rfc9249.original | rfc9249.txt | |||
---|---|---|---|---|
NTP Working Group N. Wu | Internet Engineering Task Force (IETF) N. Wu | |||
Internet-Draft D. Dhody, Ed. | Request for Comments: 9249 D. Dhody, Ed. | |||
Intended status: Standards Track Huawei | Category: Standards Track Huawei | |||
Expires: 21 September 2022 A. Sinha, Ed. | ISSN: 2070-1721 A. Sinha, Ed. | |||
A. Kumar S N | A. Kumar S N | |||
RtBrick Inc. | RtBrick Inc. | |||
Y. Zhao | Y. Zhao | |||
Ericsson | Ericsson | |||
20 March 2022 | June 2022 | |||
A YANG Data Model for NTP | A YANG Data Model for NTP | |||
draft-ietf-ntp-yang-data-model-17 | ||||
Abstract | Abstract | |||
This document defines a YANG data model for Network Time Protocol | This document defines a YANG data model for implementations of the | |||
(NTP) version 4 implementations. It can also be used to configure | Network Time Protocol (NTP) version 4. It can also be used to | |||
version 3. The data model includes configuration data and state | configure version 3. The data model includes configuration data and | |||
data. | state data. | |||
Requirements Language | ||||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | ||||
"OPTIONAL" in this document are to be interpreted as described in BCP | ||||
14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
capitals, as shown here. | ||||
Status of This Memo | Status of This Memo | |||
This Internet-Draft is submitted in full conformance with the | This is an Internet Standards Track document. | |||
provisions of BCP 78 and BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | ||||
Task Force (IETF). Note that other groups may also distribute | ||||
working documents as Internet-Drafts. The list of current Internet- | ||||
Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
Internet-Drafts are draft documents valid for a maximum of six months | This document is a product of the Internet Engineering Task Force | |||
and may be updated, replaced, or obsoleted by other documents at any | (IETF). It represents the consensus of the IETF community. It has | |||
time. It is inappropriate to use Internet-Drafts as reference | received public review and has been approved for publication by the | |||
material or to cite them other than as "work in progress." | Internet Engineering Steering Group (IESG). Further information on | |||
Internet Standards is available in Section 2 of RFC 7841. | ||||
This Internet-Draft will expire on 21 September 2022. | Information about the current status of this document, any errata, | |||
and how to provide feedback on it may be obtained at | ||||
https://www.rfc-editor.org/info/rfc9249. | ||||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
extracted from this document must include Revised BSD License text as | to this document. Code Components extracted from this document must | |||
described in Section 4.e of the Trust Legal Provisions and are | include Revised BSD License text as described in Section 4.e of the | |||
provided without warranty as described in the Revised BSD License. | Trust Legal Provisions and are provided without warranty as described | |||
in the Revised BSD License. | ||||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
1.1. Operational State . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Operational State | |||
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Terminology | |||
1.3. Tree Diagrams . . . . . . . . . . . . . . . . . . . . . . 3 | 1.3. Tree Diagrams | |||
1.4. Prefixes in Data Node Names . . . . . . . . . . . . . . . 3 | 1.4. Prefixes in Data Node Names | |||
1.5. References in the Model . . . . . . . . . . . . . . . . . 4 | 1.5. References in the Model | |||
2. NTP data model . . . . . . . . . . . . . . . . . . . . . . . 5 | 1.6. Requirements Language | |||
3. Relationship with NTPv4-MIB . . . . . . . . . . . . . . . . . 7 | 2. NTP Data Model | |||
4. Relationship with RFC 7317 . . . . . . . . . . . . . . . . . 9 | 3. Relationship with NTPv4-MIB | |||
5. Access Rules . . . . . . . . . . . . . . . . . . . . . . . . 9 | 4. Relationship with RFC 7317 | |||
6. Key Management . . . . . . . . . . . . . . . . . . . . . . . 10 | 5. Access Rules | |||
7. NTP Version . . . . . . . . . . . . . . . . . . . . . . . . . 10 | 6. Key Management | |||
8. NTP YANG Module . . . . . . . . . . . . . . . . . . . . . . . 11 | 7. NTP Version | |||
9. Usage Example . . . . . . . . . . . . . . . . . . . . . . . . 41 | 8. NTP YANG Module | |||
9.1. Unicast association . . . . . . . . . . . . . . . . . . . 41 | 9. Usage Example | |||
9.2. Refclock master . . . . . . . . . . . . . . . . . . . . . 44 | 9.1. Unicast Association | |||
9.3. Authentication configuration . . . . . . . . . . . . . . 44 | 9.2. Refclock Master | |||
9.4. Access configuration . . . . . . . . . . . . . . . . . . 45 | 9.3. Authentication Configuration | |||
9.5. Multicast configuration . . . . . . . . . . . . . . . . . 46 | 9.4. Access Configuration | |||
9.6. Manycast configuration . . . . . . . . . . . . . . . . . 50 | 9.5. Multicast Configuration | |||
9.7. Clock state . . . . . . . . . . . . . . . . . . . . . . . 53 | 9.6. Manycast Configuration | |||
9.8. Get all association . . . . . . . . . . . . . . . . . . . 53 | 9.7. Clock State | |||
9.9. Global statistic . . . . . . . . . . . . . . . . . . . . 55 | 9.8. Get All Association | |||
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 | 9.9. Global Statistic | |||
10.1. IETF XML Registry . . . . . . . . . . . . . . . . . . . 55 | 10. IANA Considerations | |||
10.2. YANG Module Names . . . . . . . . . . . . . . . . . . . 55 | 10.1. IETF XML Registry | |||
11. Security Considerations . . . . . . . . . . . . . . . . . . . 56 | 10.2. YANG Module Names | |||
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 57 | 11. Security Considerations | |||
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 58 | 12. References | |||
13.1. Normative References . . . . . . . . . . . . . . . . . . 58 | 12.1. Normative References | |||
13.2. Informative References . . . . . . . . . . . . . . . . . 59 | 12.2. Informative References | |||
Appendix A. Full YANG Tree . . . . . . . . . . . . . . . . . . . 60 | Appendix A. Full YANG Tree | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 64 | Acknowledgments | |||
Authors' Addresses | ||||
1. Introduction | 1. Introduction | |||
This document defines a YANG [RFC7950] data model for Network Time | This document defines a YANG data model [RFC7950] for implementations | |||
Protocol [RFC5905] implementations. Note that the model could also | of the Network Time Protocol version 4 [RFC5905]. Note that the | |||
be used to configure NTPv3 [RFC1305] (see Section 7). | model could also be used to configure NTPv3 [RFC1305] (see | |||
Section 7). | ||||
The data model covers configuration of system parameters of NTP, such | The data model covers configuration of system parameters of NTP such | |||
as access rules, authentication and VPN Routing and Forwarding (VRF) | as access rules, authentication and VPN Routing and Forwarding (VRF) | |||
binding, and also various modes of NTP and per-interface parameters. | binding, and various modes of NTP and per-interface parameters. It | |||
It also provides access to information about running state of NTP | also provides access to information about running state of NTP | |||
implementations. | implementations. | |||
1.1. Operational State | 1.1. Operational State | |||
NTP Operational State is included in the same tree as NTP | NTP operational state is included in the same tree as NTP | |||
configuration, consistent with Network Management Datastore | configuration, consistent with "Network Management Datastore | |||
Architecture (NMDA) [RFC8342]. NTP current state and statistics are | Architecture (NMDA)" [RFC8342]. NTP current state and statistics are | |||
also maintained in the operational state. The operational state also | also maintained in the operational state. The operational state also | |||
includes the NTP association state. | includes the NTP association state. | |||
1.2. Terminology | 1.2. Terminology | |||
The terminology used in this document is aligned to [RFC5905] and | The terminology used in this document is aligned with [RFC5905] and | |||
[RFC1305]. | [RFC1305]. | |||
1.3. Tree Diagrams | 1.3. Tree Diagrams | |||
A simplified graphical representation of the data model is used in | A simplified graphical representation of the data model is used in | |||
this document. This document uses the graphical representation of | this document. This document uses the graphical representation of | |||
data models defined in [RFC8340]. | data models defined in [RFC8340]. | |||
1.4. Prefixes in Data Node Names | 1.4. Prefixes in Data Node Names | |||
In this document, names of data nodes and other data model objects | In this document, names of data nodes and other data model objects | |||
are often used without a prefix, as long as it is clear from the | are often used without a prefix, as long as it is clear from the | |||
context in which YANG module each name is defined. Otherwise, names | context in which YANG module each name is defined. Otherwise, names | |||
are prefixed using the standard prefix associated with the | are prefixed using the standard prefix associated with the | |||
corresponding YANG module, as shown in Table 1. | corresponding YANG module, as shown in Table 1. | |||
+==========+==========================+===========+ | +==========+==========================+===========+ | |||
| Prefix | YANG module | Reference | | | Prefix | YANG Module | Reference | | |||
+==========+==========================+===========+ | +==========+==========================+===========+ | |||
| yang | ietf-yang-types | [RFC6991] | | | yang | ietf-yang-types | [RFC6991] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| inet | ietf-inet-types | [RFC6991] | | | inet | ietf-inet-types | [RFC6991] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| if | ietf-interfaces | [RFC8343] | | | if | ietf-interfaces | [RFC8343] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| sys | ietf-system | [RFC7317] | | | sys | ietf-system | [RFC7317] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| acl | ietf-access-control-list | [RFC8519] | | | acl | ietf-access-control-list | [RFC8519] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| rt-types | ietf-routing-types | [RFC8294] | | | rt-types | ietf-routing-types | [RFC8294] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
| nacm | ietf-netconf-acm | [RFC8341] | | | nacm | ietf-netconf-acm | [RFC8341] | | |||
+----------+--------------------------+-----------+ | +----------+--------------------------+-----------+ | |||
Table 1: Prefixes and corresponding YANG modules | Table 1: Prefixes and Corresponding YANG Modules | |||
1.5. References in the Model | 1.5. References in the Model | |||
Following documents are referenced in the model defined in this | The following documents are referenced in the model defined in this | |||
document - | document. | |||
+=======================================+===========+ | +=======================================+===========+ | |||
| Title | Reference | | | Title | Reference | | |||
+=======================================+===========+ | +=======================================+===========+ | |||
| Network Time Protocol Version 4: | [RFC5905] | | | Network Time Protocol Version 4: | [RFC5905] | | |||
| Protocol and Algorithms Specification | | | | Protocol and Algorithms Specification | | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
| Common YANG Data Types | [RFC6991] | | | Common YANG Data Types | [RFC6991] | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
| A YANG Data Model for System | [RFC7317] | | | A YANG Data Model for System | [RFC7317] | | |||
| Management | | | | Management | | | |||
skipping to change at page 5, line 40 ¶ | skipping to change at line 188 ¶ | |||
| The AES-CMAC Algorithm | [RFC4493] | | | The AES-CMAC Algorithm | [RFC4493] | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
| The MD5 Message-Digest Algorithm | [RFC1321] | | | The MD5 Message-Digest Algorithm | [RFC1321] | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
| US Secure Hash Algorithm 1 (SHA1) | [RFC3174] | | | US Secure Hash Algorithm 1 (SHA1) | [RFC3174] | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
| FIPS 180-4: Secure Hash Standard | [SHS] | | | FIPS 180-4: Secure Hash Standard | [SHS] | | |||
| (SHS) | | | | (SHS) | | | |||
+---------------------------------------+-----------+ | +---------------------------------------+-----------+ | |||
Table 2: References in the YANG modules | Table 2: References in the YANG Module | |||
2. NTP data model | 1.6. Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | ||||
"OPTIONAL" in this document are to be interpreted as described in | ||||
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | ||||
capitals, as shown here. | ||||
2. NTP Data Model | ||||
This document defines the YANG module "ietf-ntp", which has the | This document defines the YANG module "ietf-ntp", which has the | |||
following condensed structure: | following condensed structure: | |||
module: ietf-ntp | module: ietf-ntp | |||
+--rw ntp! | +--rw ntp! | |||
+--rw port? inet:port-number {ntp-port}? | +--rw port? inet:port-number {ntp-port}? | |||
+--rw refclock-master! | +--rw refclock-master! | |||
| +--rw master-stratum? ntp-stratum | | +--rw master-stratum? ntp-stratum | |||
+--rw authentication {authentication}? | +--rw authentication {authentication}? | |||
skipping to change at page 7, line 26 ¶ | skipping to change at line 273 ¶ | |||
| | -> /ntp/associations/association/address | | | -> /ntp/associations/association/address | |||
| +---w associations-local-mode? | | +---w associations-local-mode? | |||
| | -> /ntp/associations/association/local-mode | | | -> /ntp/associations/association/local-mode | |||
| +---w associations-isconfigured? | | +---w associations-isconfigured? | |||
| -> /ntp/associations/association/isconfigured | | -> /ntp/associations/association/isconfigured | |||
+--:(all) | +--:(all) | |||
The full data model tree for the YANG module "ietf-ntp" is in | The full data model tree for the YANG module "ietf-ntp" is in | |||
Appendix A. | Appendix A. | |||
This data model defines one top-level container which includes both | This data model defines one top-level container that includes both | |||
the NTP configuration and the NTP running state including access | the NTP configuration and the NTP running state including access | |||
rules, authentication, associations, unicast configurations, | rules, authentication, associations, unicast configurations, | |||
interfaces, system status and associations. | interfaces, system status, and associations. | |||
3. Relationship with NTPv4-MIB | 3. Relationship with NTPv4-MIB | |||
If the device implements the NTPv4-MIB [RFC5907], data nodes from | If the device implements the NTPv4-MIB [RFC5907], data nodes from the | |||
YANG module can be mapped to table entries in NTPv4-MIB. | YANG module can be mapped to table entries in the NTPv4-MIB. | |||
The following tables list the YANG data nodes with corresponding | The following tables list the YANG data nodes with corresponding | |||
objects in the NTPv4-MIB. | objects in the NTPv4-MIB. | |||
YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects | ||||
+===========================+=================================+ | +===========================+=================================+ | |||
| YANG data nodes in /ntp/ | NTPv4-MIB objects | | | YANG Data Nodes in /ntp/ | NTPv4-MIB Objects | | |||
| clock-state/system-status | | | | clock-state/system-status | | | |||
+===========================+=================================+ | +===========================+=================================+ | |||
