to live (TTL) for a 1714 broadcast packet."; 1715 reference 1716 "RFC 5905: Network Time Protocol Version 4: Protocol and 1717 Algorithms Specification, Section 3.1"; 1718 } 1719 container authentication { 1720 if-feature "authentication"; 1721 description 1722 "Authentication used on this interface."; 1723 uses authentication; 1724 } 1725 uses common-attributes { 1726 description 1727 "Common attributes such as port, version, min and 1728 max poll."; 1729 } 1730 reference 1731 "RFC 5905: Network Time Protocol Version 4: Protocol and 1732 Algorithms Specification, Section 3.1"; 1733 } 1734 container broadcast-client { 1735 if-feature "broadcast-client"; 1736 presence "NTP broadcast-client is configured on this 1737 interface."; 1738 description 1739 "Configuration of broadcast-client."; 1740 reference 1741 "RFC 5905: Network Time Protocol Version 4: Protocol and 1742 Algorithms Specification, Section 3.1"; 1743 } 1744 list multicast-server { 1745 if-feature "multicast-server"; 1746 key "address"; 1747 description 1748 "Configuration of multicast server."; 1749 leaf address { 1750 type rt-types:ip-multicast-group-address; 1751 description 1752 "The IP address to send NTP multicast packets."; 1753 } 1754 leaf ttl { 1755 type uint8; 1756 description 1757 "Specifies the time to live (TTL) for a 1758 multicast packet."; 1759 reference 1760 "RFC 5905: Network Time Protocol Version 4: Protocol and 1761 Algorithms Specification, Section 3.1"; 1762 } 1763 container authentication { 1764 if-feature "authentication"; 1765 description 1766 "Authentication used on this interface."; 1767 uses authentication; 1768 } 1769 uses common-attributes { 1770 description 1771 "Common attributes such as port, version, min and 1772 max poll."; 1773 } 1774 reference 1775 "RFC 5905: Network Time Protocol Version 4: Protocol and 1776 Algorithms Specification, Section 3.1"; 1777 } 1778 list multicast-client { 1779 if-feature "multicast-client"; 1780 key "address"; 1781 description 1782 "Configuration of multicast-client."; 1783 leaf address { 1784 type rt-types:ip-multicast-group-address; 1785 description 1786 "The IP address of the multicast group to 1787 join."; 1788 } 1789 reference 1790 "RFC 5905: Network Time Protocol Version 4: Protocol and 1791 Algorithms Specification, Section 3.1"; 1792 } 1793 list manycast-server { 1794 if-feature "manycast-server"; 1795 key "address"; 1796 description 1797 "Configuration of manycast server."; 1798 leaf address { 1799 type rt-types:ip-multicast-group-address; 1800 description 1801 "The multicast group IP address to receive 1802 manycast client messages."; 1803 } 1804 reference 1805 "RFC 5905: Network Time Protocol Version 4: Protocol and 1806 Algorithms Specification, Section 3.1"; 1807 } 1808 list manycast-client { 1809 if-feature "manycast-client"; 1810 key "address"; 1811 description 1812 "Configuration of manycast-client."; 1813 leaf address { 1814 type rt-types:ip-multicast-group-address; 1815 description 1816 "The group IP address that the manycast client 1817 broadcasts the request message to."; 1818 } 1819 container authentication { 1820 if-feature "authentication"; 1821 description 1822 "Authentication used on this interface."; 1823 uses authentication; 1824 } 1825 leaf ttl { 1826 type uint8; 1827 description 1828 "Specifies the maximum time to live (TTL) for 1829 the expanding ring search."; 1830 reference 1831 "RFC 5905: Network Time Protocol Version 4: Protocol and 1832 Algorithms Specification, Section 3.1"; 1833 } 1834 leaf minclock { 1835 type uint8; 1836 description 1837 "The minimum manycast survivors in this 1838 association."; 1839 reference 1840 "RFC 5905: Network Time Protocol Version 4: Protocol and 1841 Algorithms Specification, Section 13.2"; 1842 } 1843 leaf maxclock { 1844 type uint8; 1845 description 1846 "The maximum manycast candidates in