| clock-state | ntpEntStatusCurrentMode | | | clock-state | ntpEntStatusCurrentMode | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| clock-stratum | ntpEntStatusStratum | | | clock-stratum | ntpEntStatusStratum | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| clock-refid | ntpEntStatusActiveRefSourceId | | | clock-refid | ntpEntStatusActiveRefSourceId | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| | ntpEntStatusActiveRefSourceName | | | | ntpEntStatusActiveRefSourceName | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| clock-precision | ntpEntTimePrecision | | | clock-precision | ntpEntTimePrecision | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| clock-offset | ntpEntStatusActiveOffset | | | clock-offset | ntpEntStatusActiveOffset | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
| root-dispersion | ntpEntStatusDispersion | | | root-dispersion | ntpEntStatusDispersion | | |||
+---------------------------+---------------------------------+ | +---------------------------+---------------------------------+ | |||
Table 3 | Table 3: YANG NTP Data Nodes in /ntp/clock-state/system- | |||
status and Related NTPv4-MIB Objects | ||||
+=======================================+===========================+ | +=======================================+===========================+ | |||
| YANG data nodes in | NTPv4-MIB objects | | | YANG Data Nodes in | NTPv4-MIB Objects | | |||
| /ntp/associations/ | | | | /ntp/associations/ | | | |||
+=======================================+===========================+ | +=======================================+===========================+ | |||
| address | ntpAssocAddressType | | | address | ntpAssocAddressType | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
| | ntpAssocAddress | | | | ntpAssocAddress | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
| stratum | ntpAssocStratum | | | stratum | ntpAssocStratum | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
| refid | ntpAssocRefId | | | refid | ntpAssocRefId | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
skipping to change at page 8, line 42 ¶ | skipping to change at line 336 ¶ | |||
| ntp-statistics/ | ntpAssocStatOutPkts | | | ntp-statistics/ | ntpAssocStatOutPkts | | |||
| packet-sent | | | | packet-sent | | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
| ntp-statistics/ | ntpAssocStatInPkts | | | ntp-statistics/ | ntpAssocStatInPkts | | |||
| packet-received | | | | packet-received | | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
| ntp-statistics/ | ntpAssocStatProtocolError | | | ntp-statistics/ | ntpAssocStatProtocolError | | |||
| packet-dropped | | | | packet-dropped | | | |||
+---------------------------------------+---------------------------+ | +---------------------------------------+---------------------------+ | |||
Table 4 | Table 4: YANG NTP Data Nodes in /ntp/associations/ and Related | |||
NTPv4-MIB Objects | ||||
YANG NTP State Data Nodes and Related NTPv4-MIB Objects | ||||
4. Relationship with RFC 7317 | 4. Relationship with RFC 7317 | |||
This section describes the relationship with NTP definition in | This section describes the relationship with definition of NTP in | |||
Section 3.2 System Time Management of [RFC7317] . YANG data nodes in | Section 3.2 (System Time Management) of [RFC7317]. YANG data nodes | |||
/ntp/ also support per-interface configuration which is not supported | in /ntp/ also support per-interface configuration, which is not | |||
in /system/ntp. If the yang model defined in this document is | supported in /system/ntp. If the YANG data model defined in this | |||
implemented, then /system/ntp SHOULD NOT be used and MUST be ignored. | document is implemented, then /system/ntp SHOULD NOT be used and MUST | |||
be ignored. | ||||
+===============================+================================+ | +===============================+================================+ | |||
| YANG data nodes in /ntp/ | YANG data nodes in /system/ntp | | | YANG Data Nodes in /ntp/ | YANG Data Nodes in /system/ntp | | |||
+===============================+================================+ | +===============================+================================+ | |||
| ntp! | enabled | | | ntp! | enabled | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration | server | | | unicast-configuration | server | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| | server/name | | | | server/name | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration/address | server/transport/udp/address | | | unicast-configuration/address | server/transport/udp/address | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration/port | server/transport/udp/port | | | unicast-configuration/port | server/transport/udp/port | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration/type | server/association-type | | | unicast-configuration/type | server/association-type | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration/iburst | server/iburst | | | unicast-configuration/iburst | server/iburst | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
| unicast-configuration/prefer | server/prefer | | | unicast-configuration/prefer | server/prefer | | |||
+-------------------------------+--------------------------------+ | +-------------------------------+--------------------------------+ | |||
Table 5 | Table 5: YANG NTP Configuration Data Nodes and Counterparts | |||
from RFC 7317 | ||||
YANG NTP Configuration Data Nodes and counterparts in RFC 7317 | ||||
Objects | ||||
5. Access Rules | 5. Access Rules | |||
The access rules in this section refers to the on-the-wire access | The access rules in this section refers to the on-the-wire access | |||
control to the NTP service and completely independent of any | control to the NTP service and completely independent of any | |||
management API access control, e.g., NETCONF Access Control Model | management API access control, e.g., NETCONF Access Control Model | |||
(NACM) ([RFC8341]). | (NACM) [RFC8341]. | |||
An Access Control List (ACL) is one of the basic elements used to | An Access Control List (ACL) is one of the basic elements used to | |||
configure device-forwarding behavior. An ACL is a user-ordered set | configure device-forwarding behavior. An ACL is a user-ordered set | |||
of rules that is used to filter traffic on a networking device. | of rules that is used to filter traffic on a networking device. | |||
As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), NTP could | As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), NTP could | |||
include an access-control feature that prevents unauthorized access | include an access-control feature that prevents unauthorized access | |||
and controls which peers are allowed to update the local clock. | and that controls which peers are allowed to update the local clock. | |||
Further it is useful to differentiate between the various kinds of | Further, it is useful to differentiate between the various kinds of | |||
access and attach a different acl-rule to each. For this, the YANG | access and attach a different acl-rule to each. For this, the YANG | |||
module allows such configuration via /ntp/access-rules. The access- | module allows such configuration via /ntp/access-rules. The access- | |||
rule itself is configured via [RFC8519]. | rule itself is configured via [RFC8519]. | |||
Following access modes are supported - | The following access modes are supported: | |||
* Peer: Permit others to synchronize their time with the NTP entity | Peer: Permit others to synchronize their time with the NTP entity or | |||
or it can synchronize its time with others. NTP control queries | it can synchronize its time with others. NTP control queries are | |||
are also accepted. | also accepted. | |||
* Server: Permit others to synchronize their time with the NTP | Server: Permit others to synchronize their time with the NTP entity, | |||
entity, but vice versa is not supported. NTP control queries are | but vice versa is not supported. NTP control queries are | |||
accepted. | accepted. | |||
* Server-only: Permit others to synchronize their time with NTP | Server-only: Permit others to synchronize their time with the NTP | |||
entity, but vice versa is not supported. NTP control queries are | entity, but vice versa is not supported. NTP control queries are | |||
not accepted. | not accepted. | |||
* Query-only: Only control queries are accepted. | Query-only: Only control queries are accepted. | |||
Query-only is the most restricted where as the peer is the full | Query-only is the most restricted whereas the peer is the full access | |||
access authority. The ability to give different ACL rules for | authority. The ability to give different ACL rules for different | |||
different access modes allows for a greater control by the operator. | access modes allows for a greater control by the operator. | |||
6. Key Management | 6. Key Management | |||
As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), when | As per [RFC1305] (for NTPv3) and [RFC5905] (for NTPv4), when | |||
authentication is enabled, NTP employs a crypto-checksum, computed by | authentication is enabled, NTP employs a crypto-checksum, computed by | |||
the sender and checked by the receiver, together with a set of | the sender and checked by the receiver, together with a set of | |||
predistributed algorithms, and cryptographic keys indexed by a key | predistributed algorithms, and cryptographic keys indexed by a key | |||
identifier included in the NTP message. This key-id is a 32-bit | identifier included in the NTP message. This key-id is a 32-bit | |||
unsigned integer that MUST be configured on the NTP peers before the | unsigned integer that MUST be configured on the NTP peers before the | |||
authentication could be used. For this reason, this YANG module | authentication can be used. For this reason, this YANG module allows | |||
allows such configuration via /ntp/authentication/authentication- | such configuration via /ntp/authentication/authentication-keys/. | |||
keys/. Further at the time of configuration of NTP association (for | Further at the time of configuration of NTP association (for example, | |||
example unicast-server), the key-id is specified. | unicast-server), the key-id is specified. | |||
The 'nacm:default-deny-all' is used to prevent retrieval of the | The 'nacm:default-deny-all' is used to prevent retrieval of the | |||
actual key information after it is set. | actual key information after it is set. | |||
7. NTP Version | 7. NTP Version | |||
This YANG model allow a version to be configured for the NTP | This YANG data model allows a version to be configured for the NTP | |||
association i.e. an operator can control the use of NTPv3 [RFC1305] | association, i.e., an operator can control the use of NTPv3 [RFC1305] | |||
or NTPv4 [RFC5905] for each association it forms. This allows | or NTPv4 [RFC5905] for each association it forms. This allows | |||
backward compatibility with a legacy system. Note that the version 3 | backward compatibility with a legacy system. Note that NTPv3 | |||
of NTP [RFC1305] is obsoleted by NTPv4 [RFC5905]. | [RFC1305] is obsoleted by NTPv4 [RFC5905]. | |||
8. NTP YANG Module | 8. NTP YANG Module | |||
<CODE BEGINS> file "ietf-ntp@2022-03-21.yang" | <CODE BEGINS> file "ietf-ntp@2022-06-10.yang" | |||
module ietf-ntp { | module ietf-ntp { | |||
yang-version 1.1; | yang-version 1.1; | |||
namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; | namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; | |||
prefix ntp; | prefix ntp; | |||
import ietf-yang-types { | import ietf-yang-types { | |||
prefix yang; | prefix yang; | |||
reference | reference | |||
"RFC 6991: Common YANG Data Types"; | "RFC 6991: Common YANG Data Types"; | |||
} | } | |||
skipping to change at page 11, line 47 ¶ | skipping to change at line 476 ¶ | |||
Lists (ACLs)"; | Lists (ACLs)"; | |||
} | } | |||
import ietf-routing-types { | import ietf-routing-types { | |||
prefix rt-types; | prefix rt-types; | |||
reference | reference | |||
"RFC 8294: Common YANG Data Types for the Routing Area"; | "RFC 8294: Common YANG Data Types for the Routing Area"; | |||
} | } | |||
import ietf-netconf-acm { | import ietf-netconf-acm { | |||
prefix nacm; | prefix nacm; | |||
reference | reference | |||
"RFC 8341: Network Configuration Protocol (NETCONF) Access | "RFC 8341: Network Configuration Access Control Model"; | |||
Control Model"; | ||||
} | } | |||
organization | organization | |||
"IETF NTP (Network Time Protocol) Working Group"; | "IETF NTP (Network Time Protocol) Working Group"; | |||
contact | contact | |||
"WG Web: <https://datatracker.ietf.org/wg/ntp/about/> | "WG Web: <https://datatracker.ietf.org/wg/ntp/> | |||
WG List: <mailto: ntp@ietf.org | WG List: <mailto: ntp@ietf.org | |||
Editor: Dhruv Dhody | Editor: Dhruv Dhody | |||
<mailto:dhruv.ietf@gmail.com> | <mailto:dhruv.ietf@gmail.com> | |||
Editor: Ankit Kumar Sinha | Editor: Ankit Kumar Sinha | |||
<mailto:ankit.ietf@gmail.com>"; | <mailto:ankit.ietf@gmail.com>"; | |||
description | description | |||
"This document defines a YANG data model for Network Time Protocol | "This document defines a YANG data model for implementations of | |||
(NTP) implementations. The data model includes configuration data | the Network Time Protocol (NTP). The data model includes | |||
and state data. | configuration data and state data. | |||
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL | |||
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', | NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', | |||
'MAY', and 'OPTIONAL' in this document are to be interpreted as | 'MAY', and 'OPTIONAL' in this document are to be interpreted as | |||
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, | described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, | |||
they appear in all capitals, as shown here. | they appear in all capitals, as shown here. | |||
Copyright (c) 2022 IETF Trust and the persons identified as | Copyright (c) 2022 IETF Trust and the persons identified as | |||
authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
Redistribution and use in source and binary forms, with or | Redistribution and use in source and binary forms, with or | |||
without modification, is permitted pursuant to, and subject | without modification, is permitted pursuant to, and subject | |||
to the license terms contained in, the Revised BSD License | to the license terms contained in, the Revised BSD License | |||
set forth in Section 4.c of the IETF Trust's Legal Provisions | set forth in Section 4.c of the IETF Trust's Legal Provisions | |||
Relating to IETF Documents | Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info). | (https://trustee.ietf.org/license-info). | |||
This version of this YANG module is part of RFC XXXX; see the | This version of this YANG module is part of RFC 9249; see the | |||
RFC itself for full legal notices."; | RFC itself for full legal notices."; | |||
revision 2022-03-21 { | revision 2022-06-10 { | |||
description | description | |||
"Initial revision."; | "Initial revision"; | |||
reference | reference | |||
"RFC XXXX: A YANG Data Model for NTP."; | "RFC 9249: A YANG Data Model for NTP"; | |||
} | } | |||
/* Note: The RFC Editor will replace XXXX with the number assigned | ||||
to this document once it becomes an RFC.*/ | ||||
/* Typedef Definitions */ | /* Typedef Definitions */ | |||
typedef ntp-stratum { | typedef ntp-stratum { | |||
type uint8 { | type uint8 { | |||
range "1..16"; | range "1..16"; | |||
} | } | |||
description | description | |||
"The level of each server in the hierarchy is defined by | "The level of each server in the hierarchy is defined by | |||
a stratum. Primary servers are assigned with stratum | a stratum. Primary servers are assigned with stratum | |||
one; secondary servers at each lower level are assigned with | one; secondary servers at each lower level are assigned with | |||
one stratum greater than the preceding level"; | one stratum greater than the preceding level."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 3"; | Algorithms Specification, Section 3"; | |||
} | } | |||
typedef ntp-version { | typedef ntp-version { | |||
type uint8 { | type uint8 { | |||
range "3..max"; | range "3..max"; | |||
} | } | |||
default "4"; | default "4"; | |||
description | description | |||
"The current NTP version supported by corresponding | "The current NTP version supported by the corresponding | |||
association."; | association"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 1"; | Algorithms Specification, Section 1"; | |||
} | } | |||
typedef refid { | typedef refid { | |||
type union { | type union { | |||
type inet:ipv4-address; | type inet:ipv4-address; | |||
type uint32; | type uint32; | |||
type string { | type string { | |||
length "4"; | length "4"; | |||
} | } | |||
} | } | |||
description | description | |||
"A code identifying the particular server or reference | "A code identifying the particular server or reference | |||
clock. The interpretation depends upon stratum. It | clock. The interpretation depends upon stratum. It | |||
could be an IPv4 address or first 32 bits of the MD5 hash of | could be an IPv4 address, the first 32 bits of the MD5 hash | |||
the IPv6 address or a string for the Reference Identifier | of the IPv6 address, or a string for the Reference Identifier | |||
and KISS codes. Some examples: | and KISS codes. Some examples: | |||
-- a refclock ID like '127.127.1.0' for local clock sync | -- a refclock ID like '127.127.1.0' for local clock sync | |||
-- uni/multi/broadcast associations for IPv4 will look like | -- uni/multi/broadcast associations for IPv4 will look like | |||
'203.0.113.1' and '0x4321FEDC' for IPv6 | '203.0.113.1' and '0x4321FEDC' for IPv6 | |||
-- sync with primary source will look like 'DCN', 'NIST', | ||||
'ATOM' | -- sync with a primary source will look like 'DCN', 'NIST', | |||
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' | 'ATOM' | |||
Note that the use of MD5 hash for IPv6 address is not for | ||||
cryptographic purposes "; | -- KISS codes will look like 'AUTH', 'DROP', or 'RATE' | |||
Note that the use of an MD5 hash for IPv6 addresses is not | ||||
for cryptographic purposes."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
typedef ntp-date-and-time { | typedef ntp-date-and-time { | |||
type union { | type union { | |||
type yang:date-and-time; | type yang:date-and-time; | |||
type uint8; | type uint8; | |||
} | } | |||
description | description | |||
"Follows the date-and-time format when valid value exist, | "Follows the date-and-time format when valid values exist. | |||
otherwise allows for setting special value such as | Otherwise, allows for setting a special value such as | |||
zero."; | zero."; | |||
reference | reference | |||
"RFC 6991: Common YANG Data Types"; | "RFC 6991: Common YANG Data Types"; | |||
} | } | |||
typedef log2seconds { | typedef log2seconds { | |||
type int8; | type int8; | |||
description | description | |||
"An 8-bit signed integer that represents signed log2 | "An 8-bit signed integer that represents signed log2 | |||
seconds."; | seconds."; | |||
skipping to change at page 14, line 44 ¶ | skipping to change at line 620 ¶ | |||
feature authentication { | feature authentication { | |||
description | description | |||
"Support for NTP symmetric key authentication"; | "Support for NTP symmetric key authentication"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
feature deprecated { | feature deprecated { | |||
description | description | |||
"Support deprecated MD5-based authentication (RFC 8573) or | "Support deprecated MD5-based authentication (RFC 8573), | |||
SHA-1 or any other deprecated authentication mechanism. | SHA-1, or any other deprecated authentication mechanism. | |||
It is enabled to support legacy compatibility when secure | It is enabled to support legacy compatibility when secure | |||
cryptographic algorithms are not available to use. | cryptographic algorithms are not available to use. | |||
It is also used to configure keystrings in ASCII format."; | It is also used to configure keystrings in ASCII format."; | |||
reference | reference | |||
"RFC 1321: The MD5 Message-Digest Algorithm | "RFC 1321: The MD5 Message-Digest Algorithm, | |||
RFC 3174: US Secure Hash Algorithm 1 (SHA1) | RFC 3174: US Secure Hash Algorithm 1 (SHA1), | |||
FIPS 180-4: Secure Hash Standard (SHS)"; | FIPS 180-4: Secure Hash Standard (SHS)"; | |||
} | } | |||
feature hex-key-string { | feature hex-key-string { | |||
description | description | |||
"Support hexadecimal key string."; | "Support hexadecimal key string"; | |||
} | } | |||
feature access-rules { | feature access-rules { | |||
description | description | |||
"Support for NTP access control"; | "Support for NTP access control"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.2"; | Algorithms Specification, Section 9.2"; | |||
} | } | |||
skipping to change at page 17, line 4 ¶ | skipping to change at line 724 ¶ | |||
"Use client association mode where the unicast server | "Use client association mode where the unicast server | |||
address is configured."; | address is configured."; | |||
} | } | |||
identity uc-peer { | identity uc-peer { | |||
if-feature "unicast-configuration"; | if-feature "unicast-configuration"; | |||
base unicast-configuration-type; | base unicast-configuration-type; | |||
description | description | |||
"Use symmetric active association mode where the peer | "Use symmetric active association mode where the peer | |||
address is configured."; | address is configured."; | |||
} | } | |||
/* association-modes */ | /* association-modes */ | |||
identity association-mode { | identity association-mode { | |||
description | description | |||
"The NTP association modes."; | "The NTP association modes"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 3"; | Algorithms Specification, Section 3"; | |||
} | } | |||
identity active { | identity active { | |||
base association-mode; | base association-mode; | |||
description | description | |||
"Use symmetric active association mode (mode 1). | "Use symmetric active association mode (mode 1). | |||
This device may synchronize with its NTP peer, | This device may synchronize with its NTP peer | |||
or provide synchronization to configured NTP peer."; | or provide synchronization to a configured NTP peer."; | |||
} | } | |||
identity passive { | identity passive { | |||
base association-mode; | base association-mode; | |||
description | description | |||
"Use symmetric passive association mode (mode 2). | "Use symmetric passive association mode (mode 2). | |||
This device has learned this association dynamically. | This device has learned this association dynamically. | |||
This device may synchronize with its NTP peer."; | This device may synchronize with its NTP peer."; | |||
} | } | |||
skipping to change at page 18, line 4 ¶ | skipping to change at line 772 ¶ | |||
description | description | |||
"Use server association mode (mode 4). | "Use server association mode (mode 4). | |||
This device will provide synchronization to | This device will provide synchronization to | |||
NTP clients."; | NTP clients."; | |||
} | } | |||
identity broadcast-server { | identity broadcast-server { | |||
base association-mode; | base association-mode; | |||
description | description | |||
"Use broadcast server mode (mode 5). | "Use broadcast server mode (mode 5). | |||
This mode defines that it's either working | ||||
This mode defines that its either working | as a broadcast-server or a multicast-server."; | |||
as broadcast-server or multicast-server."; | ||||
} | } | |||
identity broadcast-client { | identity broadcast-client { | |||
base association-mode; | base association-mode; | |||
description | description | |||
"This mode defines that its either working | "This mode defines that it's either working | |||
as broadcast-client (mode 6) or multicast-client."; | as a broadcast-client (mode 6) or a multicast-client."; | |||
} | } | |||
/* access-mode */ | /* access-mode */ | |||
identity access-mode { | identity access-mode { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
description | description | |||
"This defines NTP access modes. These identify | "This defines NTP access modes. These identify | |||
how the ACL is applied with NTP."; | how the ACL is applied with NTP."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.2"; | Algorithms Specification, Section 9.2"; | |||
} | } | |||
identity peer-access-mode { | identity peer-access-mode { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
base access-mode; | base access-mode; | |||
description | description | |||
"Permit others to synchronize their time with this NTP | "Permit others to synchronize their time with this NTP | |||
entity or it can synchronize its time with others. | entity or it can synchronize its time with others. | |||
NTP control queries are also accepted. This enables | NTP control queries are also accepted. This enables | |||
full access authority."; | full access authority."; | |||
} | } | |||
identity server-access-mode { | identity server-access-mode { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
base access-mode; | base access-mode; | |||
description | description | |||
"Permit others to synchronize their time with this NTP | "Permit others to synchronize their time with this NTP | |||
entity, but vice versa is not supported. NTP control | entity, but vice versa is not supported. NTP control | |||
queries are accepted."; | queries are accepted."; | |||
} | } | |||
identity server-only-access-mode { | identity server-only-access-mode { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
base access-mode; | base access-mode; | |||
description | description | |||
"Permit others to synchronize their time with this NTP | "Permit others to synchronize their time with this NTP | |||
entity, but vice versa is not supported. NTP control | entity, but vice versa is not supported. NTP control | |||
queries are not accepted."; | queries are not accepted."; | |||
} | } | |||
identity query-only-access-mode { | identity query-only-access-mode { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
base access-mode; | base access-mode; | |||
description | description | |||
"Only control queries are accepted."; | "Only control queries are accepted."; | |||
} | } | |||
skipping to change at page 19, line 40 ¶ | skipping to change at line 856 ¶ | |||
description | description | |||
"Indicates that the local clock has not been synchronized | "Indicates that the local clock has not been synchronized | |||
with any NTP server."; | with any NTP server."; | |||
} | } | |||
/* ntp-sync-state */ | /* ntp-sync-state */ | |||
identity ntp-sync-state { | identity ntp-sync-state { | |||
description | description | |||
"This defines NTP clock sync state at a more granular | "This defines NTP clock sync state at a more granular | |||
level. Referred as 'Clock state definitions' in RFC 5905"; | level. Referred to as 'Clock state definitions' in | |||
RFC 5905."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Appendix A.1.1"; | Algorithms Specification, Appendix A.1.1"; | |||
} | } | |||
identity clock-never-set { | identity clock-never-set { | |||
base ntp-sync-state; | base ntp-sync-state; | |||
description | description | |||
"Indicates the clock was never set."; | "Indicates the clock was never set."; | |||
} | } | |||
skipping to change at page 20, line 26 ¶ | skipping to change at line 891 ¶ | |||
identity freq { | identity freq { | |||
base ntp-sync-state; | base ntp-sync-state; | |||
description | description | |||
"Indicates the frequency mode."; | "Indicates the frequency mode."; | |||
} | } | |||
identity clock-synchronized { | identity clock-synchronized { | |||
base ntp-sync-state; | base ntp-sync-state; | |||
description | description | |||
"Indicates that the clock is synchronized"; | "Indicates that the clock is synchronized."; | |||
} | } | |||
/* crypto-algorithm */ | /* crypto-algorithm */ | |||
identity crypto-algorithm { | identity crypto-algorithm { | |||
description | description | |||
"Base identity of cryptographic algorithm options."; | "Base identity of cryptographic algorithm options."; | |||
} | } | |||
identity md5 { | identity md5 { | |||
if-feature "deprecated"; | if-feature "deprecated"; | |||
base crypto-algorithm; | base crypto-algorithm; | |||
description | description | |||
"The MD5 algorithm. Note that RFC 8573 | "The MD5 algorithm. Note that RFC 8573 | |||
deprecates the use of MD5-based authentication."; | deprecates the use of MD5-based authentication."; | |||
reference | reference | |||
"RFC 1321: The MD5 Message-Digest Algorithm"; | "RFC 1321: The MD5 Message-Digest Algorithm"; | |||
} | } | |||
identity sha-1 { | identity sha-1 { | |||
if-feature "deprecated"; | if-feature "deprecated"; | |||
base crypto-algorithm; | base crypto-algorithm; | |||
description | description | |||
"The SHA-1 algorithm."; | "The SHA-1 algorithm"; | |||
reference | reference | |||
"RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; | "RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; | |||
} | } | |||
identity hmac-sha-1 { | identity hmac-sha-1 { | |||
if-feature "deprecated"; | if-feature "deprecated"; | |||
base crypto-algorithm; | base crypto-algorithm; | |||
description | description | |||
"HMAC-SHA-1 authentication algorithm."; | "HMAC-SHA-1 authentication algorithm"; | |||
reference | reference | |||
"FIPS 180-4: Secure Hash Standard (SHS)"; | "FIPS 180-4: Secure Hash Standard (SHS)"; | |||
} | } | |||
identity hmac-sha1-12 { | identity hmac-sha1-12 { | |||
if-feature "deprecated"; | if-feature "deprecated"; | |||
base crypto-algorithm; | base crypto-algorithm; | |||
description | description | |||
"The HMAC-SHA1-12 algorithm."; | "The HMAC-SHA1-12 algorithm"; | |||
} | } | |||
identity hmac-sha-256 { | identity hmac-sha-256 { | |||
description | description | |||
"HMAC-SHA-256 authentication algorithm."; | "HMAC-SHA-256 authentication algorithm"; | |||
reference | reference | |||
"FIPS 180-4: Secure Hash Standard (SHS)"; | "FIPS 180-4: Secure Hash Standard (SHS)"; | |||
} | } | |||
identity hmac-sha-384 { | identity hmac-sha-384 { | |||
description | description | |||
"HMAC-SHA-384 authentication algorithm."; | "HMAC-SHA-384 authentication algorithm"; | |||
reference | reference | |||
"FIPS 180-4: Secure Hash Standard (SHS)"; | "FIPS 180-4: Secure Hash Standard (SHS)"; | |||
} | } | |||
identity hmac-sha-512 { | identity hmac-sha-512 { | |||
description | description | |||
"HMAC-SHA-512 authentication algorithm."; | "HMAC-SHA-512 authentication algorithm"; | |||
reference | reference | |||
"FIPS 180-4: Secure Hash Standard (SHS)"; | "FIPS 180-4: Secure Hash Standard (SHS)"; | |||
} | } | |||
identity aes-cmac { | identity aes-cmac { | |||
base crypto-algorithm; | base crypto-algorithm; | |||
description | description | |||
"The AES-CMAC algorithm - required by | "The AES-CMAC algorithm -- required by | |||
RFC 8573 for MAC for the NTP"; | RFC 8573 for MAC for the NTP."; | |||
reference | reference | |||
"RFC 4493: The AES-CMAC Algorithm | "RFC 4493: The AES-CMAC Algorithm, | |||
RFC 8573: Message Authentication Code for the Network | RFC 8573: Message Authentication Code for the Network | |||
Time Protocol"; | Time Protocol"; | |||
} | } | |||
/* Groupings */ | /* Groupings */ | |||
grouping key { | grouping key { | |||
description | description | |||
"The key."; | "The key"; | |||
nacm:default-deny-all; | nacm:default-deny-all; | |||