this 1847 association."; 1848 reference 1849 "RFC 5905: Network Time Protocol Version 4: Protocol and 1850 Algorithms Specification, Section 13.2"; 1851 } 1852 leaf beacon { 1853 type log2seconds; 1854 description 1855 "The beacon is the upper limit of poll interval. When the 1856 ttl reaches its limit without finding the minimum number 1857 of manycast servers, the poll interval increases until 1858 reaching the beacon value, when it starts over from the 1859 beginning."; 1860 reference 1861 "RFC 5905: Network Time Protocol Version 4: Protocol and 1862 Algorithms Specification, Section 13.2"; 1863 } 1864 uses common-attributes { 1865 description 1866 "Common attributes like port, version, min and 1867 max poll."; 1868 } 1869 reference 1870 "RFC 5905: Network Time Protocol Version 4: Protocol and 1871 Algorithms Specification, Section 3.1"; 1872 } 1873 } 1874 } 1875 container ntp-statistics { 1876 config false; 1877 description 1878 "Total NTP packet statistics."; 1879 uses statistics { 1880 description 1881 "NTP send and receive packet statistics."; 1882 } 1883 } 1884 } 1886 rpc statistics-reset { 1887 description 1888 "Reset statistics collected."; 1889 input { 1890 choice association-or-all { 1891 description 1892 "Resets statistics for a particular association or 1893 all"; 1894 case association { 1895 uses association-ref; 1896 description 1897 "This resets all the statistics collected for 1898 the association."; 1899 } 1900 case all { 1901 description 1902 "This resets all the statistics collected."; 1903 } 1904 } 1905 } 1906 } 1907 } 1908 1910 9. Usage Example 1912 This section include examples for illustration purposes. 1914 Note: '\' line wrapping per [RFC8792]. 1916 9.1. Unicast association 1918 This example describes how to configure a preferred unicast server 1919 present at 192.0.2.1 running at port 1025 with authentication-key 10 1920 and version 4 (default). 1922 1923 1924 1925 1926 1927 1928 1929
192.0.2.1
1930 uc-server 1931 true 1932 1025 1933 1934 1935 10 1936 1937 1938
1939
1940
1941
1943 An example with IPv6 would use an IPv6 address (say 2001:db8::1) in 1944 the "address" leaf with no change in any other data tree. 1946 1947 1948 1949 1950 1951 1952 1953
2001:db8::1
1954 uc-server 1955 true 1956 1025 1957 1958 1959 10 1960 1961 1962
1963
1964
1965
1967 This example is for retrieving unicast configurations - 1968 1969 1970 1971 1972 1973 1974 1975 1977 1978 1979 1980
192.0.2.1
1981 uc-server 1982 1983 1984 10 1985 1986 1987 true 1988 false 1989 true 1990 1991 6 1992 10 1993 1025 1994 9 1995 203.0.113.1 1996 255 1997 0 1998 128 1999 10 2000 0.025 2001 0.5 2002 0.6 2003 10-10-2017 07:33:55.253 Z+05:30\ 2004 2005 10-10-2017 07:33:55.258 Z+05:30\ 2006 2007 10-10-2017 07:33:55.300 Z+05:30\ 2008 2009 10-10-2017 07:33:55.305 Z+05:30\ 2010 2011 2012 20 2013 0 2014 20 2015 0 2017 2018
2019
2020
2022 9.2. Refclock master 2024 This example describes how to configure reference clock with stratum 2025 8 - 2027 2028 2029 2030 2031 2032 2033 2034 8 2035 2036 2037 2038 2040 This example describes how to get reference clock configuration - 2042 2043 2044 2045 2046 2047 2048 2049 2051 2052 2053 2054 8 2055 2056 2057 2059 9.3. Authentication configuration 2061 This example describes how to enable authentication and configure 2062 trusted authentication key 10 with mode as AES-CMAC and an 2063 hexadecimal string key - 2064 2065 2066 2067 2068 2069 2070 2071 true 2072 2073 10 2074 aes-cmac 2075 2076 2077 bb1d6929e95937287fa37d129b756746 2078 2079 2080 true 2081 2082 2083 2084 2085 2087 9.4. Access configuration 2089 This example describes how to configure access mode "peer" associated 2090 with ACL 2000 - 2092 2093 2094 2095 2096 2097 2098 2099 2100 peer-access-mode 2101 2000 2102 2103 2104 2105 2106 2108 This example describes how to get access related configuration - 2109 2110 2111 2112 2113 2114 2115 2116 2118 2119 2120 2121 2122 peer-access-mode 2123 2000 2124 2125 2126 2127 2129 9.5. Multicast configuration 2131 This example describes how to configure multicast-server with address 2132 as "224.0.1.1", port as 1025, and version as 3 and authentication 2133 keyid as 10 - 2134 2135 2136 2137 2138 2139 2140 2141 2142 Ethernet3/0/0 2143 2144