choice key-string-style { | choice key-string-style { | |||
description | description | |||
"Key string styles"; | "Key string styles"; | |||
case keystring { | case keystring { | |||
leaf keystring { | leaf keystring { | |||
if-feature "deprecated"; | if-feature "deprecated"; | |||
type string; | type string; | |||
description | description | |||
"Key string in ASCII format."; | "Key string in ASCII format"; | |||
} | } | |||
} | } | |||
case hexadecimal { | case hexadecimal { | |||
if-feature "hex-key-string"; | if-feature "hex-key-string"; | |||
leaf hexadecimal-string { | leaf hexadecimal-string { | |||
type yang:hex-string; | type yang:hex-string; | |||
description | description | |||
"Key in hexadecimal string format. When compared | "Key in hexadecimal string format. When compared | |||
to ASCII, specification in hexadecimal affords | to ASCII, specification in hexadecimal affords | |||
greater key entropy with the same number of | greater key entropy with the same number of | |||
internal key-string octets. Additionally, it | internal key-string octets. Additionally, it | |||
discourages usage of well-known words or | discourages use of well-known words or | |||
numbers."; | numbers."; | |||
} | } | |||
} | } | |||
} | } | |||
} | } | |||
grouping authentication-key { | grouping authentication-key { | |||
description | description | |||
"To define an authentication key for a Network Time | "To define an authentication key for an NTP | |||
Protocol (NTP) time source."; | time source."; | |||
leaf key-id { | leaf key-id { | |||
type uint32 { | type uint32 { | |||
range "1..max"; | range "1..max"; | |||
} | } | |||
description | description | |||
"Authentication key identifier."; | "Authentication key identifier"; | |||
} | } | |||
leaf algorithm { | leaf algorithm { | |||
type identityref { | type identityref { | |||
base crypto-algorithm; | base crypto-algorithm; | |||
} | } | |||
description | description | |||
"Authentication algorithm. Note that RFC 8573 | "Authentication algorithm. Note that RFC 8573 | |||
deprecates the use of MD5-based authentication | deprecates the use of MD5-based authentication | |||
and recommends AES-CMAC."; | and recommends AES-CMAC."; | |||
} | } | |||
container key { | container key { | |||
uses key; | uses key; | |||
description | description | |||
"The key. Note that RFC 8573 deprecates the use | "The key. Note that RFC 8573 deprecates the use | |||
of MD5-based authentication."; | of MD5-based authentication."; | |||
} | } | |||
leaf istrusted { | leaf istrusted { | |||
type boolean; | type boolean; | |||
description | description | |||
"Key-id is trusted or not"; | "Key-id is trusted or not"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3 and 7.4"; | Algorithms Specification, Sections 7.3 and 7.4"; | |||
} | } | |||
grouping authentication { | grouping authentication { | |||
description | description | |||
"Authentication."; | "Authentication"; | |||
choice authentication-type { | choice authentication-type { | |||
description | description | |||
"Type of authentication."; | "Type of authentication"; | |||
case symmetric-key { | case symmetric-key { | |||
leaf key-id { | leaf key-id { | |||
type leafref { | type leafref { | |||
path "/ntp:ntp/ntp:authentication/" | path "/ntp:ntp/ntp:authentication/" | |||
+ "ntp:authentication-keys/ntp:key-id"; | + "ntp:authentication-keys/ntp:key-id"; | |||
} | } | |||
description | description | |||
"Authentication key id referenced in this | "Authentication key id referenced in this | |||
association."; | association."; | |||
} | } | |||
} | } | |||
} | } | |||
} | } | |||
grouping statistics { | grouping statistics { | |||
description | description | |||
"NTP packet statistic."; | "NTP packet statistic"; | |||
leaf discontinuity-time { | leaf discontinuity-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"The time on the most recent occasion at which any one or | "The time on the most recent occasion at which any one or | |||
more of this NTP counters suffered a discontinuity. If | more of these NTP counters suffered a discontinuity. If | |||
no such discontinuities have occurred, then this node | no such discontinuities have occurred, then this node | |||
contains the time the NTP association was | contains the time the NTP association was | |||
(re-)initialized."; | (re-)initialized."; | |||
} | } | |||
leaf packet-sent { | leaf packet-sent { | |||
type yang:counter32; | type yang:counter32; | |||
description | description | |||
"The total number of NTP packets delivered to the | "The total number of NTP packets delivered to the | |||
transport service by this NTP entity for this | transport service by this NTP entity for this | |||
association. | association. | |||
Discontinuities in the value of this counter can occur | Discontinuities in the value of this counter can occur | |||
upon cold start or reinitialization of the NTP entity, the | upon cold start or reinitialization of the NTP entity, the | |||
management system and at other times."; | management system and at other times."; | |||
} | } | |||
leaf packet-sent-fail { | leaf packet-sent-fail { | |||
type yang:counter32; | type yang:counter32; | |||
description | description | |||
"The number of times NTP packets sending failed."; | "The number of times NTP packet sending failed."; | |||
} | } | |||
leaf packet-received { | leaf packet-received { | |||
type yang:counter32; | type yang:counter32; | |||
description | description | |||
"The total number of NTP packets delivered to the | "The total number of NTP packets delivered to the | |||
NTP entity from this association. | NTP entity from this association. | |||
Discontinuities in the value of this counter can occur | Discontinuities in the value of this counter can occur | |||
upon cold start or reinitialization of the NTP entity, the | upon cold start or reinitialization of the NTP entity, the | |||
management system and at other times."; | management system and at other times."; | |||
} | } | |||
leaf packet-dropped { | leaf packet-dropped { | |||
type yang:counter32; | type yang:counter32; | |||
description | description | |||
"The total number of NTP packets that were delivered | "The total number of NTP packets that were delivered | |||
to this NTP entity from this association and this entity | to this NTP entity from this association and that this | |||
was not able to process due to an NTP protocol error. | entity was not able to process due to an NTP error. | |||
Discontinuities in the value of this counter can occur | Discontinuities in the value of this counter can occur | |||
upon cold start or reinitialization of the NTP entity, the | upon cold start or reinitialization of the NTP entity or the | |||
management system and at other times."; | management system and at other times."; | |||
} | } | |||
} | } | |||
grouping common-attributes { | grouping common-attributes { | |||
description | description | |||
"NTP common attributes for configuration."; | "NTP common attributes for configuration"; | |||
leaf minpoll { | leaf minpoll { | |||
type log2seconds; | type log2seconds; | |||
default "6"; | default "6"; | |||
description | description | |||
"The minimum poll interval used in this association."; | "The minimum poll interval used in this association"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.2"; | Algorithms Specification, Section 7.2"; | |||
} | } | |||
leaf maxpoll { | leaf maxpoll { | |||
type log2seconds; | type log2seconds; | |||
default "10"; | default "10"; | |||
description | description | |||
"The maximum poll interval used in this association."; | "The maximum poll interval used in this association"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.2"; | Algorithms Specification, Section 7.2"; | |||
} | } | |||
leaf port { | leaf port { | |||
if-feature "ntp-port"; | if-feature "ntp-port"; | |||
type inet:port-number { | type inet:port-number { | |||
range "123 | 1024..max"; | range "123 | 1024..max"; | |||
} | } | |||
default "123"; | default "123"; | |||
description | description | |||
"Specify the port used to send NTP packets."; | "Specify the port used to send NTP packets."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.2"; | Algorithms Specification, Section 7.2"; | |||
} | } | |||
leaf version { | leaf version { | |||
type ntp-version; | type ntp-version; | |||
description | description | |||
"NTP version."; | "NTP version"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification"; | Algorithms Specification"; | |||
} | } | |||
grouping association-ref { | grouping association-ref { | |||
description | description | |||
"Reference to NTP association mode"; | "Reference to NTP association mode"; | |||
leaf associations-address { | leaf associations-address { | |||
type leafref { | type leafref { | |||
path "/ntp:ntp/ntp:associations/ntp:association" | path "/ntp:ntp/ntp:associations/ntp:association" | |||
+ "/ntp:address"; | + "/ntp:address"; | |||
} | } | |||
description | description | |||
"Indicates the association's address | "Indicates the association's address | |||
which result in clock synchronization."; | that results in clock synchronization."; | |||
} | } | |||
leaf associations-local-mode { | leaf associations-local-mode { | |||
type leafref { | type leafref { | |||
path "/ntp:ntp/ntp:associations/ntp:association" | path "/ntp:ntp/ntp:associations/ntp:association" | |||
+ "/ntp:local-mode"; | + "/ntp:local-mode"; | |||
} | } | |||
description | description | |||
"Indicates the association's local-mode | "Indicates the association's local-mode | |||
which result in clock synchronization."; | that results in clock synchronization."; | |||
} | } | |||
leaf associations-isconfigured { | leaf associations-isconfigured { | |||
type leafref { | type leafref { | |||
path "/ntp:ntp/ntp:associations/ntp:association/" | path "/ntp:ntp/ntp:associations/ntp:association/" | |||
+ "ntp:isconfigured"; | + "ntp:isconfigured"; | |||
} | } | |||
description | description | |||
"Indicates if the association (that resulted in the | "Indicates if the association (that resulted in the | |||
clock synchronization) is explicitly configured."; | clock synchronization) is explicitly configured."; | |||
} | } | |||
skipping to change at page 26, line 36 ¶ | skipping to change at line 1189 ¶ | |||
container ntp { | container ntp { | |||
when 'false() = boolean(/sys:system/sys:ntp)' { | when 'false() = boolean(/sys:system/sys:ntp)' { | |||
description | description | |||
"Applicable when the system /sys/ntp/ is not used."; | "Applicable when the system /sys/ntp/ is not used."; | |||
} | } | |||
presence "NTP is enabled and system should attempt to | presence "NTP is enabled and system should attempt to | |||
synchronize the system clock with an NTP server | synchronize the system clock with an NTP server | |||
from the 'ntp/associations' list."; | from the 'ntp/associations' list."; | |||
description | description | |||
"Configuration parameters for NTP."; | "Configuration parameters for NTP"; | |||
leaf port { | leaf port { | |||
if-feature "ntp-port"; | if-feature "ntp-port"; | |||
type inet:port-number { | type inet:port-number { | |||
range "123 | 1024..max"; | range "123 | 1024..max"; | |||
} | } | |||
default "123"; | default "123"; | |||
description | description | |||
"Specify the port used to send and receive NTP packets."; | "Specify the port used to send and receive NTP packets."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
skipping to change at page 27, line 16 ¶ | skipping to change at line 1217 ¶ | |||
type ntp-stratum; | type ntp-stratum; | |||
default "16"; | default "16"; | |||
description | description | |||
"Stratum level from which NTP clients get their time | "Stratum level from which NTP clients get their time | |||
synchronized."; | synchronized."; | |||
} | } | |||
} | } | |||
container authentication { | container authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
description | description | |||
"Configuration of authentication."; | "Configuration of authentication"; | |||
leaf auth-enabled { | leaf auth-enabled { | |||
type boolean; | type boolean; | |||
default "false"; | default "false"; | |||
description | description | |||
"Controls whether NTP authentication is enabled | "Controls whether NTP authentication is enabled | |||
or disabled on this device."; | or disabled on this device."; | |||
} | } | |||
list authentication-keys { | list authentication-keys { | |||
key "key-id"; | key "key-id"; | |||
uses authentication-key; | uses authentication-key; | |||
description | description | |||
"List of authentication keys."; | "List of authentication keys"; | |||
} | } | |||
} | } | |||
container access-rules { | container access-rules { | |||
if-feature "access-rules"; | if-feature "access-rules"; | |||
description | description | |||
"Configuration to control access to NTP service | "Configuration to control access to NTP service | |||
by using NTP access-group feature. | by using the NTP access-group feature. | |||
The access-mode identifies how the ACL is | The access-mode identifies how the ACL is | |||
applied with NTP."; | applied with NTP."; | |||
list access-rule { | list access-rule { | |||
key "access-mode"; | key "access-mode"; | |||
description | description | |||
"List of access rules."; | "List of access rules"; | |||
leaf access-mode { | leaf access-mode { | |||
type identityref { | type identityref { | |||
base access-mode; | base access-mode; | |||
} | } | |||
description | description | |||
"The NTP access mode. Some of the possible value | "The NTP access mode. Some of the possible values | |||
includes peer, server, synchronization, query | include peer, server, synchronization, query, | |||
etc."; | etc."; | |||
} | } | |||
leaf acl { | leaf acl { | |||
type leafref { | type leafref { | |||
path "/acl:acls/acl:acl/acl:name"; | path "/acl:acls/acl:acl/acl:name"; | |||
} | } | |||
description | description | |||
"Control access configuration to be used."; | "Control access configuration to be used."; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.2"; | Algorithms Specification, Section 9.2"; | |||
} | } | |||
} | } | |||
container clock-state { | container clock-state { | |||
config false; | config false; | |||
description | description | |||
"Clock operational state of the NTP."; | "Clock operational state of the NTP"; | |||
container system-status { | container system-status { | |||
description | description | |||
"System status of NTP."; | "System status of NTP"; | |||
leaf clock-state { | leaf clock-state { | |||
type identityref { | type identityref { | |||
base clock-state; | base clock-state; | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The state of system clock. Some of the possible value | "The state of the system clock. Some of the possible | |||
includes synchronized and unsynchronized"; | values include synchronized and unsynchronized."; | |||
} | } | |||
leaf clock-stratum { | leaf clock-stratum { | |||
type ntp-stratum; | type ntp-stratum; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The NTP entity's own stratum value. Should be one greater | "The NTP entity's own stratum value. Should be one | |||
than preceeding level. 16 if unsyncronized."; | greater than the preceding level. | |||
16 if unsynchronized."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 3"; | Algorithms Specification, Section 3"; | |||
} | } | |||
leaf clock-refid { | leaf clock-refid { | |||
type refid; | type refid; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"A code identifying the particular server or reference | "A code identifying the particular server or reference | |||
clock. The interpretation depends upon stratum. It | clock. The interpretation depends upon stratum. It | |||
could be an IPv4 address or first 32 bits of the MD5 hash | could be an IPv4 address, the first 32 bits of the MD5 | |||
of the IPv6 address or a string for the Reference | hash of the IPv6 address, or a string for the Reference | |||
Identifier and KISS codes. Some examples: | Identifier and KISS codes. Some examples: | |||
-- a refclock ID like '127.127.1.0' for local clock sync | -- a refclock ID like '127.127.1.0' for local clock sync | |||
-- uni/multi/broadcast associations for IPv4 will look like | ||||
'203.0.113.1' and '0x4321FEDC' for IPv6 | -- uni/multi/broadcast associations for IPv4 will look | |||
-- sync with primary source will look like 'DCN', 'NIST', | like '203.0.113.1' and '0x4321FEDC' for IPv6 | |||
'ATOM' | ||||
-- sync with primary source will look like 'DCN', | ||||
'NIST', 'ATOM' | ||||
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' | -- KISS codes will look like 'AUTH', 'DROP', 'RATE' | |||
Note that the use of MD5 hash for IPv6 address is not for | ||||
cryptographic purposes "; | Note that the use of MD5 hash for IPv6 address is not | |||
for cryptographic purposes."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
uses association-ref { | uses association-ref { | |||
description | description | |||
"Reference to Association."; | "Reference to Association"; | |||
} | } | |||
leaf nominal-freq { | leaf nominal-freq { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 4; | fraction-digits 4; | |||
} | } | |||
units "Hz"; | units "Hz"; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The nominal frequency of the local clock. An ideal | "The nominal frequency of the local clock. An ideal | |||
frequency with zero uncertainty."; | frequency with zero uncertainty."; | |||
} | } | |||
leaf actual-freq { | leaf actual-freq { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 4; | fraction-digits 4; | |||
} | } | |||
units "Hz"; | units "Hz"; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The actual frequency of the local clock."; | "The actual frequency of the local clock"; | |||
} | } | |||
leaf clock-precision { | leaf clock-precision { | |||
type log2seconds; | type log2seconds; | |||
mandatory true; | mandatory true; | |||
description | description | |||
"Clock precision of this system in signed integer format, | "Clock precision of this system in signed integer format, | |||
in log 2 seconds - (prec=2^(-n)). A value of 5 would | in log 2 seconds - (prec=2^(-n)). A value of 5 would | |||
mean 2^-5 = 0.03125 seconds = 31.25 ms."; | mean 2^-5 = 0.03125 seconds = 31.25 ms."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
leaf clock-offset { | leaf clock-offset { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"The signed time offset to the current selected reference | "The signed time offset to the current selected reference | |||
time source e.g., '0.032ms' or '1.232ms'. The negative | time source, e.g., '0.032ms' or '1.232ms'. The negative | |||
value Indicates that the local clock is behind the | value indicates that the local clock is behind the | |||
current selected reference time source."; | current selected reference time source."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.1"; | Algorithms Specification, Section 9.1"; | |||
} | } | |||
leaf root-delay { | leaf root-delay { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"Total delay along the path to root clock."; | "Total delay along the path to the root clock"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 4 and 7.3"; | Algorithms Specification, Sections 4 and 7.3"; | |||
} | } | |||
leaf root-dispersion { | leaf root-dispersion { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"The dispersion between the local clock | "The dispersion between the local clock | |||
and the root clock, e.g., '6.927ms'."; | and the root clock, e.g., '6.927ms'."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 4, 7.3 and 10."; | Algorithms Specification, Sections 4, 7.3, and 10"; | |||
} | } | |||
leaf reference-time { | leaf reference-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"The reference timestamp. Time when the system clock was | "The reference timestamp. Time when the system clock was | |||
last set or corrected"; | last set or corrected."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
leaf sync-state { | leaf sync-state { | |||
type identityref { | type identityref { | |||
base ntp-sync-state; | base ntp-sync-state; | |||
} | } | |||
mandatory true; | mandatory true; | |||
description | description | |||
"The synchronization status of the local clock. Referred to | "The synchronization status of the local clock. Referred | |||
as 'Clock state definitions' in RFC 5905"; | to as 'Clock state definitions' in RFC 5905."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Appendix A.1.1"; | Algorithms Specification, Appendix A.1.1"; | |||
} | } | |||
} | } | |||
} | } | |||
list unicast-configuration { | list unicast-configuration { | |||
if-feature "unicast-configuration"; | if-feature "unicast-configuration"; | |||
key "address type"; | key "address type"; | |||
description | description | |||
"List of NTP unicast-configurations."; | "List of NTP unicast-configurations"; | |||
leaf address { | leaf address { | |||
type inet:ip-address; | type inet:ip-address; | |||
description | description | |||
"Address of this association."; | "Address of this association"; | |||
} | } | |||
leaf type { | leaf type { | |||
type identityref { | type identityref { | |||
base unicast-configuration-type; | base unicast-configuration-type; | |||
} | } | |||
description | description | |||
"The unicast configuration type, for example | "The unicast configuration type, for example, | |||
unicast-server"; | unicast-server"; | |||
} | } | |||
container authentication { | container authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
description | description | |||
"Authentication used for this association."; | "Authentication used for this association"; | |||
uses authentication; | uses authentication; | |||
} | } | |||
leaf prefer { | leaf prefer { | |||
type boolean; | type boolean; | |||
default "false"; | default "false"; | |||
description | description | |||
"Whether this association is preferred or not."; | "Whether or not this association is preferred"; | |||
} | } | |||
leaf burst { | leaf burst { | |||
type boolean; | type boolean; | |||
default "false"; | default "false"; | |||
description | description | |||
"If set, a series of packets are sent instead of a single | "If set, a series of packets are sent instead of a single | |||
packet within each synchronization interval to achieve | packet within each synchronization interval to achieve | |||
faster synchronization."; | faster synchronization."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 13.1"; | and Algorithms Specification, Section 13.1"; | |||
} | } | |||
leaf iburst { | leaf iburst { | |||
type boolean; | type boolean; | |||
default "false"; | default "false"; | |||
description | description | |||
"If set, a series of packets are sent instead of a single | "If set, a series of packets are sent instead of a single | |||
packet within the initial synchronization interval to | packet within the initial synchronization interval to | |||
achieve faster initial synchronization."; | achieve faster initial synchronization."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 13.1"; | and Algorithms Specification, Section 13.1"; | |||
} | } | |||
leaf source { | leaf source { | |||
type if:interface-ref; | type if:interface-ref; | |||
description | description | |||
"The interface whose IP address is used by this association | "The interface whose IP address is used by this association | |||
as the source address."; | as the source address."; | |||
} | } | |||
uses common-attributes { | uses common-attributes { | |||
description | description | |||
"Common attributes like port, version, min and max | "Common attributes like port, version, and min and max | |||
poll."; | poll."; | |||
} | } | |||
} | } | |||
container associations { | container associations { | |||
description | description | |||
"Association parameters"; | "Association parameters"; | |||
list association { | list association { | |||
key "address local-mode isconfigured"; | key "address local-mode isconfigured"; | |||
config false; | config false; | |||
description | description | |||
"List of NTP associations. Here address, local-mode | "List of NTP associations. Here address, local-mode, | |||
and isconfigured are required to uniquely identify | and isconfigured are required to uniquely identify | |||
a particular association. Lets take following examples - | a particular association. Let's take the following | |||
examples: | ||||
1) If RT1 acting as broadcast server, | 1) If RT1 is acting as broadcast server | |||
and RT2 acting as broadcast client, then RT2 | and RT2 is acting as broadcast client, then RT2 | |||
will form dynamic association with address as RT1, | will form a dynamic association with the address as | |||
local-mode as client and isconfigured as false. | RT1, local-mode as client, and isconfigured as false. | |||
2) When RT2 is configured | 2) When RT2 is configured with unicast-server RT1, | |||
with unicast-server RT1, then RT2 will form | then RT2 will form an association with the address as | |||
association with address as RT1, local-mode as client | RT1, local-mode as client, and isconfigured as true. | |||
and isconfigured as true. | ||||
Thus all 3 leaves are needed as key to unique identify | Thus, all three leaves are needed as key to uniquely | |||
the association."; | identify the association."; | |||
leaf address { | leaf address { | |||
type inet:ip-address; | type inet:ip-address; | |||
description | description | |||
"The remote address of this association. Represents the | "The remote address of this association. Represents the | |||
IP address of a unicast/multicast/broadcast address."; | IP address of a unicast/multicast/broadcast address."; | |||
} | } | |||
leaf local-mode { | leaf local-mode { | |||
type identityref { | type identityref { | |||
base association-mode; | base association-mode; | |||
} | } | |||
description | description | |||
"Local mode of this NTP association."; | "Local mode of this NTP association"; | |||
} | } | |||
leaf isconfigured { | leaf isconfigured { | |||
type boolean; | type boolean; | |||
description | description | |||
"Indicates if this association is configured (true) or | "Indicates if this association is configured (true) or | |||
dynamically learned (false)."; | dynamically learned (false)."; | |||
} | } | |||
leaf stratum { | leaf stratum { | |||
type ntp-stratum; | type ntp-stratum; | |||
description | description | |||
"The association stratum value."; | "The association stratum value"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 3"; | Algorithms Specification, Section 3"; | |||
} | } | |||
leaf refid { | leaf refid { | |||
type refid; | type refid; | |||
description | description | |||
"A code identifying the particular server or reference | "A code identifying the particular server or reference | |||
clock. The interpretation depends upon stratum. It | clock. The interpretation depends upon stratum. It | |||
could be an IPv4 address or first 32 bits of the MD5 hash of | could be an IPv4 address or first 32 bits of the MD5 | |||
the IPv6 address or a string for the Reference Identifier | hash of the IPv6 address or a string for the Reference | |||
and KISS codes. Some examples: | Identifier and KISS codes. Some examples: | |||
-- a refclock ID like '127.127.1.0' for local clock sync | -- a refclock ID like '127.127.1.0' for local clock sync | |||
-- uni/multi/broadcast associations for IPv4 will look like | ||||
'203.0.113.1' and '0x4321FEDC' for IPv6 | -- uni/multi/broadcast associations for IPv4 will look | |||
-- sync with primary source will look like 'DCN', 'NIST', | like '203.0.113.1' and '0x4321FEDC' for IPv6 | |||
'ATOM' | ||||
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' | -- sync with primary source will look like 'DCN', | |||
Note that the use of MD5 hash for IPv6 address is not for | 'NIST', or 'ATOM' | |||
cryptographic purposes"; | ||||
-- KISS codes will look like 'AUTH', 'DROP', or 'RATE' | ||||
Note that the use of an MD5 hash for IPv6 address is | ||||
not for cryptographic purposes."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
leaf authentication { | leaf authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
type leafref { | type leafref { | |||
path "/ntp:ntp/ntp:authentication/" | path "/ntp:ntp/ntp:authentication/" | |||
+ "ntp:authentication-keys/ntp:key-id"; | + "ntp:authentication-keys/ntp:key-id"; | |||
} | } | |||
description | description | |||
"Authentication Key used for this association."; | "Authentication Key used for this association"; | |||
} | } | |||
leaf prefer { | leaf prefer { | |||
type boolean; | type boolean; | |||
default "false"; | default "false"; | |||
description | description | |||
"Indicates if this association is preferred."; | "Indicates if this association is preferred"; | |||
} | } | |||
leaf peer-interface { | leaf peer-interface { | |||
type if:interface-ref; | type if:interface-ref; | |||
description | description | |||
"The interface which is used for communication."; | "The interface that is used for communication"; | |||
} | } | |||
uses common-attributes { | uses common-attributes { | |||
description | description | |||
"Common attributes like port, version, min and | "Common attributes like port, version, and min and | |||
max poll."; | max poll"; | |||
} | } | |||
leaf reach { | leaf reach { | |||
type uint8; | type uint8; | |||
description | description | |||
"It is an 8-bit shift register that tracks packet | "An 8-bit shift register that tracks packet | |||
generation and receipt. It is used to determine | generation and receipt. It is used to determine | |||
whether the server is reachable and the data are | whether the server is reachable and the data are | |||
fresh."; | fresh."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.2 and 13"; | Algorithms Specification, Sections 9.2 and 13"; | |||
} | } | |||
leaf unreach { | leaf unreach { | |||
type uint8; | type uint8; | |||
units "seconds"; | units "seconds"; | |||
description | description | |||
"It is a count of how long in second the server has been | "A count of how long in second the server has been | |||
unreachable i.e. the reach value has been zero."; | unreachable, i.e., the reach value has been zero."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 9.2 and 13"; | Algorithms Specification, Sections 9.2 and 13"; | |||
} | } | |||
leaf poll { | leaf poll { | |||
type log2seconds; | type log2seconds; | |||
description | description | |||
"The polling interval for current association in signed | "The polling interval for current association in signed | |||
log2 seconds."; | log2 seconds."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 7.3"; | Algorithms Specification, Section 7.3"; | |||
} | } | |||
skipping to change at page 35, line 23 ¶ | skipping to change at line 1619 ¶ | |||
"The time since the last NTP packet was | "The time since the last NTP packet was | |||
received or last synchronized."; | received or last synchronized."; | |||
} | } | |||
leaf offset { | leaf offset { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"The signed offset between the local clock | "The signed offset between the local clock | |||
and the peer clock, e.g., '0.032ms' or '1.232ms'. The | and the peer clock, e.g., '0.032ms' or '1.232ms'. The | |||
negative value Indicates that the local clock is behind | negative value indicates that the local clock is behind | |||
the peer."; | the peer."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 8"; | Algorithms Specification, Section 8"; | |||
} | } | |||