224.0.1.1
2145 2146 2147 10 2148 2149 2150 1025 2151 3 2152
2153
2154
2155
2156
2157
2159 This example describes how to get multicast-server related 2160 configuration - 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2174 2175 2176 2177 2178 Ethernet3/0/0 2179 2180
224.0.1.1
2181 8 2182 2183 2184 10 2185 2186 2187 6 2188 10 2189 1025 2190 3 2191
2192
2193
2194
2195
2197 This example describes how to configure multicast-client with address 2198 as "224.0.1.1" - 2199 2200 2201 2202 2203 2204 2205 2206 2207 Ethernet3/0/0 2208 2209
224.0.1.1
2210
2211
2212
2213
2214
2215
2217 This example describes how to get multicast-client related 2218 configuration - 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2233 2234 2235 2236 2237 Ethernet3/0/0 2238 2239
224.0.1.1
2240
2241
2242
2243
2244
2246 9.6. Manycast configuration 2248 This example describes how to configure manycast-client with address 2249 as "224.0.1.1", port as 1025 and authentication keyid as 10 - 2251 2252 2253 2254 2255 2256 2257 2258 2259 Ethernet3/0/0 2260 2261
224.0.1.1
2262 2263 2264 10 2265 2266 2267 1025 2268
2269
2270
2271
2272
2273
2275 This example describes how to get manycast-client related 2276 configuration - 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2290 2291 2292 2293 2294 Ethernet3/0/0 2295 2296
224.0.1.1
2297 2298 2299 10 2300 2301 2302 8 2303 3 2304 10 2305 6 2306 6 2307 10 2308 1025 2309
2310
2311
2312
2313
2315 This example describes how to configure manycast-server with address 2316 as "224.0.1.1" - 2317 2318 2319 2320 2321 2322 2323 2324 2325 Ethernet3/0/0 2326 2327
224.0.1.1
2328
2329
2330
2331
2332
2333
2335 This example describes how to get manycast-server related 2336 configuration - 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2351 2352 2353 2354 2355 Ethernet3/0/0 2356 2357
224.0.1.1
2358
2359
2360
2361
2362
2364 9.7. Clock state 2366 This example describes how to get clock current state - 2368 2369 2370 2371 2372 2373 2374 2375 2377 2378 2379 2380 2381 synchronized 2382 7 2383 192.0.2.1 2384 192.0.2.1\ 2385 2386 client\ 2387 2388 yes\ 2389 2390 100.0 2391 100.0 2392 18 2393 0.025 2394 0.5 2395 0.8 2396 10-10-2017 07:33:55.258 Z+05:30\ 2397 2398 clock-synchronized 2399 2400 2401 2402 2404 9.8. Get all association 2406 This example describes how to get all association present in the 2407 system - 2408 2409 2410 2411 2412 2413 2414 2415 2417 2418 2419 2420 2421
192.0.2.1
2422 9 2423 203.0.113.1 2424 client 2425 true 2426 10 2427 true 2428 Ethernet3/0/0 2429 6 2430 10 2431 1025 2432 4 2433 255 2434 0 2435 128 2436 10 2437 0.025 2438 0.5 2439 0.6 2440 10-10-2017 07:33:55.253 Z+05:30\ 2441 2442 10-10-2017 07:33:55.258 Z+05:30\ 2443 2444 10-10-2017 07:33:55.300 Z+05:30\ 2445 2446 10-10-2017 07:33:55.305 Z+05:30\ 2447 2448 2449 20 2450 0 2451 20 2452 0 2453 2454
2455
2457
2458
2460 9.9. Global statistic 2462 This example describes how to get global statistics - 2464 2465 2466 2467 2468 2469 2470 2471 2473 2474 2475 2476 30 2477 5 2478 20 2479 2 2480 2481 2482 2484 10. IANA Considerations 2486 10.1. IETF XML Registry 2488 This document registers a URI in the "IETF XML Registry" [RFC3688]. 2489 Following the format in RFC 3688, the following registration has been 2490 made. 2492 URI: urn:ietf:params:xml:ns:yang:ietf-ntp 2494 Registrant Contact: The IESG. 2496 XML: N/A; the requested URI is an XML namespace. 2498 10.2. YANG Module Names 2500 This document registers a YANG module in the "YANG Module Names" 2501 registry [RFC6020]. 