leaf delay { | leaf delay { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"The network delay between the local clock | "The network delay between the local clock | |||
and the peer clock."; | and the peer clock"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 8"; | Algorithms Specification, Section 8"; | |||
} | } | |||
leaf dispersion { | leaf dispersion { | |||
type decimal64 { | type decimal64 { | |||
fraction-digits 3; | fraction-digits 3; | |||
} | } | |||
units "milliseconds"; | units "milliseconds"; | |||
description | description | |||
"The root dispersion between the local clock | "The root dispersion between the local clock | |||
and the peer clock."; | and the peer clock."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 10"; | Algorithms Specification, Section 10"; | |||
} | } | |||
leaf originate-time { | leaf originate-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"This is the local time, in timestamp format, | "This is the local time, in timestamp format, | |||
when latest NTP packet was sent to peer (called T1)."; | when the latest NTP packet was sent to the peer | |||
(called T1)."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol and | |||
Algorithms Specification, Section 8"; | Algorithms Specification, Section 8"; | |||
} | } | |||
leaf receive-time { | leaf receive-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"This is the local time, in timestamp format, | "This is the local time, in timestamp format, | |||
when latest NTP packet arrived at peer (called T2). | when the latest NTP packet arrived at the peer | |||
If the peer becomes unreachable the value is set to zero."; | (called T2). If the peer becomes unreachable, | |||
the value is set to zero."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 8"; | and Algorithms Specification, Section 8"; | |||
} | } | |||
leaf transmit-time { | leaf transmit-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"This is the local time, in timestamp format, | "This is the local time, in timestamp format, | |||
at which the NTP packet departed the peer (called T3). | at which the NTP packet departed the peer | |||
If the peer becomes unreachable the value is set to zero."; | (called T3). If the peer becomes unreachable, | |||
the value is set to zero."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 8"; | and Algorithms Specification, Section 8"; | |||
} | } | |||
leaf input-time { | leaf input-time { | |||
type ntp-date-and-time; | type ntp-date-and-time; | |||
description | description | |||
"This is the local time, in timestamp format, | "This is the local time, in timestamp format, | |||
when the latest NTP message from the peer arrived (called | when the latest NTP message from the peer arrived | |||
T4). If the peer becomes unreachable the value is set to | (called T4). If the peer becomes unreachable, | |||
zero."; | value is set to zero."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 8"; | and Algorithms Specification, Section 8"; | |||
} | } | |||
container ntp-statistics { | container ntp-statistics { | |||
description | description | |||
"Per Peer packet send and receive statistics."; | "Per Peer packet send and receive statistics"; | |||
uses statistics { | uses statistics { | |||
description | description | |||
"NTP send and receive packet statistics."; | "NTP send and receive packet statistics"; | |||
} | } | |||
} | } | |||
} | } | |||
} | } | |||
container interfaces { | container interfaces { | |||
description | description | |||
"Configuration parameters for NTP interfaces."; | "Configuration parameters for NTP interfaces"; | |||
list interface { | list interface { | |||
key "name"; | key "name"; | |||
description | description | |||
"List of interfaces."; | "List of interfaces"; | |||
leaf name { | leaf name { | |||
type if:interface-ref; | type if:interface-ref; | |||
description | description | |||
"The interface name."; | "The interface name"; | |||
} | } | |||
container broadcast-server { | container broadcast-server { | |||
if-feature "broadcast-server"; | if-feature "broadcast-server"; | |||
presence "NTP broadcast-server is configured on this | presence "NTP broadcast-server is configured on this | |||
interface"; | interface."; | |||
description | description | |||
"Configuration of broadcast server."; | "Configuration of broadcast server"; | |||
leaf ttl { | leaf ttl { | |||
type uint8; | type uint8; | |||
description | description | |||
"Specifies the time to live (TTL) for a | "Specifies the time to live (TTL) for a | |||
broadcast packet."; | broadcast packet"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
container authentication { | container authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
description | description | |||
"Authentication used on this interface."; | "Authentication used on this interface"; | |||
uses authentication; | uses authentication; | |||
} | } | |||
uses common-attributes { | uses common-attributes { | |||
description | description | |||
"Common attributes such as port, version, min and | "Common attributes such as port, version, and min and | |||
max poll."; | max poll"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
container broadcast-client { | container broadcast-client { | |||
if-feature "broadcast-client"; | if-feature "broadcast-client"; | |||
presence "NTP broadcast-client is configured on this | presence "NTP broadcast-client is configured on this | |||
interface."; | interface."; | |||
description | description | |||
"Configuration of broadcast-client."; | "Configuration of broadcast-client"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
list multicast-server { | list multicast-server { | |||
if-feature "multicast-server"; | if-feature "multicast-server"; | |||
key "address"; | key "address"; | |||
description | description | |||
"Configuration of multicast server."; | "Configuration of multicast server"; | |||
leaf address { | leaf address { | |||
type rt-types:ip-multicast-group-address; | type rt-types:ip-multicast-group-address; | |||
description | description | |||
"The IP address to send NTP multicast packets."; | "The IP address to send NTP multicast packets"; | |||
} | } | |||
leaf ttl { | leaf ttl { | |||
type uint8; | type uint8; | |||
description | description | |||
"Specifies the time to live (TTL) for a | "Specifies the TTL for a multicast packet"; | |||
multicast packet."; | ||||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
container authentication { | container authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
description | description | |||
"Authentication used on this interface."; | "Authentication used on this interface"; | |||
uses authentication; | uses authentication; | |||
} | } | |||
uses common-attributes { | uses common-attributes { | |||
description | description | |||
"Common attributes such as port, version, min and | "Common attributes such as port, version, and min and | |||
max poll."; | max poll"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
list multicast-client { | list multicast-client { | |||
if-feature "multicast-client"; | if-feature "multicast-client"; | |||
key "address"; | key "address"; | |||
description | description | |||
"Configuration of multicast-client."; | "Configuration of a multicast-client"; | |||
leaf address { | leaf address { | |||
type rt-types:ip-multicast-group-address; | type rt-types:ip-multicast-group-address; | |||
description | description | |||
"The IP address of the multicast group to | "The IP address of the multicast group to | |||
join."; | join"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
list manycast-server { | list manycast-server { | |||
if-feature "manycast-server"; | if-feature "manycast-server"; | |||
key "address"; | key "address"; | |||
description | description | |||
"Configuration of manycast server."; | "Configuration of a manycast server"; | |||
leaf address { | leaf address { | |||
type rt-types:ip-multicast-group-address; | type rt-types:ip-multicast-group-address; | |||
description | description | |||
"The multicast group IP address to receive | "The multicast group IP address to receive | |||
manycast client messages."; | manycast client messages."; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
list manycast-client { | list manycast-client { | |||
if-feature "manycast-client"; | if-feature "manycast-client"; | |||
key "address"; | key "address"; | |||
description | description | |||
"Configuration of manycast-client."; | "Configuration of manycast-client"; | |||
leaf address { | leaf address { | |||
type rt-types:ip-multicast-group-address; | type rt-types:ip-multicast-group-address; | |||
description | description | |||
"The group IP address that the manycast client | "The group IP address that the manycast client | |||
broadcasts the request message to."; | broadcasts the request message to"; | |||
} | } | |||
container authentication { | container authentication { | |||
if-feature "authentication"; | if-feature "authentication"; | |||
description | description | |||
"Authentication used on this interface."; | "Authentication used on this interface"; | |||
uses authentication; | uses authentication; | |||
} | } | |||
leaf ttl { | leaf ttl { | |||
type uint8; | type uint8; | |||
description | description | |||
"Specifies the maximum time to live (TTL) for | "Specifies the maximum TTL for the expanding | |||
the expanding ring search."; | ring search"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
leaf minclock { | leaf minclock { | |||
type uint8; | type uint8; | |||
description | description | |||
"The minimum manycast survivors in this | "The minimum manycast survivors in this | |||
association."; | association"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 13.2"; | and Algorithms Specification, Section 13.2"; | |||
} | } | |||
leaf maxclock { | leaf maxclock { | |||
type uint8; | type uint8; | |||
description | description | |||
"The maximum manycast candidates in this | "The maximum manycast candidates in this | |||
association."; | association"; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 13.2"; | and Algorithms Specification, Section 13.2"; | |||
} | } | |||
leaf beacon { | leaf beacon { | |||
type log2seconds; | type log2seconds; | |||
description | description | |||
"The beacon is the upper limit of poll interval. When the | "The beacon is the upper limit of the poll interval. | |||
ttl reaches its limit without finding the minimum number | When the TTL reaches its limit without finding the | |||
of manycast servers, the poll interval increases until | minimum number of manycast servers, the poll interval | |||
reaching the beacon value, when it starts over from the | increases until reaching the beacon value, when it | |||
beginning."; | starts over from the beginning."; | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 13.2"; | and Algorithms Specification, Section 13.2"; | |||
} | } | |||
uses common-attributes { | uses common-attributes { | |||
description | description | |||
"Common attributes like port, version, min and | "Common attributes like port, version, and min and | |||
max poll."; | max poll"; | |||
} | } | |||
reference | reference | |||
"RFC 5905: Network Time Protocol Version 4: Protocol and | "RFC 5905: Network Time Protocol Version 4: Protocol | |||
Algorithms Specification, Section 3.1"; | and Algorithms Specification, Section 3.1"; | |||
} | } | |||
} | } | |||
} | } | |||
container ntp-statistics { | container ntp-statistics { | |||
config false; | config false; | |||
description | description | |||
"Total NTP packet statistics."; | "Total NTP packet statistics"; | |||
uses statistics { | uses statistics { | |||
description | description | |||
"NTP send and receive packet statistics."; | "NTP send and receive packet statistics"; | |||
} | } | |||
} | } | |||
} | } | |||
rpc statistics-reset { | rpc statistics-reset { | |||
description | description | |||
"Reset statistics collected."; | "Reset statistics collected."; | |||
input { | input { | |||
choice association-or-all { | choice association-or-all { | |||
description | description | |||
"Resets statistics for a particular association or | "Resets statistics for a particular association or | |||
all"; | all."; | |||
case association { | case association { | |||
uses association-ref; | uses association-ref; | |||
description | description | |||
"This resets all the statistics collected for | "This resets all the statistics collected for | |||
the association."; | the association."; | |||
} | } | |||
case all { | case all { | |||
description | description | |||
"This resets all the statistics collected."; | "This resets all the statistics collected."; | |||
} | } | |||
} | } | |||
} | } | |||
} | } | |||
} | } | |||
<CODE ENDS> | <CODE ENDS> | |||
9. Usage Example | 9. Usage Example | |||
This section include examples for illustration purposes. | This section include examples for illustration purposes. | |||
Note: '\' line wrapping per [RFC8792]. | Note: '\' indicates line wrapping per [RFC8792]. | |||
9.1. Unicast association | 9.1. Unicast Association | |||
This example describes how to configure a preferred unicast server | This example describes how to configure a preferred unicast server | |||
present at 192.0.2.1 running at port 1025 with authentication-key 10 | present at 192.0.2.1 running at port 1025 with authentication-key 10 | |||
and version 4 (default). | and version 4 (default). | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
skipping to change at page 42, line 50 ¶ | skipping to change at line 1977 ¶ | |||
<authentication> | <authentication> | |||
<symmetric-key> | <symmetric-key> | |||
<key-id>10</key-id> | <key-id>10</key-id> | |||
</symmetric-key> | </symmetric-key> | |||
</authentication> | </authentication> | |||
</unicast-configuration> | </unicast-configuration> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example is for retrieving unicast configurations - | This example is for retrieving unicast configurations: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<unicast-configuration> | <unicast-configuration> | |||
</unicast-configuration> | </unicast-configuration> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
skipping to change at page 44, line 4 ¶ | skipping to change at line 2027 ¶ | |||
</receive-time> | </receive-time> | |||
<transmit-time>10-10-2017 07:33:55.300 Z+05:30\ | <transmit-time>10-10-2017 07:33:55.300 Z+05:30\ | |||
</transmit-time> | </transmit-time> | |||
<input-time>10-10-2017 07:33:55.305 Z+05:30\ | <input-time>10-10-2017 07:33:55.305 Z+05:30\ | |||
</input-time> | </input-time> | |||
<ntp-statistics> | <ntp-statistics> | |||
<packet-sent>20</packet-sent> | <packet-sent>20</packet-sent> | |||
<packet-sent-fail>0</packet-sent-fail> | <packet-sent-fail>0</packet-sent-fail> | |||
<packet-received>20</packet-received> | <packet-received>20</packet-received> | |||
<packet-dropped>0</packet-dropped> | <packet-dropped>0</packet-dropped> | |||
</ntp-statistics> | </ntp-statistics> | |||
</unicast-configuration> | </unicast-configuration> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.2. Refclock master | 9.2. Refclock Master | |||
This example describes how to configure reference clock with stratum | This example describes how to configure reference clock with stratum | |||
8 - | 8: | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<refclock-master> | <refclock-master> | |||
<master-stratum>8</master-stratum> | <master-stratum>8</master-stratum> | |||
</refclock-master> | </refclock-master> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get reference clock configuration - | This example describes how to get reference clock configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<refclock-master> | <refclock-master> | |||
</refclock-master> | </refclock-master> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<refclock-master> | <refclock-master> | |||
<master-stratum>8</master-stratum> | <master-stratum>8</master-stratum> | |||
</refclock-master> | </refclock-master> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.3. Authentication configuration | 9.3. Authentication Configuration | |||
This example describes how to enable authentication and configure | This example describes how to enable authentication and configure | |||
trusted authentication key 10 with mode as AES-CMAC and an | trusted authentication key 10 with mode as AES-CMAC and a hexadecimal | |||
hexadecimal string key - | string key: | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<authentication> | <authentication> | |||
<auth-enabled>true</auth-enabled> | <auth-enabled>true</auth-enabled> | |||
<authentication-keys> | <authentication-keys> | |||
<key-id>10</key-id> | <key-id>10</key-id> | |||
skipping to change at page 45, line 27 ¶ | skipping to change at line 2098 ¶ | |||
bb1d6929e95937287fa37d129b756746 | bb1d6929e95937287fa37d129b756746 | |||
</hexadecimal-string> | </hexadecimal-string> | |||
</key> | </key> | |||
<istrusted>true</istrusted> | <istrusted>true</istrusted> | |||
</authentication-keys> | </authentication-keys> | |||
</authentication> | </authentication> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
9.4. Access configuration | 9.4. Access Configuration | |||
This example describes how to configure access mode "peer" associated | This example describes how to configure access mode "peer" associated | |||
with ACL 2000 - | with ACL 2000: | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<access-rules> | <access-rules> | |||
<access-rule> | <access-rule> | |||
<access-mode>peer-access-mode</access-mode> | <access-mode>peer-access-mode</access-mode> | |||
<acl>2000</acl> | <acl>2000</acl> | |||
</access-rule> | </access-rule> | |||
</access-rules> | </access-rules> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get access related configuration - | This example describes how to get access-related configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<access-rules> | <access-rules> | |||
</access-rules> | </access-rules> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<access-rules> | <access-rules> | |||
<access-rule> | <access-rule> | |||
<access-mode>peer-access-mode</access-mode> | <access-mode>peer-access-mode</access-mode> | |||
<acl>2000</acl> | <acl>2000</acl> | |||
</access-rule> | </access-rule> | |||
</access-rules> | </access-rules> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.5. Multicast configuration | 9.5. Multicast Configuration | |||
This example describes how to configure a multicast-server with an | ||||
address of "224.0.1.1", port of 1025, version of 3, and | ||||
authentication keyid of 10. | ||||
This example describes how to configure multicast-server with address | ||||
as "224.0.1.1", port as 1025, and version as 3 and authentication | ||||
keyid as 10 - | ||||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
<multicast-server> | <multicast-server> | |||
skipping to change at page 47, line 29 ¶ | skipping to change at line 2172 ¶ | |||
</authentication> | </authentication> | |||
<port>1025</port> | <port>1025</port> | |||
<version>3</version> | <version>3</version> | |||
</multicast-server> | </multicast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get multicast-server related | This example describes how to get multicast-server-related | |||
configuration - | configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<multicast-server> | <multicast-server> | |||
</multicast-server> | </multicast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
skipping to change at page 48, line 40 ¶ | skipping to change at line 2211 ¶ | |||
<minpoll>6</minpoll> | <minpoll>6</minpoll> | |||
<maxpoll>10</maxpoll> | <maxpoll>10</maxpoll> | |||
<port>1025</port> | <port>1025</port> | |||
<version>3</version> | <version>3</version> | |||
</multicast-server> | </multicast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
This example describes how to configure multicast-client with address | This example describes how to configure a multicast-client with an | |||
as "224.0.1.1" - | address of "224.0.1.1": | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
<multicast-client> | <multicast-client> | |||
<address>224.0.1.1</address> | <address>224.0.1.1</address> | |||
</multicast-client> | </multicast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get multicast-client related | This example describes how to get multicast-client-related | |||
configuration - | configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<multicast-client> | <multicast-client> | |||
</multicast-client> | </multicast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
skipping to change at page 50, line 5 ¶ | skipping to change at line 2261 ¶ | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
<multicast-client> | <multicast-client> | |||
<address>224.0.1.1</address> | <address>224.0.1.1</address> | |||
</multicast-client> | </multicast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.6. Manycast configuration | 9.6. Manycast Configuration | |||
This example describes how to configure manycast-client with address | This example describes how to configure a manycast-client with an | |||
as "224.0.1.1", port as 1025 and authentication keyid as 10 - | address of "224.0.1.1", port of 1025, and authentication keyid of 10: | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
skipping to change at page 50, line 34 ¶ | skipping to change at line 2290 ¶ | |||
</symmetric-key> | </symmetric-key> | |||
</authentication> | </authentication> | |||
<port>1025</port> | <port>1025</port> | |||
</manycast-client> | </manycast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get manycast-client related | This example describes how to get manycast-client-related | |||
configuration - | configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<manycast-client> | <manycast-client> | |||
</manycast-client> | </manycast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
skipping to change at page 51, line 42 ¶ | skipping to change at line 2331 ¶ | |||
<beacon>6</beacon> | <beacon>6</beacon> | |||
<minpoll>6</minpoll> | <minpoll>6</minpoll> | |||
<maxpoll>10</maxpoll> | <maxpoll>10</maxpoll> | |||
<port>1025</port> | <port>1025</port> | |||
</manycast-client> | </manycast-client> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
This example describes how to configure manycast-server with address | This example describes how to configure a manycast-server with an | |||
as "224.0.1.1" - | address of "224.0.1.1": | |||
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
<target> | <target> | |||
<running/> | <running/> | |||
</target> | </target> | |||
<config> | <config> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
<manycast-server> | <manycast-server> | |||
<address>224.0.1.1</address> | <address>224.0.1.1</address> | |||
</manycast-server> | </manycast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</config> | </config> | |||
</edit-config> | </edit-config> | |||
This example describes how to get manycast-server related | This example describes how to get manycast-server-related | |||
configuration - | configuration: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<interfaces> | <interfaces> | |||
<interface> | <interface> | |||
<manycast-server> | <manycast-server> | |||
</manycast-server> | </manycast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
skipping to change at page 53, line 5 ¶ | skipping to change at line 2381 ¶ | |||
<interface> | <interface> | |||
<name>Ethernet3/0/0</name> | <name>Ethernet3/0/0</name> | |||
<manycast-server> | <manycast-server> | |||
<address>224.0.1.1</address> | <address>224.0.1.1</address> | |||
</manycast-server> | </manycast-server> | |||
</interface> | </interface> | |||
</interfaces> | </interfaces> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.7. Clock state | 9.7. Clock State | |||
This example describes how to get clock current state - | This example describes how to get clock current state: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<clock-state> | <clock-state> | |||
</clock-state> | </clock-state> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
skipping to change at page 53, line 45 ¶ | skipping to change at line 2421 ¶ | |||
<root-delay>0.5</root-delay> | <root-delay>0.5</root-delay> | |||
<root-dispersion>0.8</root-dispersion> | <root-dispersion>0.8</root-dispersion> | |||
<reference-time>10-10-2017 07:33:55.258 Z+05:30\ | <reference-time>10-10-2017 07:33:55.258 Z+05:30\ | |||
</reference-time> | </reference-time> | |||
<sync-state>clock-synchronized</sync-state> | <sync-state>clock-synchronized</sync-state> | |||
</system-status> | </system-status> | |||
</clock-state> | </clock-state> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.8. Get all association | 9.8. Get All Association | |||
This example describes how to get all associations present in the | ||||
system: | ||||
This example describes how to get all association present in the | ||||
system - | ||||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<associations> | <associations> | |||
</associations> | </associations> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> | |||
skipping to change at page 55, line 4 ¶ | skipping to change at line 2474 ¶ | |||
<input-time>10-10-2017 07:33:55.305 Z+05:30\ | <input-time>10-10-2017 07:33:55.305 Z+05:30\ | |||
</input-time> | </input-time> | |||
<ntp-statistics> | <ntp-statistics> | |||
<packet-sent>20</packet-sent> | <packet-sent>20</packet-sent> | |||
<packet-sent-fail>0</packet-sent-fail> | <packet-sent-fail>0</packet-sent-fail> | |||
<packet-received>20</packet-received> | <packet-received>20</packet-received> | |||
<packet-dropped>0</packet-dropped> | <packet-dropped>0</packet-dropped> | |||
</ntp-statistics> | </ntp-statistics> | |||
</association> | </association> | |||
</associations> | </associations> | |||
</ntp> | </ntp> | |||
</data> | </data> | |||
9.9. Global statistic | 9.9. Global Statistic | |||
This example describes how to get global statistics - | This example describes how to get global statistics: | |||
<get> | <get> | |||
<filter type="subtree"> | <filter type="subtree"> | |||
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> | |||
<ntp-statistics> | <ntp-statistics> | |||
</ntp-statistics> | </ntp-statistics> | |||
</ntp> | </ntp> | |||
</filter> | </filter> | |||
</get> | </get> | |||
skipping to change at page 55, line 40 ¶ | skipping to change at line 2509 ¶ | |||
</data> | </data> | |||
10. IANA Considerations | 10. IANA Considerations | |||
10.1. IETF XML Registry | 10.1. IETF XML Registry | |||
This document registers a URI in the "IETF XML Registry" [RFC3688]. | This document registers a URI in the "IETF XML Registry" [RFC3688]. | |||
Following the format in RFC 3688, the following registration has been | Following the format in RFC 3688, the following registration has been | |||
made. | made. | |||
URI: urn:ietf:params:xml:ns:yang:ietf-ntp | URI: urn:ietf:params:xml:ns:yang:ietf-ntp | |||
Registrant Contact: The IESG. | Registrant Contact: The IESG. | |||
XML: N/A; the requested URI is an XML namespace. | XML: N/A; the requested URI is an XML namespace. | |||
10.2. YANG Module Names | 10.2. YANG Module Names | |||
This document registers a YANG module in the "YANG Module Names" | This document registers a YANG module in the "YANG Module Names" | |||
registry [RFC6020]. | registry [RFC6020]. | |||
Name: ietf-ntp | Name: ietf-ntp | |||
Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp | ||||
Prefix: ntp | Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp | |||
Reference: RFC XXXX | Prefix: ntp | |||
Note: The RFC Editor will replace XXXX with the number assigned to | Reference: RFC 9249 | |||
this document once it becomes an RFC. | ||||
11. Security Considerations | 11. Security Considerations | |||
The YANG module specified in this document defines a schema for data | The YANG module specified in this document defines a schema for data | |||
that is designed to be accessed via network management protocols such | that is designed to be accessed via network management protocols such | |||
as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | as NETCONF [RFC6241] or RESTCONF [RFC8040]. The lowest NETCONF layer | |||
is the secure transport layer, and the mandatory-to-implement secure | is the secure transport layer, and the mandatory-to-implement secure | |||
transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | transport is Secure Shell (SSH) [RFC6242]. The lowest RESTCONF layer | |||
is HTTPS, and the mandatory-to-implement secure transport is TLS | is HTTPS, and the mandatory-to-implement secure transport is TLS | |||
[RFC8446]. | [RFC8446]. | |||
The NETCONF Access Control Model (NACM) [RFC8341] provides the means | The Network Configuration Access Control Model (NACM) [RFC8341] | |||
to restrict access for particular NETCONF or RESTCONF users to a | provides the means to restrict access for particular NETCONF or | |||
preconfigured subset of all available NETCONF or RESTCONF protocol | RESTCONF users to a preconfigured subset of all available NETCONF or | |||
operations and content. The 'nacm:default-deny-all' is used to | RESTCONF protocol operations and content. The 'nacm:default-deny- | |||
prevent retrieval of the key information. | all' is used to prevent retrieval of the key information. | |||
There are a number of data nodes defined in this YANG module that are | There are a number of data nodes defined in this YANG module that are | |||
writable/creatable/deletable (i.e., config true, which is the | writable/creatable/deletable (i.e., config true, which is the | |||
default). These data nodes may be considered sensitive or vulnerable | default). These data nodes may be considered sensitive or vulnerable | |||
in some network environments. Write operations (e.g., edit-config) | in some network environments. Write operations (e.g., edit-config) | |||
to these data nodes without proper protection can have a negative | to these data nodes without proper protection can have a negative | |||
effect on network operations. These are the subtrees and data nodes | effect on network operations. These are the subtrees and data nodes | |||
and their sensitivity/vulnerability: | and their sensitivity/vulnerability: | |||
/ntp/port - This data node specify the port number to be used to | /ntp/port: This data node specifies the port number to be used to | |||
send NTP packets. Unexpected changes could lead to disruption | send NTP packets. Unexpected changes could lead to disruption | |||
and/or network misbehavior. | and/or network misbehavior. | |||
/ntp/authentication and /ntp/access-rules - The entries in the | /ntp/authentication and /ntp/access-rules: The entries in the list | |||
list include the authentication and access control configurations. | include the authentication and access control configurations. | |||
Care should be taken while setting these parameters. | Care should be taken while setting these parameters. | |||
/ntp/unicast-configuration - The entries in the list include all | /ntp/unicast-configuration: The entries in the list include all | |||
unicast configurations (server or peer mode), and indirectly | unicast configurations (server or peer mode) and indirectly | |||
creates or modify the NTP associations. Unexpected changes could | creates or modifies the NTP associations. Unexpected changes | |||
lead to disruption and/or network misbehavior. | could lead to disruption and/or network misbehavior. | |||
/ntp/interfaces/interface - The entries in the list include all | /ntp/interfaces/interface: The entries in the list include all per- | |||