2503 Name: ietf-ntp 2504 Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp 2506 Prefix: ntp 2508 Reference: RFC XXXX 2510 Note: The RFC Editor will replace XXXX with the number assigned to 2511 this document once it becomes an RFC. 2513 11. Security Considerations 2515 The YANG module specified in this document defines a schema for data 2516 that is designed to be accessed via network management protocols such 2517 as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer 2518 is the secure transport layer, and the mandatory-to-implement secure 2519 transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer 2520 is HTTPS, and the mandatory-to-implement secure transport is TLS 2521 [RFC8446]. 2523 The NETCONF Access Control Model (NACM) [RFC8341] provides the means 2524 to restrict access for particular NETCONF or RESTCONF users to a 2525 preconfigured subset of all available NETCONF or RESTCONF protocol 2526 operations and content. The 'nacm:default-deny-all' is used to 2527 prevent retrieval of the key information. 2529 There are a number of data nodes defined in this YANG module that are 2530 writable/creatable/deletable (i.e., config true, which is the 2531 default). These data nodes may be considered sensitive or vulnerable 2532 in some network environments. Write operations (e.g., edit-config) 2533 to these data nodes without proper protection can have a negative 2534 effect on network operations. These are the subtrees and data nodes 2535 and their sensitivity/vulnerability: 2537 /ntp/port - This data node specify the port number to be used to 2538 send NTP packets. Unexpected changes could lead to disruption 2539 and/or network misbehavior. 2541 /ntp/authentication and /ntp/access-rules - The entries in the 2542 list include the authentication and access control configurations. 2543 Care should be taken while setting these parameters. 2545 /ntp/unicast-configuration - The entries in the list include all 2546 unicast configurations (server or peer mode), and indirectly 2547 creates or modify the NTP associations. Unexpected changes could 2548 lead to disruption and/or network misbehavior. 2550 /ntp/interfaces/interface - The entries in the list include all 2551 per-interface configurations related to broadcast, multicast and 2552 manycast mode, and indirectly creates or modify the NTP 2553 associations. Unexpected changes could lead to disruption and/or 2554 network misbehavior. It could also lead to syncronization over 2555 untrusted source over trusted ones. 2557 Some of the readable data nodes in this YANG module may be considered 2558 sensitive or vulnerable in some network environments. It is thus 2559 important to control read access (e.g., via get, get-config, or 2560 notification) to these data nodes. These are the subtrees and data 2561 nodes and their sensitivity/vulnerability: 2563 /ntp/authentication/authentication-keys - The entries in the list 2564 includes all the NTP authentication keys. Unauthorized access to 2565 the keys can be easily exploited to permit unauthorized access to 2566 the NTP service. This information is sensitive and thus 2567 unauthorized access to this needs to be curtailed. 2569 /ntp/associations/association/ - The entries in the list includes 2570 all active NTP associations of all modes. Exposure of these nodes 2571 could reveal network topology or trust relationship. Unauthorized 2572 access to this also needs to be curtailed. 2574 /ntp/authentication and /ntp/access-rules - The entries in the 2575 list include the authentication and access control configurations. 2576 Exposure of these nodes could reveal network topology or trust 2577 relationship. 2579 Some of the RPC operations in this YANG module may be considered 2580 sensitive or vulnerable in some network environments. It is thus 2581 important to control access to these operations. These are the 2582 operations and their sensitivity/vulnerability: 2584 statistics-reset - The RPC is used to reset statistics. 2585 Unauthorized reset could impact monitoring. 2587 The leaf /ntp/authentication/authentication-keys/algorithm can be set 2588 to cryptographic algorithms that are no longer considered to be 2589 secure. As per [RFC8573], AES-CMAC is the recommended algorithm. 2591 12. Acknowledgments 2593 The authors would like to express their thanks to Sladjana Zoric, 2594 Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice 2595 Angermann, Watson Ladd, and Rich Salz for their review and 2596 suggestions. 2598 Thanks to Andy Bierman for the YANG doctor review. 2600 Thanks to Dieter Sibold for being the document shepherd and Erik 2601 Kline for being the responsible AD. 2603 Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens 2604 for GENART review. 2606 A special thanks to Tom Petch for a very detailed YANG review and 2607 providing great suggestions for improvements. 2609 Thanks for the IESG review from Benjamin Kaduk, Francesca Palombini, 2610 Eric Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and 2611 Zaheduzzaman Sarker. 2613 13. References 2615 13.1. Normative References 2617 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2618 Requirement Levels", BCP 14, RFC 2119, 2619 DOI 10.17487/RFC2119, March 1997, 2620 . 2622 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2623 DOI 10.17487/RFC3688, January 2004, 2624 . 2626 [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, 2627 "Network Time Protocol Version 4: Protocol and Algorithms 2628 Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, 2629 . 2631 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2632 the Network Configuration Protocol (NETCONF)", RFC 6020, 2633 DOI 10.17487/RFC6020, October 2010, 2634 . 2636 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2637 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2638 . 2640 [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for 2641 System Management", RFC 7317, DOI 10.17487/RFC7317, August 2642 2014, . 2644 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2645 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2646 . 2648 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2649 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2650 May 2017, . 2652 [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, 2653 "Common YANG Data Types for the Routing Area", RFC 8294, 2654 DOI 10.17487/RFC8294, December 2017, 2655 . 2657 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2658 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2659 . 2661 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2662 Access Control Model", STD 91, RFC 8341, 2663 DOI 10.17487/RFC8341, March 2018, 2664 . 2666 [RFC8343] Bjorklund, M., "A YANG Data Model for Interface 2667 Management", RFC 8343, DOI 10.17487/RFC8343, March 2018, 2668 . 2670 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2671 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2672 . 2674 [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, 2675 "YANG Data Model for Network Access Control Lists (ACLs)", 2676 RFC 8519, DOI 10.17487/RFC8519, March 2019, 2677 . 2679 [RFC8573] Malhotra, A. and S. Goldberg, "Message Authentication Code 2680 for the Network Time Protocol", RFC 8573, 2681 DOI 10.17487/RFC8573, June 2019, 2682 . 2684 13.2. Informative References 2686 [RFC1305] Mills, D., "Network Time Protocol (Version 3) 2687 Specification, Implementation and Analysis", RFC 1305, 2688 DOI 10.17487/RFC1305, March 1992, 2689 . 2691 [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, 2692 DOI 10.17487/RFC1321, April 1992, 2693 . 2695 [RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 2696 (SHA1)", RFC 3174, DOI 10.17487/RFC3174, September 2001, 2697 . 2699 [RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The 2700 AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June 2701 2006, . 2703 [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., 2704 "Definitions of Managed Objects for Network Time Protocol 2705 Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June 2706 2010, . 2708 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2709 and A. Bierman, Ed., "Network Configuration Protocol 2710 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2711 . 2713 [RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure 2714 Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, 2715 . 2717 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2718 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2719 . 2721 [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., 2722 and R. Wilton, "Network Management Datastore Architecture 2723 (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, 2724 . 2726 [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, 2727 "Handling Long Lines in Content of Internet-Drafts and 2728 RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, 2729 . 2731 [SHS] NIST, "Secure Hash Standard (SHS)", FIPS PUB 180-4, March 2732 2012, . 2735 Appendix A. Full YANG Tree 2737 The full tree for ietf-ntp YANG model is - 2738 module: ietf-ntp 2739 +--rw ntp! 2740 +--rw port? inet:port-number {ntp-port}? 2741 +--rw refclock-master! 2742 | +--rw master-stratum? ntp-stratum 2743 +--rw authentication {authentication}? 2744 | +--rw auth-enabled? boolean 2745 | +--rw authentication-keys* [key-id] 2746 | +--rw key-id uint32 2747 | +--rw algorithm? identityref 2748 | +--rw key 2749 | | +--rw (key-string-style)? 2750 | | +--:(keystring) 2751 | | | +--rw keystring? string {deprecated}? 2752 | | +--:(hexadecimal) {hex-key-string}? 2753 | | +--rw hexadecimal-string? yang:hex-string 2754 | +--rw istrusted? boolean 2755 +--rw access-rules {access-rules}? 2756 | +--rw access-rule* [access-mode] 2757 | +--rw access-mode identityref 2758 | +--rw acl? -> /acl:acls/acl/name 2759 +--ro clock-state 2760 | +--ro system-status 2761 | +--ro clock-state identityref 2762 | +--ro clock-stratum ntp-stratum 2763 | +--ro clock-refid refid 2764 | +--ro associations-address? 2765 | | -> /ntp/associations/association/address 2766 | +--ro associations-local-mode? 2767 | | -> /ntp/associations/association/local-mode 2768 | +--ro associations-isconfigured? 2769 | | -> /ntp/associations/association/isconfigured 2770 | +--ro nominal-freq decimal64 2771 | +--ro actual-freq decimal64 2772 | +--ro clock-precision log2seconds 2773 | +--ro clock-offset? decimal64 2774 | +--ro root-delay? decimal64 2775 | +--ro root-dispersion? decimal64 2776 | +--ro reference-time? ntp-date-and-time 2777 | +--ro sync-state identityref 2778 +--rw unicast-configuration* [address type] 2779 | {unicast-configuration}? 2780 | +--rw address inet:ip-address 2781 | +--rw type identityref 2782 | +--rw authentication {authentication}? 2783 | | +--rw (authentication-type)? 2784 | | +--:(symmetric-key) 2785 | | +--rw key-id? leafref 2786 | +--rw prefer? boolean 2787 | +--rw burst? boolean 2788 | +--rw iburst? boolean 2789 | +--rw source? if:interface-ref 2790 | +--rw minpoll? log2seconds 2791 | +--rw maxpoll? log2seconds 2792 | +--rw port? inet:port-number {ntp-port}? 2793 | +--rw version? ntp-version 2794 +--rw associations 2795 | +--ro association* [address local-mode isconfigured] 2796 | +--ro address inet:ip-address 2797 | +--ro local-mode identityref 2798 | +--ro isconfigured boolean 2799 | +--ro stratum? ntp-stratum 2800 | +--ro refid? refid 2801 | +--ro authentication? 2802 | | -> /ntp/authentication/authentication-keys/key-id 2803 | | {authentication}? 2804 | +--ro prefer? boolean 2805 | +--ro peer-interface? if:interface-ref 2806 | +--ro minpoll? log2seconds 2807 | +--ro maxpoll? log2seconds 2808 | +--ro port? inet:port-number {ntp-port}? 2809 | +--ro version? ntp-version 2810 | +--ro reach? uint8 2811 | +--ro unreach? uint8 2812 | +--ro poll? log2seconds 2813 | +--ro now? uint32 2814 | +--ro offset? decimal64 2815 | +--ro delay? decimal64 2816 | +--ro dispersion? decimal64 2817 | +--ro originate-time? ntp-date-and-time 2818 | +--ro receive-time? ntp-date-and-time 2819 | +--ro transmit-time? ntp-date-and-time 2820 | +--ro input-time? ntp-date-and-time 2821 | +--ro ntp-statistics 2822 | +--ro discontinuity-time? ntp-date-and-time 2823 | +--ro packet-sent? yang:counter32 2824 | +--ro packet-sent-fail? yang:counter32 2825 | +--ro packet-received? yang:counter32 2826 | +--ro packet-dropped? yang:counter32 2827 +--rw interfaces 2828 | +--rw interface* [name] 2829 | +--rw name if:interface-ref 2830 | +--rw broadcast-server! {broadcast-server}? 2831 | | +--rw ttl? uint8 2832 | | +--rw authentication {authentication}? 2833 | | | +--rw (authentication-type)? 2834 | | | +--:(symmetric-key) 2835 | | | +--rw key-id? leafref 2836 | | +--rw minpoll? log2seconds 2837 | | +--rw maxpoll? log2seconds 2838 | | +--rw port? inet:port-number {ntp-port}? 2839 | | +--rw version? ntp-version 2840 | +--rw broadcast-client! {broadcast-client}? 2841 | +--rw multicast-server* [address] {multicast-server}? 2842 | | +--rw address 2843 | | | rt-types:ip-multicast-group-address 2844 | | +--rw ttl? uint8 2845 | | +--rw authentication {authentication}? 2846 | | | +--rw (authentication-type)? 2847 | | | +--:(symmetric-key) 2848 | | | +--rw key-id? leafref 2849 | | +--rw minpoll? log2seconds 2850 | | +--rw maxpoll? log2seconds 2851 | | +--rw port? inet:port-number {ntp-port}? 2852 | | +--rw version? ntp-version 2853 | +--rw multicast-client* [address] {multicast-client}? 2854 | | +--rw address rt-types:ip-multicast-group-address 2855 | +--rw manycast-server* [address] {manycast-server}? 2856 | | +--rw address rt-types:ip-multicast-group-address 2857 | +--rw manycast-client* [address] {manycast-client}? 2858 | +--rw address 2859 | | rt-types:ip-multicast-group-address 2860 | +--rw authentication {authentication}? 2861 | | +--rw (authentication-type)? 2862 | | +--:(symmetric-key) 2863 | | +--rw key-id? leafref 2864 | +--rw ttl? uint8 2865 | +--rw minclock? uint8 2866 | +--rw maxclock? uint8 2867 | +--rw beacon? log2seconds 2868 | +--rw minpoll? log2seconds 2869 | +--rw maxpoll? log2seconds 2870 | +--rw port? inet:port-number {ntp-port}? 2871 | +--rw version? ntp-version 2872 +--ro ntp-statistics 2873 +--ro discontinuity-time? ntp-date-and-time 2874 +--ro packet-sent? yang:counter32 2875 +--ro packet-sent-fail? yang:counter32 2876 +--ro packet-received? yang:counter32 2877 +--ro packet-dropped? yang:counter32 2879 rpcs: 2880 +---x statistics-reset 2881 +---w input 2882 +---w (association-or-all)? 2883 +--:(association) 2884 | +---w associations-address? 2885 | | -> /ntp/associations/association/address 2886 | +---w associations-local-mode? 2887 | | -> /ntp/associations/association/local-mode 2888 | +---w associations-isconfigured? 2889 | -> /ntp/associations/association/isconfigured 2890 +--:(all) 2892 Authors' Addresses 2894 Nan Wu 2895 Huawei 2896 Huawei Bld., No.156 Beiqing Rd. 2897 Beijing 2898 100095 2899 China 2900 Email: eric.wu@huawei.com 2902 Dhruv Dhody (editor) 2903 Huawei 2904 Divyashree Techno Park, Whitefield 2905 Bangalore 560066 2906 Kanataka 2907 India 2908 Email: dhruv.ietf@gmail.com 2910 Ankit kumar Sinha (editor) 2911 RtBrick Inc. 2912 Bangalore 2913 Kanataka 2914 India 2915 Email: ankit.ietf@gmail.com 2917 Anil Kumar S N 2918 RtBrick Inc. 2919 Bangalore 2920 Kanataka 2921 India 2922 Email: anil.ietf@gmail.com 2923 Yi Zhao 2924 Ericsson 2925 China Digital Kingdom Bld., No.1 WangJing North Rd. 2926 Beijing 2927 100102 2928 China 2929 Email: yi.z.zhao@ericsson.com