per-interface configurations related to broadcast, multicast and | interface configurations related to broadcast, multicast, and | |||
manycast mode, and indirectly creates or modify the NTP | manycast mode, and indirectly creates or modifies the NTP | |||
associations. Unexpected changes could lead to disruption and/or | associations. Unexpected changes could lead to disruption and/or | |||
network misbehavior. It could also lead to syncronization over | network misbehavior. It could also lead to synchronization over | |||
untrusted source over trusted ones. | an untrusted source over trusted ones. | |||
Some of the readable data nodes in this YANG module may be considered | Some of the readable data nodes in this YANG module may be considered | |||
sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
important to control read access (e.g., via get, get-config, or | important to control read access (e.g., via get, get-config, or | |||
notification) to these data nodes. These are the subtrees and data | notification) to these data nodes. These are the subtrees and data | |||
nodes and their sensitivity/vulnerability: | nodes and their sensitivity/vulnerability: | |||
/ntp/authentication/authentication-keys - The entries in the list | /ntp/authentication/authentication-keys: The entries in the list | |||
includes all the NTP authentication keys. Unauthorized access to | include all the NTP authentication keys. Unauthorized access to | |||
the keys can be easily exploited to permit unauthorized access to | the keys can be easily exploited to permit unauthorized access to | |||
the NTP service. This information is sensitive and thus | the NTP service. This information is sensitive; thus, | |||
unauthorized access to this needs to be curtailed. | unauthorized access to this needs to be curtailed. | |||
/ntp/associations/association/ - The entries in the list includes | /ntp/associations/association/: The entries in the list include all | |||
all active NTP associations of all modes. Exposure of these nodes | active NTP associations of all modes. Exposure of these nodes | |||
could reveal network topology or trust relationship. Unauthorized | could reveal network topology or trust relationships. | |||
access to this also needs to be curtailed. | Unauthorized access to this also needs to be curtailed. | |||
/ntp/authentication and /ntp/access-rules - The entries in the | /ntp/authentication and /ntp/access-rules: The entries in the list | |||
list include the authentication and access control configurations. | include the authentication and access control configurations. | |||
Exposure of these nodes could reveal network topology or trust | Exposure of these nodes could reveal network topology or trust | |||
relationship. | relationships. | |||
Some of the RPC operations in this YANG module may be considered | Some of the RPC operations in this YANG module may be considered | |||
sensitive or vulnerable in some network environments. It is thus | sensitive or vulnerable in some network environments. It is thus | |||
important to control access to these operations. These are the | important to control access to these operations. These are the | |||
operations and their sensitivity/vulnerability: | operations and their sensitivity/vulnerability: | |||
statistics-reset - The RPC is used to reset statistics. | statistics-reset: The RPC is used to reset statistics. Unauthorized | |||
Unauthorized reset could impact monitoring. | reset could impact monitoring. | |||
The leaf /ntp/authentication/authentication-keys/algorithm can be set | The leaf /ntp/authentication/authentication-keys/algorithm can be set | |||
to cryptographic algorithms that are no longer considered to be | to cryptographic algorithms that are no longer considered to be | |||
secure. As per [RFC8573], AES-CMAC is the recommended algorithm. | secure. As per [RFC8573], AES-CMAC is the recommended algorithm. | |||
12. Acknowledgments | 12. References | |||
The authors would like to express their thanks to Sladjana Zoric, | ||||
Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice | ||||
Angermann, Watson Ladd, and Rich Salz for their review and | ||||
suggestions. | ||||
Thanks to Andy Bierman for the YANG doctor review. | ||||
Thanks to Dieter Sibold for being the document shepherd and Erik | ||||
Kline for being the responsible AD. | ||||
Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens | ||||
for GENART review. | ||||
A special thanks to Tom Petch for a very detailed YANG review and | ||||
providing great suggestions for improvements. | ||||
Thanks for the IESG review from Benjamin Kaduk, Francesca Palombini, | ||||
Eric Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and | ||||
Zaheduzzaman Sarker. | ||||
13. References | ||||
13.1. Normative References | 12.1. Normative References | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
<https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, | |||
DOI 10.17487/RFC3688, January 2004, | DOI 10.17487/RFC3688, January 2004, | |||
<https://www.rfc-editor.org/info/rfc3688>. | <https://www.rfc-editor.org/info/rfc3688>. | |||
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, | [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, | |||
"Network Time Protocol Version 4: Protocol and Algorithms | "Network Time Protocol Version 4: Protocol and Algorithms | |||
Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, | Specification", RFC 5905, DOI 10.17487/RFC5905, June 2010, | |||
<https://www.rfc-editor.org/info/rfc5905>. | <https://www.rfc-editor.org/info/rfc5905>. | |||
[RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for | |||
the Network Configuration Protocol (NETCONF)", RFC 6020, | the Network Configuration Protocol (NETCONF)", RFC 6020, | |||
DOI 10.17487/RFC6020, October 2010, | DOI 10.17487/RFC6020, October 2010, | |||
<https://www.rfc-editor.org/info/rfc6020>. | <https://www.rfc-editor.org/info/rfc6020>. | |||
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | ||||
and A. Bierman, Ed., "Network Configuration Protocol | ||||
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | ||||
<https://www.rfc-editor.org/info/rfc6241>. | ||||
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure | ||||
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, | ||||
<https://www.rfc-editor.org/info/rfc6242>. | ||||
[RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", | [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", | |||
RFC 6991, DOI 10.17487/RFC6991, July 2013, | RFC 6991, DOI 10.17487/RFC6991, July 2013, | |||
<https://www.rfc-editor.org/info/rfc6991>. | <https://www.rfc-editor.org/info/rfc6991>. | |||
[RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for | [RFC7317] Bierman, A. and M. Bjorklund, "A YANG Data Model for | |||
System Management", RFC 7317, DOI 10.17487/RFC7317, August | System Management", RFC 7317, DOI 10.17487/RFC7317, August | |||
2014, <https://www.rfc-editor.org/info/rfc7317>. | 2014, <https://www.rfc-editor.org/info/rfc7317>. | |||
[RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", | |||
RFC 7950, DOI 10.17487/RFC7950, August 2016, | RFC 7950, DOI 10.17487/RFC7950, August 2016, | |||
<https://www.rfc-editor.org/info/rfc7950>. | <https://www.rfc-editor.org/info/rfc7950>. | |||
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | ||||
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | ||||
<https://www.rfc-editor.org/info/rfc8040>. | ||||
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
[RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, | [RFC8294] Liu, X., Qu, Y., Lindem, A., Hopps, C., and L. Berger, | |||
"Common YANG Data Types for the Routing Area", RFC 8294, | "Common YANG Data Types for the Routing Area", RFC 8294, | |||
DOI 10.17487/RFC8294, December 2017, | DOI 10.17487/RFC8294, December 2017, | |||
<https://www.rfc-editor.org/info/rfc8294>. | <https://www.rfc-editor.org/info/rfc8294>. | |||
[RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", | |||
skipping to change at page 59, line 45 ¶ | skipping to change at line 2690 ¶ | |||
[RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, | [RFC8519] Jethanandani, M., Agarwal, S., Huang, L., and D. Blair, | |||
"YANG Data Model for Network Access Control Lists (ACLs)", | "YANG Data Model for Network Access Control Lists (ACLs)", | |||
RFC 8519, DOI 10.17487/RFC8519, March 2019, | RFC 8519, DOI 10.17487/RFC8519, March 2019, | |||
<https://www.rfc-editor.org/info/rfc8519>. | <https://www.rfc-editor.org/info/rfc8519>. | |||
[RFC8573] Malhotra, A. and S. Goldberg, "Message Authentication Code | [RFC8573] Malhotra, A. and S. Goldberg, "Message Authentication Code | |||
for the Network Time Protocol", RFC 8573, | for the Network Time Protocol", RFC 8573, | |||
DOI 10.17487/RFC8573, June 2019, | DOI 10.17487/RFC8573, June 2019, | |||
<https://www.rfc-editor.org/info/rfc8573>. | <https://www.rfc-editor.org/info/rfc8573>. | |||
13.2. Informative References | 12.2. Informative References | |||
[RFC1305] Mills, D., "Network Time Protocol (Version 3) | [RFC1305] Mills, D., "Network Time Protocol (Version 3) | |||
Specification, Implementation and Analysis", RFC 1305, | Specification, Implementation and Analysis", RFC 1305, | |||
DOI 10.17487/RFC1305, March 1992, | DOI 10.17487/RFC1305, March 1992, | |||
<https://www.rfc-editor.org/info/rfc1305>. | <https://www.rfc-editor.org/info/rfc1305>. | |||
[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, | [RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, | |||
DOI 10.17487/RFC1321, April 1992, | DOI 10.17487/RFC1321, April 1992, | |||
<https://www.rfc-editor.org/info/rfc1321>. | <https://www.rfc-editor.org/info/rfc1321>. | |||
skipping to change at page 60, line 22 ¶ | skipping to change at line 2714 ¶ | |||
[RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The | [RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The | |||
AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June | AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June | |||
2006, <https://www.rfc-editor.org/info/rfc4493>. | 2006, <https://www.rfc-editor.org/info/rfc4493>. | |||
[RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., | [RFC5907] Gerstung, H., Elliott, C., and B. Haberman, Ed., | |||
"Definitions of Managed Objects for Network Time Protocol | "Definitions of Managed Objects for Network Time Protocol | |||
Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June | Version 4 (NTPv4)", RFC 5907, DOI 10.17487/RFC5907, June | |||
2010, <https://www.rfc-editor.org/info/rfc5907>. | 2010, <https://www.rfc-editor.org/info/rfc5907>. | |||
[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., | ||||
and A. Bierman, Ed., "Network Configuration Protocol | ||||
(NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, | ||||
<https://www.rfc-editor.org/info/rfc6241>. | ||||
[RFC6242] Wasserman, M., "Using the NETCONF Protocol over Secure | ||||
Shell (SSH)", RFC 6242, DOI 10.17487/RFC6242, June 2011, | ||||
<https://www.rfc-editor.org/info/rfc6242>. | ||||
[RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF | ||||
Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, | ||||
<https://www.rfc-editor.org/info/rfc8040>. | ||||
[RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | [RFC8342] Bjorklund, M., Schoenwaelder, J., Shafer, P., Watsen, K., | |||
and R. Wilton, "Network Management Datastore Architecture | and R. Wilton, "Network Management Datastore Architecture | |||
(NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | (NMDA)", RFC 8342, DOI 10.17487/RFC8342, March 2018, | |||
<https://www.rfc-editor.org/info/rfc8342>. | <https://www.rfc-editor.org/info/rfc8342>. | |||
[RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, | [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, | |||
"Handling Long Lines in Content of Internet-Drafts and | "Handling Long Lines in Content of Internet-Drafts and | |||
RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, | RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, | |||
<https://www.rfc-editor.org/info/rfc8792>. | <https://www.rfc-editor.org/info/rfc8792>. | |||
[SHS] NIST, "Secure Hash Standard (SHS)", FIPS PUB 180-4, March | [SHS] NIST, "Secure Hash Standard (SHS)", FIPS PUB 180-4, March | |||
2012, <https://nvlpubs.nist.gov/nistpubs/fips/ | 2012, <https://nvlpubs.nist.gov/nistpubs/fips/ | |||
nist.fips.180-4.pdf>. | nist.fips.180-4.pdf>. | |||
Appendix A. Full YANG Tree | Appendix A. Full YANG Tree | |||
The full tree for ietf-ntp YANG model is - | The full tree for the ietf-ntp YANG data model is as follows. | |||
module: ietf-ntp | module: ietf-ntp | |||
+--rw ntp! | +--rw ntp! | |||
+--rw port? inet:port-number {ntp-port}? | +--rw port? inet:port-number {ntp-port}? | |||
+--rw refclock-master! | +--rw refclock-master! | |||
| +--rw master-stratum? ntp-stratum | | +--rw master-stratum? ntp-stratum | |||
+--rw authentication {authentication}? | +--rw authentication {authentication}? | |||
| +--rw auth-enabled? boolean | | +--rw auth-enabled? boolean | |||
| +--rw authentication-keys* [key-id] | | +--rw authentication-keys* [key-id] | |||
| +--rw key-id uint32 | | +--rw key-id uint32 | |||
| +--rw algorithm? identityref | | +--rw algorithm? identityref | |||
skipping to change at page 64, line 14 ¶ | skipping to change at line 2886 ¶ | |||
+---w (association-or-all)? | +---w (association-or-all)? | |||
+--:(association) | +--:(association) | |||
| +---w associations-address? | | +---w associations-address? | |||
| | -> /ntp/associations/association/address | | | -> /ntp/associations/association/address | |||
| +---w associations-local-mode? | | +---w associations-local-mode? | |||
| | -> /ntp/associations/association/local-mode | | | -> /ntp/associations/association/local-mode | |||
| +---w associations-isconfigured? | | +---w associations-isconfigured? | |||
| -> /ntp/associations/association/isconfigured | | -> /ntp/associations/association/isconfigured | |||
+--:(all) | +--:(all) | |||
Acknowledgments | ||||
The authors would like to express their thanks to Sladjana Zoric, | ||||
Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice | ||||
Angermann, Watson Ladd, and Rich Salz for their review and | ||||
suggestions. | ||||
Thanks to Andy Bierman for the YANG doctor review. | ||||
Thanks to Dieter Sibold for being the Document Shepherd and Erik | ||||
Kline for being the Responsible AD. | ||||
Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens | ||||
for GENART review. | ||||
A special thanks to Tom Petch for a very detailed YANG review and | ||||
providing great suggestions for improvements. | ||||
Thanks for the IESG review from Benjamin Kaduk, Francesca Palombini, | ||||
Eric Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and | ||||
Zaheduzzaman Sarker. | ||||
Authors' Addresses | Authors' Addresses | |||
Nan Wu | Nan Wu | |||
Huawei | Huawei | |||
Huawei Bld., No.156 Beiqing Rd. | Huawei Bld., No.156 Beiqing Rd. | |||
Beijing | Beijing | |||
100095 | 100095 | |||
China | China | |||
Email: eric.wu@huawei.com | Email: eric.wu@huawei.com | |||
Dhruv Dhody (editor) | Dhruv Dhody (editor) | |||
Huawei | Huawei | |||
Divyashree Techno Park, Whitefield | Divyashree Techno Park, Whitefield | |||
Bangalore 560066 | Bangalore 560066 | |||
Kanataka | Kanataka | |||
India | India | |||
Email: dhruv.ietf@gmail.com | Email: dhruv.ietf@gmail.com | |||
Ankit kumar Sinha (editor) | Ankit Kumar Sinha (editor) | |||
RtBrick Inc. | RtBrick Inc. | |||
Bangalore | Bangalore | |||
Kanataka | Kanataka | |||
India | India | |||
Email: ankit.ietf@gmail.com | Email: ankit.ietf@gmail.com | |||
Anil Kumar S N | Anil Kumar S N | |||
RtBrick Inc. | RtBrick Inc. | |||
Bangalore | Bangalore | |||
Kanataka | Kanataka | |||
End of changes. 260 change blocks. | ||||
496 lines changed or deleted | 511 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |