<?xml version="1.0" encoding="windows-1252"?> encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="3"?>
<?rfc tocindent="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?> [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>

<rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" docName="draft-ietf-ntp-yang-data-model-17" ipr="trust200902"> number="9249" ipr="trust200902" obsoletes="" updates="" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3">

  <!-- xml2rfc v2v3 conversion 3.12.2 -->
  <front>
    <title abbrev="YANG for NTP">A YANG Data Model for NTP</title>
    <seriesInfo name="RFC" value="9249"/>
    <author fullname="Nan Wu" initials="N." surname="Wu">
      <organization>Huawei</organization>
      <address>
        <postal>
	  <street>Huawei Bld., No.156 Beiqing Rd.</street>
          <city>Beijing</city>
          <code>100095</code>
          <country>China</country>
        </postal>
        <email>eric.wu@huawei.com</email>
      </address>
    </author>
    <author fullname="Dhruv Dhody" initials="D." surname="Dhody" role="editor">
      <organization>Huawei</organization>
      <address>
        <postal>
          <street>Divyashree Techno Park, Whitefield</street>
          <city>Bangalore</city>
          <region>Kanataka</region>
          <code>560066</code>
          <country>India</country>
        </postal>
        <email>dhruv.ietf@gmail.com</email>
      </address>
    </author>
    <author fullname="Ankit kumar Kumar Sinha" initials="A." surname="Sinha" role="editor">
      <organization>RtBrick Inc.</organization>
      <address>
        <postal>
          <street/>
          <city>Bangalore</city>
          <region>Kanataka</region>
          <code/>
          <country>India</country>
        </postal>
        <email>ankit.ietf@gmail.com</email>
      </address>
    </author>
    <author fullname="Anil Kumar S N" initials="A." surname="Kumar S N">
      <organization>RtBrick Inc.</organization>
      <address>
        <postal>
          <street/>
          <city>Bangalore</city>
          <region>Kanataka</region>
          <code/>
          <country>India</country>
        </postal>
        <email>anil.ietf@gmail.com</email>
      </address>
    </author>
    <author fullname="Yi Zhao" initials="Y." surname="Zhao">
      <organization>Ericsson</organization>
      <address>
        <postal>
          <street>China Digital Kingdom Bld., No.1 WangJing North Rd.</street>
          <city>Beijing</city>
          <code>100102</code>
          <country>China</country>
        </postal>
        <email>yi.z.zhao@ericsson.com</email>
      </address>
    </author>
    <date year="2022"/>
        <area>Internet</area>
    <workgroup>NTP Working Group</workgroup>

    <keyword>NTP, YANG</keyword> year="2022" month="June" />
    <area>int</area>
    <workgroup>ntp</workgroup>
    <keyword>NTP</keyword>
    <keyword>YANG</keyword>

<!-- [rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. -->

<keyword>example</keyword>

    <abstract>
      <t>This document defines a YANG data model for implementations of the
      Network Time Protocol (NTP) version 4 implementations. 4.
<!--[rfced] Is this YANG data model configuring NTP v3 itself?  Please
note that a similar sentence exists in the Introduction that
should also be changed if an update is necessary.

Current:
 It can also be used to configure version 3.

Perhaps:
 It can also be used to configure implementations using version 3.
-->

      It can also be used to configure version 3. The data model includes configuration data and state data.</t>
    </abstract>

    <note title="Requirements Language">
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
      "MAY", and "OPTIONAL" in this document are to be interpreted as
      described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
      appear in all capitals, as shown here.</t>
    </note>
  </front>
  <middle>
    <section title="Introduction"> numbered="true" toc="default">
      <name>Introduction</name>
<!--[rfced] FYI, we have updated the first sentence of the Abstract and
Introduction.  Please review and let us know any concerns.

Original (Abstract):
   This document defines a YANG data model for Network Time Protocol
   (NTP) version 4 implementations.

Current:
   This document defines a YANG data model for implementations of the
   Network Time Protocol (NTP) version 4.

Original (Intro):
   This document defines a YANG [RFC7950] data model for Network Time
   Protocol [RFC5905] implementations.

Current:
   This document defines a YANG data model [RFC7950] for
   implementations of the Network Time Protocol version 4 [RFC5905].
-->

      <t>This document defines a YANG <xref target="RFC7950"/> data model <xref target="RFC7950" format="default"/> for implementations of the
      Network Time Protocol version 4 <xref target="RFC5905"/> implementations. target="RFC5905" format="default"/>. Note that the model could also be used to configure NTPv3 <xref target="RFC1305"/> target="RFC1305" format="default"/> (see <xref target="ver"/>).</t> target="ver" format="default"/>).</t>
      <t>The data model covers configuration of system parameters of NTP, NTP
      such as access rules, authentication and VPN Routing and Forwarding (VRF) binding, and also various modes of NTP and per-interface parameters.
      It also provides access to information about running state of NTP
      implementations.</t>
      <section title="Operational State"> numbered="true" toc="default">
        <name>Operational State</name>
        <t>NTP Operational State operational state is included in the same tree as NTP configuration,
        consistent with Network Management Datastore Architecture (NMDA) "<xref target="RFC8342" format="title"/>" <xref target="RFC8342"/>. target="RFC8342" format="default"/>.
        NTP current state and statistics are also maintained
        in the operational state. The operational state also includes the NTP association state.</t>
      </section>
      <section title="Terminology"> numbered="true" toc="default">
        <name>Terminology</name>
        <t>The terminology used in this document is aligned to with <xref target="RFC5905"/> target="RFC5905" format="default"/> and <xref target="RFC1305"/>.</t> target="RFC1305" format="default"/>.</t>
      </section>
      <section title="Tree Diagrams"> numbered="true" toc="default">
        <name>Tree Diagrams</name>
        <t>A simplified graphical representation of the data model is used in
        this document.
    This document uses the graphical representation of data models
    defined in <xref target="RFC8340"/>.
  </t></section> target="RFC8340" format="default"/>.
        </t>
      </section>
      <section title="Prefixes toc="default" numbered="true">
        <name>Prefixes in Data Node Names" toc="default"> Names</name>
        <t>In this document, names of data nodes and other data
   model objects are often used without a prefix, as long as it is clear
   from the context in which YANG module each name is defined.
   Otherwise, names are prefixed using the standard prefix associated
   with the corresponding YANG module, as shown in <xref target="tab.prefixes" pageno="false" format="default"/>.</t>

      <texttable
        <table anchor="tab.prefixes" title="Prefixes align="center">
          <name>Prefixes and corresponding Corresponding YANG modules" suppress-title="false" align="center" style="full">
        <ttcol align="left">Prefix</ttcol>
        <ttcol Modules</name>
          <thead>
            <tr>
              <th align="left">Prefix</th>
              <th align="left">YANG module</ttcol>
        <ttcol align="left">Reference</ttcol>
        <c>yang</c><c>ietf-yang-types</c><c><xref Module</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">yang</td>
              <td align="left">ietf-yang-types</td>
              <td align="left">
                <xref target="RFC6991" pageno="false" format="default"/></c>
        <c>inet</c><c>ietf-inet-types</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">inet</td>
              <td align="left">ietf-inet-types</td>
              <td align="left">
                <xref target="RFC6991" pageno="false" format="default"/></c>
        <c>if</c><c>ietf-interfaces</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">if</td>
              <td align="left">ietf-interfaces</td>
              <td align="left">
                <xref target="RFC8343" pageno="false" format="default"/></c>
        <c>sys</c><c>ietf-system</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">sys</td>
              <td align="left">ietf-system</td>
              <td align="left">
                <xref target="RFC7317" pageno="false" format="default"/></c>
        <!--<c>key-chain</c><c>ietf-key-chain</c><c><xref target="RFC8177" pageno="false" format="default"/></c>-->
        <c>acl</c><c>ietf-access-control-list</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">acl</td>
              <td align="left">ietf-access-control-list</td>
              <td align="left">
                <xref target="RFC8519" pageno="false" format="default"/></c>
        <c>rt-types</c><c>ietf-routing-types</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">rt-types</td>
              <td align="left">ietf-routing-types</td>
              <td align="left">
                <xref target="RFC8294" pageno="false" format="default"/></c>
        <c>nacm</c><c>ietf-netconf-acm</c><c><xref format="default"/></td>
            </tr>
            <tr>
              <td align="left">nacm</td>
              <td align="left">ietf-netconf-acm</td>
              <td align="left">
                <xref target="RFC8341" pageno="false" format="default"/></c>

      </texttable> format="default"/></td>
            </tr>
          </tbody>
        </table>
      </section>
      <section title="References toc="default" numbered="true">
        <name>References in the Model" toc="default">
      <t>Following Model</name>
        <t>The following documents are referenced in the model defined in this
   document -</t>
   <texttable
   document.</t>
        <table anchor="tab.ref" title="References align="center">
          <name>References in the YANG modules" suppress-title="false" align="center" style="full">
        <ttcol align="left">Title</ttcol>
        <ttcol align="left">Reference</ttcol>
        <c>Network Module</name>
          <thead>
            <tr>
              <th align="left">Title</th>
              <th align="left">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td align="left">Network Time Protocol Version 4: Protocol and Algorithms Specification</c><c><xref Specification</td>
              <td align="left">
                <xref target="RFC5905" pageno="false" format="default"/></c>
        <c>Common format="default"/></td>
            </tr>
            <tr>
              <td align="left">Common YANG Data Types</c><c><xref Types</td>
              <td align="left">
                <xref target="RFC6991" pageno="false" format="default"/></c>
        <c>A format="default"/></td>
            </tr>
            <tr>
              <td align="left">A YANG Data Model for System Management</c><c><xref Management</td>
              <td align="left">
                <xref target="RFC7317" pageno="false" format="default"/></c>
        <!--<c>YANG Data Model for Key Chains</c><c><xref target="RFC8177" pageno="false" format="default"/></c>-->
        <c>Common format="default"/></td>
            </tr>
            <tr>
              <td align="left">Common YANG Data Types for the Routing Area</c><c><xref Area</td>
              <td align="left">
                <xref target="RFC8294" pageno="false" format="default"/></c>
        <c>Network format="default"/></td>
            </tr>
            <tr>
              <td align="left">Network Configuration Access Control Model</c><c><xref Model</td>
              <td align="left">
                <xref target="RFC8341" pageno="false" format="default"/></c>
        <c>A format="default"/></td>
            </tr>
            <tr>
              <td align="left">A YANG Data Model for Interface Management</c><c><xref Management</td>
              <td align="left">
                <xref target="RFC8343" pageno="false" format="default"/></c>
        <c>YANG format="default"/></td>
            </tr>
            <tr>
              <td align="left">YANG Data Model for Network Access Control Lists (ACLs)</c><c><xref (ACLs)</td>
              <td align="left">
                <xref target="RFC8519" pageno="false" format="default"/></c>
        <c>Message format="default"/></td>
            </tr>
            <tr>
              <td align="left">Message Authentication Code for the Network Time Protocol</c><c><xref Protocol</td>
              <td align="left">
                <xref target="RFC8573" pageno="false" format="default"/></c>
        <c>The format="default"/></td>
            </tr>
            <tr>
              <td align="left">The AES-CMAC Algorithm</c><c><xref Algorithm</td>
              <td align="left">
                <xref target="RFC4493" pageno="false" format="default"/></c>
        <c>The format="default"/></td>
            </tr>
            <tr>
              <td align="left">The MD5 Message-Digest Algorithm</c><c><xref Algorithm</td>
              <td align="left">
                <xref target="RFC1321" pageno="false" format="default"/></c>
        <c>US format="default"/></td>
            </tr>
            <tr>
              <td align="left">US Secure Hash Algorithm 1 (SHA1)</c><c><xref (SHA1)</td>
              <td align="left">
                <xref target="RFC3174" pageno="false" format="default"/></c>
        <c>FIPS format="default"/></td>
            </tr>
            <tr>
              <td align="left">FIPS 180-4: Secure Hash Standard (SHS)</c><c><xref target="SHS"/></c>
        </texttable> (SHS)</td>
              <td align="left">
                <xref target="SHS" format="default"/></td>
            </tr>
          </tbody>
        </table>
      </section>
          <section>
	    <name>Requirements Language</name>
         <t>
    The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
    "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>",
    "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
    "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
    "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be
    interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref
    target="RFC8174"/> when, and only when, they appear in all capitals, as
    shown here.
        </t>

    </section>
    </section>
    <section title="NTP data model"> numbered="true" toc="default">
      <name>NTP Data Model</name>
      <t>This document defines the YANG module "ietf-ntp", which has the
      following condensed structure:<figure>
          <artwork><![CDATA[ structure:</t>

<sourcecode type="yangtree"><![CDATA[
module: ietf-ntp
  +--rw ntp!
     +--rw port?                    inet:port-number {ntp-port}?
     +--rw refclock-master!
     |  +--rw master-stratum?   ntp-stratum
     +--rw authentication {authentication}?
     |  +--rw auth-enabled?          boolean
     |  +--rw authentication-keys* [key-id]
     |     +--rw key-id       uint32
     |     +--...
     +--rw access-rules {access-rules}?
     |  +--rw access-rule* [access-mode]
     |     +--rw access-mode    identityref
     |     +--rw acl?           -> /acl:acls/acl/name
     +--ro clock-state
     |  +--ro system-status
     |     +--ro clock-state                  identityref
     |     +--ro clock-stratum                ntp-stratum
     |     +--ro clock-refid                  refid
     |     +--...
     +--rw unicast-configuration* [address type]
     |       {unicast-configuration}?
     |  +--rw address           inet:ip-address
     |  +--rw type              identityref
     |  +--...
     +--rw associations
     |  +--ro association* [address local-mode isconfigured]
     |     +--ro address           inet:ip-address
     |     +--ro local-mode        identityref
     |     +--ro isconfigured      boolean
     |     +--...
     |     +--ro ntp-statistics
     |        +--...
     +--rw interfaces
     |  +--rw interface* [name]
     |     +--rw name                if:interface-ref
     |     +--rw broadcast-server! {broadcast-server}?
     |     |  +--...
     |     +--rw broadcast-client! {broadcast-client}?
     |     +--rw multicast-server* [address] {multicast-server}?
     |     |  +--rw address
     |     |  |       rt-types:ip-multicast-group-address
     |     |  +--...
     |     +--rw multicast-client* [address] {multicast-client}?
     |     |  +--rw address    rt-types:ip-multicast-group-address
     |     +--rw manycast-server* [address] {manycast-server}?
     |     |  +--rw address    rt-types:ip-multicast-group-address
     |     +--rw manycast-client* [address] {manycast-client}?
     |        +--rw address
     |        |       rt-types:ip-multicast-group-address
     |        +--...
     +--ro ntp-statistics
        +--...

  rpcs:
    +---x statistics-reset
       +---w input
          +---w (association-or-all)?
             +--:(association)
             |  +---w associations-address?
             |  |       -> /ntp/associations/association/address
             |  +---w associations-local-mode?
             |  |       -> /ntp/associations/association/local-mode
             |  +---w associations-isconfigured?
             |          -> /ntp/associations/association/isconfigured
             +--:(all)

]]></artwork>
      </figure></t>

]]></sourcecode>
      <t>The full data model tree for the YANG module "ietf-ntp" is in <xref target="full"/>.</t> target="full" format="default"/>.</t>
      <t>This data model defines one top-level container which that includes both
        the NTP configuration and the NTP running state including access rules,
      authentication, associations, unicast configurations, interfaces, system status status, and associations.</t>
    </section>
    <section title="Relationship numbered="true" toc="default">
      <name>Relationship with NTPv4-MIB"> NTPv4-MIB</name>
      <t>If the device implements the NTPv4-MIB <xref target="RFC5907"/>, target="RFC5907" format="default"/>, data
      nodes from the YANG module can be mapped
      to table entries in the NTPv4-MIB.</t>
      <t>The following tables list the YANG data nodes with corresponding
      objects in the NTPv4-MIB.</t>

      <t>YANG

<!--[rfced] Regarding Tables 3, 4, and 5, for the ease of the reader, would
you like to add text within each empty table cell (such as "[no equivalent]")
or add a sentence before each table to be specific about the meaning of
an empty cell? We are referring to these cells:

Table 3:
      |                           | ntpEntStatusActiveRefSourceName |

Table 4:
   |                                       |      ntpAssocAddress      |

Table 5:

    |                               |          server/name           |
-->
      <table align="center">
	<name>YANG NTP Configuration Data Nodes in /ntp/clock-state/system-status and Related NTPv4-MIB Objects</t>

      <texttable>
          <ttcol align="center">YANG data nodes in /ntp/clock-state/system-status</ttcol>
          <ttcol align="center">NTPv4-MIB objects</ttcol>
          <c>clock-state</c>
          <c>ntpEntStatusCurrentMode</c>
          <c>clock-stratum</c>
          <c>ntpEntStatusStratum</c>
          <c>clock-refid</c>
          <c>ntpEntStatusActiveRefSourceId</c>
          <c> </c>
          <c>ntpEntStatusActiveRefSourceName</c>
          <c>clock-precision</c>
          <c>ntpEntTimePrecision</c>
          <c>clock-offset</c>
          <c>ntpEntStatusActiveOffset</c>
          <c>root-dispersion</c>
          <c>ntpEntStatusDispersion</c>
          <postamble/>
      </texttable>

      <texttable>
          <ttcol Objects</name>
        <thead>
          <tr>
            <th align="center">YANG data nodes Data Nodes in /ntp/associations/</ttcol>
          <ttcol /ntp/clock-state/system-status</th>
            <th align="center">NTPv4-MIB objects</ttcol>
          <c>address</c>
          <c>ntpAssocAddressType</c>
          <c> </c>
          <c>ntpAssocAddress</c>
          <c>stratum</c>
          <c>ntpAssocStratum</c>
          <c>refid</c>
          <c>ntpAssocRefId</c>
          <c>offset</c>
          <c>ntpAssocOffset</c>
          <c>delay</c>
          <c>ntpAssocStatusDelay</c>
          <c>dispersion</c>
          <c>ntpAssocStatusDispersion</c>
          <c>ntp-statistics/packet-sent</c>
          <c>ntpAssocStatOutPkts</c>
          <c>ntp-statistics/packet-received</c>
          <c>ntpAssocStatInPkts</c>
          <c>ntp-statistics/packet-dropped</c>
          <c>ntpAssocStatProtocolError</c>
          <postamble/>
      </texttable>

      <t>YANG Objects</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="center">clock-state</td>
            <td align="center">ntpEntStatusCurrentMode</td>
          </tr>
          <tr>
            <td align="center">clock-stratum</td>
            <td align="center">ntpEntStatusStratum</td>
          </tr>
          <tr>
            <td align="center">clock-refid</td>
            <td align="center">ntpEntStatusActiveRefSourceId</td>
          </tr>
          <tr>
            <td align="center"> </td>
            <td align="center">ntpEntStatusActiveRefSourceName</td>
          </tr>
          <tr>
            <td align="center">clock-precision</td>
            <td align="center">ntpEntTimePrecision</td>
          </tr>
          <tr>
            <td align="center">clock-offset</td>
            <td align="center">ntpEntStatusActiveOffset</td>
          </tr>
          <tr>
            <td align="center">root-dispersion</td>
            <td align="center">ntpEntStatusDispersion</td>
          </tr>
        </tbody>
      </table>
      <t keepWithPrevious="true"/>
      <table align="center">
		<name>YANG NTP State Data Nodes in /ntp/associations/ and Related NTPv4-MIB Objects</t> Objects</name>
        <thead>
          <tr>
            <th align="center">YANG Data Nodes in /ntp/associations/</th>
            <th align="center">NTPv4-MIB Objects</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="center">address</td>
            <td align="center">ntpAssocAddressType</td>
          </tr>
          <tr>
            <td align="center"> </td>
            <td align="center">ntpAssocAddress</td>
          </tr>
          <tr>
            <td align="center">stratum</td>
            <td align="center">ntpAssocStratum</td>
          </tr>
          <tr>
            <td align="center">refid</td>
            <td align="center">ntpAssocRefId</td>
          </tr>
          <tr>
            <td align="center">offset</td>
            <td align="center">ntpAssocOffset</td>
          </tr>
          <tr>
            <td align="center">delay</td>
            <td align="center">ntpAssocStatusDelay</td>
          </tr>
          <tr>
            <td align="center">dispersion</td>
            <td align="center">ntpAssocStatusDispersion</td>
          </tr>
          <tr>
            <td align="center">ntp-statistics/packet-sent</td>
            <td align="center">ntpAssocStatOutPkts</td>
          </tr>
          <tr>
            <td align="center">ntp-statistics/packet-received</td>
            <td align="center">ntpAssocStatInPkts</td>
          </tr>
          <tr>
            <td align="center">ntp-statistics/packet-dropped</td>
            <td align="center">ntpAssocStatProtocolError</td>
          </tr>
        </tbody>
      </table>

    </section>
    <section title="Relationship numbered="true" toc="default">
      <name>Relationship with RFC 7317"> 7317</name>
      <t>This section describes the relationship with NTP definition of NTP in
      Section 3.2 System <xref target="RFC7317" section="3.2" sectionFormat="bare">System Time Management Management</xref> of <xref target="RFC7317"/> . target="RFC7317" format="default"/>.
      YANG data nodes in /ntp/ also support per-interface
      configuration
      configuration, which is not supported in /system/ntp.
      If the yang YANG data model defined in this document is implemented, then
      /system/ntp SHOULD NOT <bcp14>SHOULD NOT</bcp14> be used and MUST <bcp14>MUST</bcp14> be ignored.</t>

      <texttable>
          <ttcol
      <table align="center">
	<name>YANG NTP Configuration Data Nodes and Counterparts from RFC 7317</name>
        <thead>
          <tr>
            <th align="center">YANG data nodes Data Nodes in /ntp/ </ttcol>
          <ttcol </th>
            <th align="center">YANG data nodes in /system/ntp</ttcol>
          <c>ntp!</c>
          <c>enabled</c>
          <c>unicast-configuration</c>
          <c>server</c>
          <c> </c>
          <c>server/name</c>
          <c>unicast-configuration/address</c>
          <c>server/transport/udp/address</c>
          <c>unicast-configuration/port</c>
          <c>server/transport/udp/port</c>
          <c>unicast-configuration/type</c>
          <c>server/association-type</c>
          <c>unicast-configuration/iburst</c>
          <c>server/iburst</c>
          <c>unicast-configuration/prefer</c>
          <c>server/prefer</c>
          <postamble>YANG NTP Configuration Data Nodes and counterparts in RFC 7317 Objects</postamble>
      </texttable> /system/ntp</th>
          </tr>
        </thead>
        <tbody>
          <tr>
            <td align="center">ntp!</td>
            <td align="center">enabled</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration</td>
            <td align="center">server</td>
          </tr>
          <tr>
            <td align="center"> </td>
            <td align="center">server/name</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration/address</td>
            <td align="center">server/transport/udp/address</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration/port</td>
            <td align="center">server/transport/udp/port</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration/type</td>
            <td align="center">server/association-type</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration/iburst</td>
            <td align="center">server/iburst</td>
          </tr>
          <tr>
            <td align="center">unicast-configuration/prefer</td>
            <td align="center">server/prefer</td>
          </tr>
        </tbody>
      </table>
    </section>
    <section title="Access Rules"> numbered="true" toc="default">
      <name>Access Rules</name>
<!--[rfced] The following sentence is problematic in a few ways:

Original:
   The access rules in this section refers to the on-the-wire access
   control to the NTP service and completely independent of any
   management API access control, e.g., NETCONF Access Control Model
   (NACM) ([RFC8341]).

a) There is a subject/verb agreement issue between "access rules" and "refers".

b) What is the subject of "completely independent of any management
API access control": is text missing there?  Please rephrase.

Perhaps:
   The access rules in this section refer to the on-the-wire access
   control to the NTP service and are completely independent of any
   management API access control, e.g., NETCONF Access Control Model
   (NACM) [RFC8341].
-->

      <t>The access rules in this section refers to the on-the-wire
access control to the NTP service and completely independent of any management API access control, e.g., NETCONF Access Control Model (NACM) (<xref target="RFC8341"/>).</t> <xref target="RFC8341" format="default"/>.</t>
      <t>An Access Control List (ACL) is one of the basic elements used to
   configure device-forwarding behavior. An ACL is a user-ordered set of rules that is used to filter traffic
   on a networking device.</t>
      <t>As per <xref target="RFC1305"/> target="RFC1305" format="default"/> (for NTPv3) and <xref target="RFC5905"/> target="RFC5905" format="default"/> (for NTPv4), NTP could
include an access-control feature that prevents unauthorized access and
that controls which peers are allowed to update the local clock. Further Further, it is useful to differentiate between the various kinds of access and attach a different acl-rule to each. For this, the YANG module allows such configuration via /ntp/access-rules. The access-rule itself is configured via <xref target="RFC8519"/>.</t>
<t>Following target="RFC8519" format="default"/>.</t>
      <t>The following access modes are supported supported:
      </t>
<!--[rfced] May we make this change so that the first bulleted item
is more similar to those that follow?  Note -
<list style="symbols">
<t>Peer: this change would also
solve an issue based on the first clause not having a subject but
the second clause using "it".

Original:
   *  Peer: Permit others to synchronize their time with the NTP entity
      or it can synchronize its time with others.  NTP control queries
      are also accepted.</t>
<t>Server: accepted.

Perhaps:
   * Peer: Permit others to synchronize their time with the NTP entity
     or vice versa.  NTP control queries are also accepted.

Note also that a similar edit could be made to the description clause that follows:

Original:
         "Permit others to synchronize their time with this NTP
          entity or it can synchronize its time with others.

Perhaps:
         "Permit others to synchronize their time with this NTP
          entity or vice versa.
-->

      <dl spacing="normal">
        <dt>Peer:</dt> <dd>Permit others to synchronize their time with the NTP entity or it can synchronize its time with others. NTP control queries are also accepted.</dd>
        <dt>Server:</dt><dd>Permit others to synchronize their time with the NTP entity, but vice versa is not supported. NTP control queries are accepted.</t>
<t>Server-only: Permit accepted.</dd>
        <dt>Server-only:</dt><dd>Permit others to synchronize their time with the NTP entity, but vice versa is not supported. NTP control queries are not accepted.</t>
<t>Query-only: Only accepted.</dd>
        <dt>Query-only:</dt><dd>Only control queries are accepted.</t>
  </list></t> accepted.</dd>
      </dl>
      <t>Query-only is the most restricted where as whereas the peer is the full access authority. The ability to give different ACL rules for different access modes allows for a greater control by the operator.</t>
    </section>
    <section title="Key Management"> numbered="true" toc="default">
      <name>Key Management</name>
      <t>As per <xref target="RFC1305"/> target="RFC1305" format="default"/> (for NTPv3) and <xref target="RFC5905"/> target="RFC5905" format="default"/> (for NTPv4), when authentication is enabled, NTP employs
a crypto-checksum, computed by the sender and checked by the receiver,
together with a set of predistributed algorithms, and
cryptographic keys indexed by a key identifier included in the NTP message. This key-id is a 32-bit unsigned integer that MUST <bcp14>MUST</bcp14> be configured on the NTP peers before the authentication could can be used.
For this reason, this YANG module allows such configuration via /ntp/authentication/authentication-keys/. Further at the time of configuration of NTP association (for example example, unicast-server), the key-id is specified.</t>
      <t>The 'nacm:default-deny-all' is
used to prevent retrieval of the actual key information after it is set.</t>
    </section>
    <section title="NTP Version" anchor="ver"> anchor="ver" numbered="true" toc="default">
      <name>NTP Version</name>
      <t>This YANG data model allow allows a version to be configured for the NTP association i.e. association, i.e., an operator can control the use of NTPv3 <xref target="RFC1305"/> target="RFC1305" format="default"/> or NTPv4 <xref target="RFC5905"/> target="RFC5905" format="default"/> for each association it forms. This allows backward compatibility with a legacy system. Note that the version 3 of NTP NTPv3 <xref target="RFC1305"/> target="RFC1305" format="default"/> is obsoleted by NTPv4 <xref target="RFC5905"/>. target="RFC5905" format="default"/>.
      </t>
    </section>
    <section title="NTP numbered="true" toc="default">
      <name>NTP YANG Module">
      <t><figure align="left">
          <artwork><![CDATA[
<CODE BEGINS> file "ietf-ntp@2022-03-21.yang" Module</name>

<!--[rfced] We had the following questions about text that appears
     inside the YANG module.

a) We lowercased "Indicates" twice in text like the following.  Please
let us know any objections.

Original:
          description
            "The signed time offset to the current selected reference
             time source, e.g., '0.032ms' or '1.232ms'.  The negative
             value Indicates that the local clock is behind the
             current selected reference time source.";

b) Please review the use of "dispersion" in the following text.
(Is it accurate to say "dispersion between"?)

Original:
          description
            "The dispersion between the local clock
             and the root clock, e.g., '6.927ms'.";

For comparison, in RFC 5905, it says:
   Root Dispersion (rootdisp): Total dispersion to the reference clock,
   in NTP short format.

c) Please confirm that Peer should be capitalized in the following
text.  We guess this is referring to the access mode, but don't see
any other instances of a capitalized "Peer" in the document.  However,
we do see the use of lowercase peer in quotes (see below).  Please
review and let us know if any updates should be made.

Original:
        }
        container ntp-statistics {
          description
            "Per Peer packet send and receive statistics";
          uses statistics {
            description
              "NTP send and receive packet statistics";
          }

Perhaps:
           "Per-peer statistics on packets sent and received";
...
           "NTP statistics on packets sent and received";

Original:
   This example describes how to configure access mode "peer" associated
   with ACL 2000 -

Perhaps:
   This example describes how to configure "peer-access-mode" associated
   with ACL 2000 -

d) Please clarify this list (note that similar text occurs multiple
times in the YANG module).

Original:
         Discontinuities in the value of this counter can occur
         upon cold start or reinitialization of the NTP entity, the
         management system and at other times.

Perhaps:
         Discontinuities in the value of this counter can occur
         upon cold start, reinitialization of the NTP entity or the
         management system, and at other times.

e) Please review the use of "(mode 6)" in the text that follows.  We
note that 1) the text above it is very similar but does not mark
"(mode 6)" 2) the previous 5 modes used "mode" in their names (for
example, "server authentication mode (mode 4)", and 3) that
"multicast-client" operates very similarly in the sentence, but has no
mode designation.  Please review and let us know if/how we should
update.

Original:

     identity broadcast-server {
       base association-mode;
       description
         "Use broadcast server mode (mode 5).
          This mode defines that its either working
          as broadcast-server or multicast-server.";
     }

     identity broadcast-client {
       base association-mode;
       description

         "This mode defines that its either working
          as broadcast-client (mode 6) or multicast-client.";
-->

<!--[rfced] In the YANG module, is it intentional that the
"contact" only includes the editors of the RFC? If so, that's fine.
If not, may we update it to list each individual who is listed in
the header of the RFC?
-->

      <sourcecode name="ietf-ntp@2022-06-10.yang" type="yang" markers="true"><![CDATA[
module ietf-ntp {
  yang-version 1.1;
  namespace "urn:ietf:params:xml:ns:yang:ietf-ntp";
  prefix ntp;

  import ietf-yang-types {
    prefix yang;
    reference
      "RFC 6991: Common YANG Data Types";
  }
  import ietf-inet-types {
    prefix inet;
    reference
      "RFC 6991: Common YANG Data Types";
  }
  import ietf-interfaces {
    prefix if;
    reference
      "RFC 8343: A YANG Data Model for Interface Management";
  }
  import ietf-system {
    prefix sys;
    reference
      "RFC 7317: A YANG Data Model for System Management";
  }
  import ietf-access-control-list {
    prefix acl;
    reference
      "RFC 8519: YANG Data Model for Network Access Control
       Lists (ACLs)";
  }
  import ietf-routing-types {
    prefix rt-types;
    reference
      "RFC 8294: Common YANG Data Types for the Routing Area";
  }
  import ietf-netconf-acm {
    prefix nacm;
    reference
      "RFC 8341: Network Configuration Protocol (NETCONF) Access Control Model";
  }

  organization
    "IETF NTP (Network Time Protocol) Working Group";
  contact
    "WG Web:  <https://datatracker.ietf.org/wg/ntp/about/>  <https://datatracker.ietf.org/wg/ntp/>
     WG List:  <mailto: ntp@ietf.org
     Editor:   Dhruv Dhody
              <mailto:dhruv.ietf@gmail.com>
     Editor:   Ankit Kumar Sinha
              <mailto:ankit.ietf@gmail.com>";
  description
    "This document defines a YANG data model for implementations of
     the Network Time Protocol
     (NTP) implementations. (NTP). The data model includes
     configuration data and state data.

     The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
     NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
     'MAY', and 'OPTIONAL' in this document are to be interpreted as
     described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
     they appear in all capitals, as shown here.

     Copyright (c) 2022 IETF Trust and the persons identified as
     authors of the code.  All rights reserved.

     Redistribution and use in source and binary forms, with or
     without modification, is permitted pursuant to, and subject
     to the license terms contained in, the Revised BSD License
     set forth in Section 4.c of the IETF Trust's Legal Provisions
     Relating to IETF Documents
     (https://trustee.ietf.org/license-info).

     This version of this YANG module is part of RFC XXXX; 9249; see the
     RFC itself for full legal notices.";

  revision 2022-03-21 2022-06-10 {
    description
      "Initial revision."; revision";
    reference
      "RFC XXXX: 9249: A YANG Data Model for NTP."; NTP";
  }

  /* Note: The RFC Editor will replace XXXX with the number assigned
  to this document once it becomes an RFC.*/
  /* Typedef Definitions */

  typedef ntp-stratum {
    type uint8 {
      range "1..16";
    }
    description
      "The level of each server in the hierarchy is defined by
       a stratum.  Primary servers are assigned with stratum
       one; secondary servers at each lower level are assigned with
       one stratum greater than the preceding level"; level.";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3";
  }

  typedef ntp-version {
    type uint8 {
      range "3..max";
    }
    default "4";
    description
      "The current NTP version supported by the corresponding
       association.";
       association";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 1";
  }

  typedef refid {
    type union {
      type inet:ipv4-address;
      type uint32;
      type string {
        length "4";
      }
    }
    description
      "A code identifying the particular server or reference
       clock.  The interpretation depends upon stratum.  It
       could be an IPv4 address or address, the first 32 bits of the MD5 hash
       of the IPv6 address address, or a string for the Reference Identifier
       and KISS codes.  Some examples:

       -- a refclock ID like '127.127.1.0' for local clock sync

       -- uni/multi/broadcast associations for IPv4 will look like
          '203.0.113.1' and '0x4321FEDC' for IPv6

       -- sync with a primary source will look like 'DCN', 'NIST',
          'ATOM'

       -- KISS codes will look like 'AUTH', 'DROP', or 'RATE'

       Note that the use of an MD5 hash for IPv6 address addresses is not
       for cryptographic purposes "; purposes.";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 7.3";
  }

  typedef ntp-date-and-time {
    type union {
      type yang:date-and-time;
      type uint8;
    }
    description
      "Follows the date-and-time format when valid value exist,
       otherwise values exist.
       Otherwise, allows for setting a special value such as
       zero.";
    reference
      "RFC 6991: Common YANG Data Types";
  }

  typedef log2seconds {
    type int8;
    description
      "An 8-bit signed integer that represents signed log2
       seconds.";
  }

  /* features */

  feature ntp-port {
    description
      "Support for NTP port configuration";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 7.2";
  }

  feature authentication {
    description
      "Support for NTP symmetric key authentication";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 7.3";
  }

  feature deprecated {
    description
      "Support deprecated MD5-based authentication (RFC 8573) or
       SHA-1 8573),
       SHA-1, or any other deprecated authentication mechanism.
       It is enabled to support legacy compatibility when secure
       cryptographic algorithms are not available to use.
       It is also used to configure keystrings in ASCII format.";
    reference
      "RFC 1321: The MD5 Message-Digest Algorithm Algorithm,
       RFC 3174: US Secure Hash Algorithm 1 (SHA1) (SHA1),
       FIPS 180-4: Secure Hash Standard (SHS)";
  }

  feature hex-key-string {
    description
      "Support hexadecimal key string."; string";
  }

  feature access-rules {
    description
      "Support for NTP access control";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 9.2";
  }

  feature unicast-configuration {
    description
      "Support for NTP client/server or active/passive
       in unicast";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3";
  }

  feature broadcast-server {
    description
      "Support for broadcast server";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3";
  }

  feature broadcast-client {
    description
      "Support for broadcast client";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3";
  }

  feature multicast-server {
    description
      "Support for multicast server";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3.1";
  }
  feature multicast-client {
    description
      "Support for multicast client";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3.1";
  }

  feature manycast-server {
    description
      "Support for manycast server";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3.1";
  }

  feature manycast-client {
    description
      "Support for manycast client";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3.1";
  }

  /* Identity */
  /* unicast-configurations types */

  identity unicast-configuration-type {
    if-feature "unicast-configuration";
    description
      "This defines NTP unicast mode of operation as used
       for unicast-configurations.";
  }

  identity uc-server {
    if-feature "unicast-configuration";
    base unicast-configuration-type;
    description
      "Use client association mode where the unicast server
       address is configured.";
  }

  identity uc-peer {
    if-feature "unicast-configuration";
    base unicast-configuration-type;
    description
      "Use symmetric active association mode where the peer
       address is configured.";
  }

  /* association-modes */

  identity association-mode {
    description
      "The NTP association modes."; modes";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 3";
  }

  identity active {
    base association-mode;
    description
      "Use symmetric active association mode (mode 1).
       This device may synchronize with its NTP peer, peer
       or provide synchronization to a configured NTP peer.";
  }

  identity passive {
    base association-mode;
    description
      "Use symmetric passive association mode (mode 2).
       This device has learned this association dynamically.
       This device may synchronize with its NTP peer.";
  }

  identity client {
    base association-mode;
    description
      "Use client association mode (mode 3).
       This device will not provide synchronization
       to the configured NTP server.";
  }

  identity server {
    base association-mode;
    description
      "Use server association mode (mode 4).
       This device will provide synchronization to
       NTP clients.";
  }

  identity broadcast-server {
    base association-mode;
    description
      "Use broadcast server mode (mode 5).
       This mode defines that its it's either working
       as a broadcast-server or a multicast-server.";
  }

  identity broadcast-client {
    base association-mode;
    description
      "This mode defines that its it's either working
       as a broadcast-client (mode 6) or a multicast-client.";
  }

  /* access-mode */

  identity access-mode {
    if-feature "access-rules";
    description
      "This defines NTP access modes.  These identify
       how the ACL is applied with NTP.";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section 9.2";
  }

  identity peer-access-mode {
    if-feature "access-rules";
    base access-mode;
    description
      "Permit others to synchronize their time with this NTP
       entity or it can synchronize its time with others.
       NTP control queries are also accepted.  This enables
       full access authority.";
  }

  identity server-access-mode {
    if-feature "access-rules";
    base access-mode;
    description
      "Permit others to synchronize their time with this NTP
       entity, but vice versa is not supported.  NTP control
       queries are accepted.";
  }

  identity server-only-access-mode {
    if-feature "access-rules";
    base access-mode;
    description
      "Permit others to synchronize their time with this NTP
       entity, but vice versa is not supported.  NTP control
       queries are not accepted.";
  }

  identity query-only-access-mode {
    if-feature "access-rules";
    base access-mode;
    description
      "Only control queries are accepted.";
  }

  /* clock-state */

  identity clock-state {
    description
      "This defines NTP clock status at a high level.";
  }

  identity synchronized {
    base clock-state;
    description
      "Indicates that the local clock has been synchronized with
       an NTP server or the reference clock.";
  }

  identity unsynchronized {
    base clock-state;
    description
      "Indicates that the local clock has not been synchronized
       with any NTP server.";
  }

  /* ntp-sync-state */

  identity ntp-sync-state {
    description
      "This defines NTP clock sync state at a more granular
       level.  Referred to as 'Clock state definitions' in
       RFC 5905"; 5905.";
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Appendix A.1.1";
  }

  identity clock-never-set {
    base ntp-sync-state;
    description
      "Indicates the clock was never set.";
  }

  identity freq-set-by-cfg {
    base ntp-sync-state;
    description
      "Indicates the clock frequency is set by
       NTP configuration or file.";
  }

  identity spike {
    base ntp-sync-state;
    description
      "Indicates a spike is detected.";
  }

  identity freq {
    base ntp-sync-state;
    description
      "Indicates the frequency mode.";
  }

  identity clock-synchronized {
    base ntp-sync-state;
    description
      "Indicates that the clock is synchronized"; synchronized.";
  }

  /* crypto-algorithm */

  identity crypto-algorithm {
    description
      "Base identity of cryptographic algorithm options.";
  }

  identity md5 {
    if-feature "deprecated";
    base crypto-algorithm;
    description
      "The MD5 algorithm.  Note that RFC 8573
       deprecates the use of MD5-based authentication.";
    reference
      "RFC 1321: The MD5 Message-Digest Algorithm";
  }

  identity sha-1 {
    if-feature "deprecated";
    base crypto-algorithm;
    description
      "The SHA-1 algorithm."; algorithm";
    reference
      "RFC 3174: US Secure Hash Algorithm 1 (SHA1)";
  }

  identity hmac-sha-1 {
    if-feature "deprecated";
    base crypto-algorithm;
    description
      "HMAC-SHA-1 authentication algorithm."; algorithm";
    reference
      "FIPS 180-4: Secure Hash Standard (SHS)";
  }

  identity hmac-sha1-12 {
    if-feature "deprecated";
    base crypto-algorithm;
    description
      "The HMAC-SHA1-12 algorithm."; algorithm";
  }

  identity hmac-sha-256 {
    description
      "HMAC-SHA-256 authentication algorithm."; algorithm";
    reference
      "FIPS 180-4: Secure Hash Standard (SHS)";
  }

  identity hmac-sha-384 {
    description
      "HMAC-SHA-384 authentication algorithm."; algorithm";
    reference
      "FIPS 180-4: Secure Hash Standard (SHS)";
  }

  identity hmac-sha-512 {
    description
      "HMAC-SHA-512 authentication algorithm."; algorithm";
    reference
      "FIPS 180-4: Secure Hash Standard (SHS)";
  }

  identity aes-cmac {
    base crypto-algorithm;
    description
      "The AES-CMAC algorithm - -- required by
       RFC 8573 for MAC for the NTP"; NTP.";
    reference
      "RFC 4493: The AES-CMAC Algorithm Algorithm,
       RFC 8573: Message Authentication Code for the Network
       Time Protocol";
  }

  /* Groupings */

  grouping key {
    description
      "The key."; key";
    nacm:default-deny-all;
    choice key-string-style {
      description
        "Key string styles";
      case keystring {
        leaf keystring {
          if-feature "deprecated";
          type string;
          description
            "Key string in ASCII format."; format";
        }
      }
      case hexadecimal {
        if-feature "hex-key-string";
        leaf hexadecimal-string {
          type yang:hex-string;
          description
            "Key in hexadecimal string format.  When compared
             to ASCII, specification in hexadecimal affords
             greater key entropy with the same number of
             internal key-string octets.  Additionally, it
             discourages usage use of well-known words or
             numbers.";
        }
      }
    }
  }

  grouping authentication-key {
    description
      "To define an authentication key for a Network Time
       Protocol (NTP) an NTP
       time source.";
    leaf key-id {
      type uint32 {
        range "1..max";
      }
      description
        "Authentication key identifier."; identifier";
    }
    leaf algorithm {
      type identityref {
        base crypto-algorithm;
      }
      description
        "Authentication algorithm.  Note that RFC 8573
         deprecates the use of MD5-based authentication
         and recommends AES-CMAC.";
    }
    container key {
      uses key;
      description
        "The key.  Note that RFC 8573 deprecates the use
         of MD5-based authentication.";
    }
    leaf istrusted {
      type boolean;
      description
        "Key-id is trusted or not";
    }
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification, Section Sections 7.3 and 7.4";
  }

  grouping authentication {
    description
      "Authentication.";
      "Authentication";
    choice authentication-type {
      description
        "Type of authentication."; authentication";
      case symmetric-key {
        leaf key-id {
          type leafref {
            path "/ntp:ntp/ntp:authentication/"
               + "ntp:authentication-keys/ntp:key-id";
          }
          description
            "Authentication key id referenced in this
             association.";
        }
      }
    }
  }

  grouping statistics {
    description
      "NTP packet statistic."; statistic";
    leaf discontinuity-time {
      type ntp-date-and-time;
      description
        "The time on the most recent occasion at which any one or
         more of this these NTP counters suffered a discontinuity.  If
         no such discontinuities have occurred, then this node
         contains the time the NTP association was
         (re-)initialized.";
    }
    leaf packet-sent {
      type yang:counter32;
      description
        "The total number of NTP packets delivered to the
         transport service by this NTP entity for this
         association.
         Discontinuities in the value of this counter can occur
         upon cold start or reinitialization of the NTP entity, the
         management system and at other times.";
    }
    leaf packet-sent-fail {
      type yang:counter32;
      description
        "The number of times NTP packets packet sending failed.";
    }
    leaf packet-received {
      type yang:counter32;
      description
        "The total number of NTP packets delivered to the
         NTP entity from this association.
         Discontinuities in the value of this counter can occur
         upon cold start or reinitialization of the NTP entity, the
         management system and at other times.";
    }
    leaf packet-dropped {
      type yang:counter32;
      description
        "The total number of NTP packets that were delivered
         to this NTP entity from this association and that this
         entity was not able to process due to an NTP protocol error.
         Discontinuities in the value of this counter can occur
         upon cold start or reinitialization of the NTP entity, entity or the
         management system and at other times.";
    }
  }

  grouping common-attributes {
    description
      "NTP common attributes for configuration."; configuration";
    leaf minpoll {
      type log2seconds;
      default "6";
      description
        "The minimum poll interval used in this association."; association";
      reference
        "RFC 5905: Network Time Protocol Version 4: Protocol and
         Algorithms Specification, Section 7.2";
    }
    leaf maxpoll {
      type log2seconds;
      default "10";
      description
        "The maximum poll interval used in this association."; association";
      reference
        "RFC 5905: Network Time Protocol Version 4: Protocol and
         Algorithms Specification, Section 7.2";
    }
    leaf port {
      if-feature "ntp-port";
      type inet:port-number {
        range "123 | 1024..max";
      }
      default "123";
      description
        "Specify the port used to send NTP packets.";
      reference
        "RFC 5905: Network Time Protocol Version 4: Protocol and
         Algorithms Specification, Section 7.2";
    }
    leaf version {
      type ntp-version;
      description
        "NTP version."; version";
    }
    reference
      "RFC 5905: Network Time Protocol Version 4: Protocol and
       Algorithms Specification";
  }

  grouping association-ref {
    description
      "Reference to NTP association mode";
    leaf associations-address {
      type leafref {
        path "/ntp:ntp/ntp:associations/ntp:association"
           + "/ntp:address";
      }
      description
        "Indicates the association's address
         which result
         that results in clock synchronization.";
    }
    leaf associations-local-mode {
      type leafref {
        path "/ntp:ntp/ntp:associations/ntp:association"
           + "/ntp:local-mode";
      }
      description
        "Indicates the association's local-mode
         which result
         that results in clock synchronization.";
    }
    leaf associations-isconfigured {
      type leafref {
        path "/ntp:ntp/ntp:associations/ntp:association/"
           + "ntp:isconfigured";
      }
      description
        "Indicates if the association (that resulted in the
         clock synchronization) is explicitly configured.";
    }
  }

  container ntp {
    when 'false() = boolean(/sys:system/sys:ntp)' {
      description
        "Applicable when the system /sys/ntp/ is not used.";
    }
    presence "NTP is enabled and system should attempt to
              synchronize the system clock with an NTP server
              from the 'ntp/associations' list.";
    description
      "Configuration parameters for NTP."; NTP";
    leaf port {
      if-feature "ntp-port";
      type inet:port-number {
        range "123 | 1024..max";
      }
      default "123";
      description
        "Specify the port used to send and receive NTP packets.";
      reference
        "RFC 5905: Network Time Protocol Version 4: Protocol and
         Algorithms Specification, Section 7.2";
    }
    container refclock-master {
      presence "NTP master clock is enabled.";
      description
        "Configures the local clock of this device as NTP server.";
      leaf master-stratum {
        type ntp-stratum;
        default "16";
        description
          "Stratum level from which NTP clients get their time
           synchronized.";
      }
    }
    container authentication {
      if-feature "authentication";
      description
        "Configuration of authentication."; authentication";
      leaf auth-enabled {
        type boolean;
        default "false";
        description
          "Controls whether NTP authentication is enabled
           or disabled on this device.";
      }
      list authentication-keys {
        key "key-id";
        uses authentication-key;
        description
          "List of authentication keys."; keys";
      }
    }
    container access-rules {
      if-feature "access-rules";
      description
        "Configuration to control access to NTP service
         by using the NTP access-group feature.
         The access-mode identifies how the ACL is
         applied with NTP.";
      list access-rule {
        key "access-mode";
        description
          "List of access rules."; rules";
        leaf access-mode {
          type identityref {
            base access-mode;
          }
          description
            "The NTP access mode.  Some of the possible value
             includes values
             include peer, server, synchronization, query query,
             etc.";
        }
        leaf acl {
          type leafref {
            path "/acl:acls/acl:acl/acl:name";
          }
          description
            "Control access configuration to be used.";
        }
        reference
          "RFC 5905: Network Time Protocol Version 4: Protocol and
           Algorithms Specification, Section 9.2";
      }
    }
    container clock-state {
      config false;
      description
        "Clock operational state of the NTP."; NTP";
      container system-status {
        description
          "System status of NTP."; NTP";
        leaf clock-state {
          type identityref {
            base clock-state;
          }
          mandatory true;
          description
            "The state of the system clock.  Some of the possible value
             includes
             values include synchronized and unsynchronized"; unsynchronized.";
        }
        leaf clock-stratum {
          type ntp-stratum;
          mandatory true;
          description
            "The NTP entity's own stratum value.  Should be one
             greater than preceeding the preceding level.
             16 if unsyncronized."; unsynchronized.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 3";
        }
        leaf clock-refid {
          type refid;
          mandatory true;
          description
            "A code identifying the particular server or reference
             clock.  The interpretation depends upon stratum.  It
             could be an IPv4 address or address, the first 32 bits of the MD5
             hash of the IPv6 address address, or a string for the Reference
             Identifier and KISS codes.  Some examples:

             -- a refclock ID like '127.127.1.0' for local clock sync

             -- uni/multi/broadcast associations for IPv4 will look
                like '203.0.113.1' and '0x4321FEDC' for IPv6

             -- sync with primary source will look like 'DCN',
                'NIST', 'ATOM'

             -- KISS codes will look like 'AUTH', 'DROP', 'RATE'

             Note that the use of MD5 hash for IPv6 address is not
             for cryptographic purposes "; purposes.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 7.3";
        }
        uses association-ref {
          description
            "Reference to Association."; Association";
        }
        leaf nominal-freq {
          type decimal64 {
            fraction-digits 4;
          }
          units "Hz";
          mandatory true;
          description
            "The nominal frequency of the local clock.  An ideal
             frequency with zero uncertainty.";
        }
        leaf actual-freq {
          type decimal64 {
            fraction-digits 4;
          }
          units "Hz";
          mandatory true;
          description
            "The actual frequency of the local clock."; clock";
        }
        leaf clock-precision {
          type log2seconds;
          mandatory true;
          description
            "Clock precision of this system in signed integer format,
             in log 2 seconds -  (prec=2^(-n)).  A value of 5 would
             mean 2^-5 = 0.03125 seconds = 31.25 ms.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 7.3";
        }
        leaf clock-offset {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "The signed time offset to the current selected reference
             time source source, e.g., '0.032ms' or '1.232ms'.  The negative
             value Indicates indicates that the local clock is behind the
             current selected reference time source.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 9.1";
        }
        leaf root-delay {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "Total delay along the path to the root clock."; clock";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section Sections 4 and 7.3";
        }
        leaf root-dispersion {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "The dispersion between the local clock
             and the root clock, e.g., '6.927ms'.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section Sections 4, 7.3 7.3, and 10."; 10";
        }
        leaf reference-time {
          type ntp-date-and-time;
          description
            "The reference timestamp.  Time when the system clock was
             last set or corrected"; corrected.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 7.3";
        }
        leaf sync-state {
          type identityref {
            base ntp-sync-state;
          }
          mandatory true;
          description
            "The synchronization status of the local clock.  Referred
             to as 'Clock state definitions' in RFC 5905"; 5905.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Appendix A.1.1";
        }
      }
    }
    list unicast-configuration {
      if-feature "unicast-configuration";
      key "address type";
      description
        "List of NTP unicast-configurations."; unicast-configurations";
      leaf address {
        type inet:ip-address;
        description
          "Address of this association."; association";
      }
      leaf type {
        type identityref {
          base unicast-configuration-type;
        }
        description
          "The unicast configuration type, for example example,
           unicast-server";
      }
      container authentication {
        if-feature "authentication";
        description
          "Authentication used for this association."; association";
        uses authentication;
      }
      leaf prefer {
        type boolean;
        default "false";
        description
          "Whether or not this association is preferred or not."; preferred";
      }
      leaf burst {
        type boolean;
        default "false";
        description
          "If set, a series of packets are sent instead of a single
           packet within each synchronization interval to achieve
           faster synchronization.";
        reference
          "RFC 5905: Network Time Protocol Version 4: Protocol
           and Algorithms Specification, Section 13.1";
      }
      leaf iburst {
        type boolean;
        default "false";
        description
          "If set, a series of packets are sent instead of a single
           packet within the initial synchronization interval to
           achieve faster initial synchronization.";
        reference
          "RFC 5905: Network Time Protocol Version 4: Protocol
           and Algorithms Specification, Section 13.1";
      }
      leaf source {
        type if:interface-ref;
        description
          "The interface whose IP address is used by this association
           as the source address.";
      }
      uses common-attributes {
        description
          "Common attributes like port, version, and min and max
           poll.";
      }
    }
    container associations {
      description
        "Association parameters";
      list association {
        key "address local-mode isconfigured";
        config false;
        description
          "List of NTP associations.  Here address, local-mode local-mode,
           and isconfigured are required to uniquely identify
           a particular association. Lets  Let's take the following examples -
           examples:

           1) If RT1 is acting as broadcast server, server
              and RT2 is acting as broadcast client, then RT2
              will form a dynamic association with the address as
              RT1, local-mode as client client, and isconfigured as false.

           2) When RT2 is configured with unicast-server RT1,
              then RT2 will form an association with the address as
              RT1, local-mode as client client, and isconfigured as true.

           Thus

           Thus, all 3 three leaves are needed as key to unique uniquely
           identify the association.";
        leaf address {
          type inet:ip-address;
          description
            "The remote address of this association.  Represents the
             IP address of a unicast/multicast/broadcast address.";
        }
        leaf local-mode {
          type identityref {
            base association-mode;
          }
          description
            "Local mode of this NTP association."; association";
        }
        leaf isconfigured {
          type boolean;
          description
            "Indicates if this association is configured (true) or
             dynamically learned (false).";
        }
        leaf stratum {
          type ntp-stratum;
          description
            "The association stratum value."; value";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 3";
        }
        leaf refid {
          type refid;
          description
            "A code identifying the particular server or reference
             clock.  The interpretation depends upon stratum.  It
             could be an IPv4 address or first 32 bits of the MD5
             hash of the IPv6 address or a string for the Reference
             Identifier and KISS codes.  Some examples:

             -- a refclock ID like '127.127.1.0' for local clock sync

             -- uni/multi/broadcast associations for IPv4 will look
                like '203.0.113.1' and '0x4321FEDC' for IPv6

             -- sync with primary source will look like 'DCN',
                'NIST', or 'ATOM'

             -- KISS codes will look like 'AUTH', 'DROP', or 'RATE'

             Note that the use of an MD5 hash for IPv6 address is
             not for cryptographic purposes"; purposes.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 7.3";
        }
        leaf authentication {
          if-feature "authentication";
          type leafref {
            path "/ntp:ntp/ntp:authentication/"
               + "ntp:authentication-keys/ntp:key-id";
          }
          description
            "Authentication Key used for this association."; association";
        }
        leaf prefer {
          type boolean;
          default "false";
          description
            "Indicates if this association is preferred."; preferred";
        }
        leaf peer-interface {
          type if:interface-ref;
          description
            "The interface which that is used for communication."; communication";
        }
        uses common-attributes {
          description
            "Common attributes like port, version, and min and
             max poll."; poll";
        }
        leaf reach {
          type uint8;
          description
            "It is an
            "An 8-bit shift register that tracks packet
             generation and receipt.  It is used to determine
             whether the server is reachable and the data are
             fresh.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section Sections 9.2 and 13";
        }
        leaf unreach {
          type uint8;
          units "seconds";
          description
            "It is a
            "A count of how long in second the server has been
             unreachable i.e.
             unreachable, i.e., the reach value has been zero.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section Sections 9.2 and 13";
        }
        leaf poll {
          type log2seconds;
          description
            "The polling interval for current association in signed
             log2 seconds.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 7.3";
        }
        leaf now {
          type uint32;
          units "seconds";
          description
            "The time since the last NTP packet was
             received or last synchronized.";
        }
        leaf offset {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "The signed offset between the local clock
             and the peer clock, e.g., '0.032ms' or '1.232ms'.  The
             negative value Indicates indicates that the local clock is behind
             the peer.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 8";
        }
        leaf delay {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "The network delay between the local clock
             and the peer clock."; clock";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 8";
        }
        leaf dispersion {
          type decimal64 {
            fraction-digits 3;
          }
          units "milliseconds";
          description
            "The root dispersion between the local clock
             and the peer clock.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 10";
        }
        leaf originate-time {
          type ntp-date-and-time;
          description
            "This is the local time, in timestamp format,
             when the latest NTP packet was sent to the peer
             (called T1).";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol and
             Algorithms Specification, Section 8";
        }
        leaf receive-time {
          type ntp-date-and-time;
          description
            "This is the local time, in timestamp format,
             when the latest NTP packet arrived at the peer
             (called T2).  If the peer becomes unreachable unreachable,
             the value is set to zero.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 8";
        }
        leaf transmit-time {
          type ntp-date-and-time;
          description
            "This is the local time, in timestamp format,
             at which the NTP packet departed the peer
             (called T3).  If the peer becomes unreachable unreachable,
             the value is set to zero.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 8";
        }
        leaf input-time {
          type ntp-date-and-time;
          description
            "This is the local time, in timestamp format,
             when the latest NTP message from the peer arrived
             (called T4).  If the peer becomes unreachable the unreachable,
             value is set to zero.";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 8";
        }
        container ntp-statistics {
          description
            "Per Peer packet send and receive statistics."; statistics";
          uses statistics {
            description
              "NTP send and receive packet statistics."; statistics";
          }
        }
      }
    }
    container interfaces {
      description
        "Configuration parameters for NTP interfaces."; interfaces";
      list interface {
        key "name";
        description
          "List of interfaces."; interfaces";
        leaf name {
          type if:interface-ref;
          description
            "The interface name."; name";
        }
        container broadcast-server {
          if-feature "broadcast-server";
          presence "NTP broadcast-server is configured on this
                    interface";
                    interface.";
          description
            "Configuration of broadcast server."; server";
          leaf ttl {
            type uint8;
            description
              "Specifies the time to live (TTL) for a
               broadcast packet."; packet";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 3.1";
          }
          container authentication {
            if-feature "authentication";
            description
              "Authentication used on this interface."; interface";
            uses authentication;
          }
          uses common-attributes {
            description
              "Common attributes such as port, version, and min and
               max poll."; poll";
          }
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
        container broadcast-client {
          if-feature "broadcast-client";
          presence "NTP broadcast-client is configured on this
                    interface.";
          description
            "Configuration of broadcast-client."; broadcast-client";
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
        list multicast-server {
          if-feature "multicast-server";
          key "address";
          description
            "Configuration of multicast server."; server";
          leaf address {
            type rt-types:ip-multicast-group-address;
            description
              "The IP address to send NTP multicast packets."; packets";
          }
          leaf ttl {
            type uint8;
            description
              "Specifies the time to live (TTL) TTL for a  multicast packet."; packet";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 3.1";
          }
          container authentication {
            if-feature "authentication";
            description
              "Authentication used on this interface."; interface";
            uses authentication;
          }
          uses common-attributes {
            description
              "Common attributes such as port, version, and min and
               max poll."; poll";
          }
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
        list multicast-client {
          if-feature "multicast-client";
          key "address";
          description
            "Configuration of multicast-client."; a multicast-client";
          leaf address {
            type rt-types:ip-multicast-group-address;
            description
              "The IP address of the multicast group to
               join.";
               join";
          }
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
        list manycast-server {
          if-feature "manycast-server";
          key "address";
          description
            "Configuration of a manycast server."; server";
          leaf address {
            type rt-types:ip-multicast-group-address;
            description
              "The multicast group IP address to receive
               manycast client messages.";
          }
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
        list manycast-client {
          if-feature "manycast-client";
          key "address";
          description
            "Configuration of manycast-client."; manycast-client";
          leaf address {
            type rt-types:ip-multicast-group-address;
            description
              "The group IP address that the manycast client
               broadcasts the request message to."; to";
          }
          container authentication {
            if-feature "authentication";
            description
              "Authentication used on this interface."; interface";
            uses authentication;
          }
          leaf ttl {
            type uint8;
            description
              "Specifies the maximum time to live (TTL) TTL for the expanding
               ring search."; search";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 3.1";
          }
          leaf minclock {
            type uint8;
            description
              "The minimum manycast survivors in this
               association.";
               association";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 13.2";
          }
          leaf maxclock {
            type uint8;
            description
              "The maximum manycast candidates in this
               association.";
               association";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 13.2";
          }
          leaf beacon {
            type log2seconds;
            description
              "The beacon is the upper limit of the poll interval.
               When the
               ttl TTL reaches its limit without finding the
               minimum number of manycast servers, the poll interval
               increases until reaching the beacon value, when it
               starts over from the beginning.";
            reference
              "RFC 5905: Network Time Protocol Version 4: Protocol
               and Algorithms Specification, Section 13.2";
          }
          uses common-attributes {
            description
              "Common attributes like port, version, and min and
               max poll."; poll";
          }
          reference
            "RFC 5905: Network Time Protocol Version 4: Protocol
             and Algorithms Specification, Section 3.1";
        }
      }
    }
    container ntp-statistics {
      config false;
      description
        "Total NTP packet statistics."; statistics";
      uses statistics {
        description
          "NTP send and receive packet statistics."; statistics";
      }
    }
  }

  rpc statistics-reset {
    description
      "Reset statistics collected.";
    input {
      choice association-or-all {
        description
          "Resets statistics for a particular association or
           all";
           all.";
        case association {
          uses association-ref;
          description
            "This resets all the statistics collected for
             the association.";
        }
        case all {
          description
            "This resets all the statistics collected.";
        }
      }
    }
  }
}

<CODE ENDS>]]></artwork>
        </figure></t>

]]></sourcecode>
    </section>
    <section title="Usage Example"> numbered="true" toc="default">
      <name>Usage Example</name>
      <t>This section include examples for illustration purposes.</t>
      <t>Note: '\' indicates line wrapping per <xref target="RFC8792"/>.</t> target="RFC8792" format="default"/>.</t>
      <section title="Unicast association"> numbered="true" toc="default">
        <name>Unicast Association</name>
        <t>This example describes how to configure a preferred unicast server present at 192.0.2.1 running at port 1025 with authentication-key 10 and version 4 (default).</t>
        <t><figure align="center">
          <artwork><![CDATA[
<sourcecode type="xml"><![CDATA[
  <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
    <target>
      <running/>
    </target>
    <config>
      <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
        <unicast-configuration>
          <address>192.0.2.1</address>
          <type>uc-server</type>
          <prefer>true</prefer>
          <port>1025</port>
          <authentication>
            <symmetric-key>
              <key-id>10</key-id>
            </symmetric-key>
          </authentication>
        </unicast-configuration>
      </ntp>
    </config>
  </edit-config>
]]></artwork>
        </figure></t>
]]></sourcecode>
        <t>An example with IPv6 would use an IPv6 address (say 2001:db8::1) in the "address" leaf with no change in any other data tree.</t>
        <t><figure align="center">
          <artwork><![CDATA[

<sourcecode type="xml"><![CDATA[
  <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
    <target>
      <running/>
    </target>
    <config>
      <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
        <unicast-configuration>
          <address>2001:db8::1</address>
          <type>uc-server</type>
          <prefer>true</prefer>
          <port>1025</port>
          <authentication>
            <symmetric-key>
              <key-id>10</key-id>
            </symmetric-key>
          </authentication>
        </unicast-configuration>
      </ntp>
    </config>
  </edit-config>
]]></artwork>
        </figure></t>
]]></sourcecode>
        <t>This example is for retrieving unicast configurations - configurations: </t>
        <t><figure align="center">
          <artwork><![CDATA[
<sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <unicast-configuration>
      </unicast-configuration>
  </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <unicast-configuration>
      <address>192.0.2.1</address>
      <type>uc-server</type>
        <authentication>
          <symmetric-key>
            <key-id>10</key-id>
          </symmetric-key>
        </authentication>
      <prefer>true</prefer>
      <burst>false</burst>
      <iburst>true</iburst>
      <source/>
      <minpoll>6</minpoll>
      <maxpoll>10</maxpoll>
      <port>1025</port>
      <stratum>9</stratum>
      <refid>203.0.113.1</refid>
      <reach>255</reach>
      <unreach>0</unreach>
      <poll>128</poll>
      <now>10</now>
      <offset>0.025</offset>
      <delay>0.5</delay>
      <dispersion>0.6</dispersion>
      <originate-time>10-10-2017 07:33:55.253 Z+05:30\
      </originate-time>
      <receive-time>10-10-2017 07:33:55.258 Z+05:30\
      </receive-time>
      <transmit-time>10-10-2017 07:33:55.300 Z+05:30\
      </transmit-time>
      <input-time>10-10-2017 07:33:55.305 Z+05:30\
      </input-time>
      <ntp-statistics>
        <packet-sent>20</packet-sent>
        <packet-sent-fail>0</packet-sent-fail>
        <packet-received>20</packet-received>
        <packet-dropped>0</packet-dropped>
      </ntp-statistics>
    </unicast-configuration>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Refclock master"> numbered="true" toc="default">
        <name>Refclock Master</name>
        <t>This example describes how to configure reference clock with stratum 8 - </t>
        <t><figure align="center">
          <artwork><![CDATA[ 8:</t>
<sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <refclock-master>
        <master-stratum>8</master-stratum>
      </refclock-master>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
<t>This example describes how to get reference clock configuration - configuration: </t>
        <t><figure align="center">
          <artwork><![CDATA[
<sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <refclock-master>
      </refclock-master>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <refclock-master>
      <master-stratum>8</master-stratum>
    </refclock-master>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Authentication configuration"> numbered="true" toc="default">
        <name>Authentication Configuration</name>
        <t>This example describes how to enable authentication and configure trusted authentication key 10 with mode as AES-CMAC and an a hexadecimal string key - </t>
        <t><figure align="center">
          <artwork><![CDATA[ key:</t>

<sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <authentication>
        <auth-enabled>true</auth-enabled>
        <authentication-keys>
          <key-id>10</key-id>
          <algorithm>aes-cmac</algorithm>
          <key>
            <hexadecimal-string>
              bb1d6929e95937287fa37d129b756746
            </hexadecimal-string>
          </key>
          <istrusted>true</istrusted>
        </authentication-keys>
      </authentication>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
]]></sourcecode>

<!--[rfced] Please review comments left by authors in the XML and let
us know if any further action is necessary or if these comments may be
deleted.-->

        <!--
        <t>This example describes how to get authentication related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <authentication>
      </authentication>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <authentication>
      <auth-enabled>false</auth-enabled>
      <trusted-keys/>
      <authentication-keys>
        <key-id>10</key-id>
        <algorithm>aes-cmac</algorithm>
          <key>
            <hexadecimal-string>
              bb1d6929e95937287fa37d129b756746
            </hexadecimal-string>
          </key>
        <istrusted>true</istrusted>
      </authentication-keys>
    </authentication>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
      -->
      </section>
      <section title="Access configuration"> numbered="true" toc="default">
        <name>Access Configuration</name>
        <t>This example describes how to configure access mode "peer" associated with ACL 2000 - </t>
        <t><figure align="center">
          <artwork><![CDATA[ 2000:</t>

<sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <access-rules>
        <access-rule>
          <access-mode>peer-access-mode</access-mode>
          <acl>2000</acl>
        </access-rule>
      </access-rules>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
        <t>This example describes how to get access related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[ access-related configuration:</t>

<sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <access-rules>
      </access-rules>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <access-rules>
      <access-rule>
        <access-mode>peer-access-mode</access-mode>
        <acl>2000</acl>
      </access-rule>
    </access-rules>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Multicast configuration"> numbered="true" toc="default">
        <name>Multicast Configuration</name>
        <t>This example describes how to configure a multicast-server with an address as of "224.0.1.1", port as of 1025, and version as 3 of 3, and authentication keyid as 10 - </t>
        <t><figure align="center">
          <artwork><![CDATA[ of 10.</t>
<sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <name>Ethernet3/0/0</name>
          <multicast-server>
            <address>224.0.1.1</address>
            <authentication>
              <symmetric-key>
                <key-id>10</key-id>
              </symmetric-key>
            </authentication>
            <port>1025</port>
            <version>3</version>
          </multicast-server>
        </interface>
      </interfaces>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
        <t>This example describes how to get multicast-server related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[ multicast-server-related configuration:</t>
       <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <multicast-server>
          </multicast-server>
        </interface>
      </interfaces>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <interfaces>
      <interface>
        <name>Ethernet3/0/0</name>
        <multicast-server>
          <address>224.0.1.1</address>
          <ttl>8</ttl>
          <authentication>
            <symmetric-key>
              <key-id>10</key-id>
            </symmetric-key>
          </authentication>
          <minpoll>6</minpoll>
          <maxpoll>10</maxpoll>
          <port>1025</port>
          <version>3</version>
        </multicast-server>
      </interface>
    </interfaces>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
       <t>This example describes how to configure a multicast-client with an address as "224.0.1.1" - </t>
        <t><figure align="center">
          <artwork><![CDATA[ of "224.0.1.1":</t>
       <sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <name>Ethernet3/0/0</name>
          <multicast-client>
            <address>224.0.1.1</address>
          </multicast-client>
        </interface>
      </interfaces>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
       <t>This example describes how to get multicast-client related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[ multicast-client-related configuration:</t>
       <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <multicast-client>
          </multicast-client>
        </interface>
      </interfaces>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <interfaces>
      <interface>
        <name>Ethernet3/0/0</name>
        <multicast-client>
          <address>224.0.1.1</address>
        </multicast-client>
      </interface>
    </interfaces>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Manycast configuration"> numbered="true" toc="default">
        <name>Manycast Configuration</name>
        <t>This example describes how to configure a manycast-client with an address as of "224.0.1.1", port as 1025 of 1025, and authentication keyid as 10 - </t>
        <t><figure align="center">
          <artwork><![CDATA[ of 10:</t>

<sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <name>Ethernet3/0/0</name>
          <manycast-client>
            <address>224.0.1.1</address>
            <authentication>
              <symmetric-key>
                <key-id>10</key-id>
              </symmetric-key>
            </authentication>
            <port>1025</port>
          </manycast-client>
        </interface>
      </interfaces>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
        <t>This example describes how to get manycast-client related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[ manycast-client-related configuration:</t>

<sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <manycast-client>
          </manycast-client>
        </interface>
      </interfaces>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <interfaces>
      <interface>
        <name>Ethernet3/0/0</name>
        <manycast-client>
          <address>224.0.1.1</address>
          <authentication>
            <symmetric-key>
              <key-id>10</key-id>
            </symmetric-key>
          </authentication>
          <ttl>8</ttl>
          <minclock>3</minclock>
          <maxclock>10</maxclock>
          <beacon>6</beacon>
          <minpoll>6</minpoll>
          <maxpoll>10</maxpoll>
          <port>1025</port>
        </manycast-client>
      </interface>
    </interfaces>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
        <t>This example describes how to configure a manycast-server with an address as "224.0.1.1" - </t>
        <t><figure align="center">
          <artwork><![CDATA[ of "224.0.1.1":</t>
      <sourcecode type="xml"><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <target>
    <running/>
  </target>
  <config>
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <name>Ethernet3/0/0</name>
          <manycast-server>
            <address>224.0.1.1</address>
          </manycast-server>
        </interface>
      </interfaces>
    </ntp>
  </config>
</edit-config>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
        <t>This example describes how to get manycast-server related configuration - </t>
        <t><figure align="center">
          <artwork><![CDATA[ manycast-server-related configuration:</t>
      <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <interfaces>
        <interface>
          <manycast-server>
          </manycast-server>
        </interface>
      </interfaces>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <interfaces>
      <interface>
        <name>Ethernet3/0/0</name>
        <manycast-server>
          <address>224.0.1.1</address>
        </manycast-server>
      </interface>
    </interfaces>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Clock state">
        <t>This numbered="true" toc="default">
        <name>Clock State</name>
<!--[rfced] Please review the use of "clock current state" in the
following text:

Original:
   This example describes how to get clock current state - </t>
        <t><figure align="center">
          <artwork><![CDATA[

Perhaps:
   This example describes how to get current clock state -
-->

        <t>This example describes how to get clock current state:</t>
  <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <clock-state>
      </clock-state>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <clock-state>
      <system-status>
        <clock-state>synchronized</clock-state>
        <clock-stratum>7</clock-stratum>
        <clock-refid>192.0.2.1</clock-refid>
        <associations-address>192.0.2.1\
        </associations-address>
        <associations-local-mode>client\
        </associations-local-mode>
        <associations-isconfigured>yes\
        </associations-isconfigured>
        <nominal-freq>100.0</nominal-freq>
        <actual-freq>100.0</actual-freq>
        <clock-precision>18</clock-precision>
        <clock-offset>0.025</clock-offset>
        <root-delay>0.5</root-delay>
        <root-dispersion>0.8</root-dispersion>
        <reference-time>10-10-2017 07:33:55.258 Z+05:30\
        </reference-time>
        <sync-state>clock-synchronized</sync-state>
      </system-status>
    </clock-state>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Get all association"> numbered="true" toc="default">
        <name>Get All Association</name>
        <t>This example describes how to get all association associations present in the system - </t>
        <t><figure align="center">
          <artwork><![CDATA[ system:</t>
        <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <associations>
      </associations>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <associations>
      <association>
        <address>192.0.2.1</address>
        <stratum>9</stratum>
        <refid>203.0.113.1</refid>
        <local-mode>client</local-mode>
        <isconfigured>true</isconfigured>
        <authentication-key>10</authentication-key>
        <prefer>true</prefer>
        <peer-interface>Ethernet3/0/0</peer-interface>
        <minpoll>6</minpoll>
        <maxpoll>10</maxpoll>
        <port>1025</port>
        <version>4</version>
        <reach>255</reach>
        <unreach>0</unreach>
        <poll>128</poll>
        <now>10</now>
        <offset>0.025</offset>
        <delay>0.5</delay>
        <dispersion>0.6</dispersion>
        <originate-time>10-10-2017 07:33:55.253 Z+05:30\
        </originate-time>
        <receive-time>10-10-2017 07:33:55.258 Z+05:30\
        </receive-time>
        <transmit-time>10-10-2017 07:33:55.300 Z+05:30\
        </transmit-time>
        <input-time>10-10-2017 07:33:55.305 Z+05:30\
        </input-time>
        <ntp-statistics>
          <packet-sent>20</packet-sent>
          <packet-sent-fail>0</packet-sent-fail>
          <packet-received>20</packet-received>
          <packet-dropped>0</packet-dropped>
        </ntp-statistics>
      </association>
    </associations>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
      <section title="Global statistic"> numbered="true" toc="default">
        <name>Global Statistic</name>
        <t>This example describes how to get global statistics - </t>
        <t><figure align="center">
          <artwork><![CDATA[ statistics:</t>
     <sourcecode type="xml"><![CDATA[
<get>
  <filter type="subtree">
    <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
      <ntp-statistics>
      </ntp-statistics>
    </ntp>
  </filter>
</get>

<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
  <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
    <ntp-statistics>
      <packet-sent>30</packet-sent>
      <packet-sent-fail>5</packet-sent-fail>
      <packet-received>20</packet-received>
      <packet-dropped>2</packet-dropped>
    </ntp-statistics>
  </ntp>
</data>
          ]]></artwork>
        </figure></t>
          ]]></sourcecode>
      </section>
    </section>
    <section anchor="IANA" title="IANA Considerations"> numbered="true" toc="default">
      <name>IANA Considerations</name>
      <section title="IETF numbered="true" toc="default">
        <name>IETF XML Registry"> Registry</name>
        <t>This document registers a URI in the "IETF XML Registry" <xref target="RFC3688"/>. target="RFC3688" format="default"/>. Following the format in RFC 3688, the following
	registration has been made.</t>

      <t>URI: urn:ietf:params:xml:ns:yang:ietf-ntp</t>

      <t>Registrant Contact: The IESG.</t>

      <t>XML: N/A;
	<dl spacing="normal">
        <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd>
        <dt>Registrant Contact:</dt><dd>The IESG.</dd>
        <dt>XML:</dt><dd>N/A; the requested URI is an XML namespace.</t> namespace.</dd>
      </dl>
      </section>
      <section title="YANG numbered="true" toc="default">
        <name>YANG Module Names"> Names</name>
        <t>This document registers a YANG module in the "YANG Module Names"
      registry <xref target="RFC6020"/>.</t>

      <t>Name: ietf-ntp</t>

      <t>Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp</t>

      <t>Prefix: ntp</t>

      <t>Reference: RFC XXXX</t>

      <t>Note: The RFC Editor will replace XXXX with the number assigned
  to this document once it becomes an RFC.</t> target="RFC6020" format="default"/>.</t>
      <dl spacing="normal">
	<dt>Name:</dt><dd>ietf-ntp</dd>
        <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd>
        <dt>Prefix:</dt><dd>ntp</dd>
        <dt>Reference:</dt><dd>RFC 9249</dd>
      </dl>
      </section>
    </section>
    <section anchor="Security" title="Security Considerations"> numbered="true" toc="default">
      <name>Security Considerations</name>
 <!--DNE Begins-->
      <t>The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF <xref target="RFC6241"/> target="RFC6241" format="default"/> or RESTCONF <xref target="RFC8040"/>. target="RFC8040" format="default"/>. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) <xref target="RFC6242"/>. target="RFC6242" format="default"/>. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS <xref target="RFC8446"/>.</t> target="RFC8446" format="default"/>.</t>
      <t>The NETCONF Network Configuration Access Control Model (NACM) <xref target="RFC8341"/> target="RFC8341" format="default"/> provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.
 <!--DNE Ends-->
      The 'nacm:default-deny-all' is used to prevent retrieval of the key information. </t>
 <!--DNE Begins-->
      <t>There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
<list>
<t>/ntp/port - This
      </t>
       <!--DNE Ends-->
      <dl spacing="normal">
        <dt>/ntp/port:</dt><dd>This data node specify specifies the port number to be used to send NTP packets. Unexpected changes could lead to disruption and/or network misbehavior.</t>
<t>/ntp/authentication misbehavior.</dd>
        <dt>/ntp/authentication and /ntp/access-rules - The /ntp/access-rules:</dt><dd>The entries in the list include the authentication and access control configurations. Care should be taken while setting these parameters.</t>
<t>/ntp/unicast-configuration - The parameters.</dd>
        <dt>/ntp/unicast-configuration:</dt><dd>The entries in the list include all unicast configurations (server or peer mode), mode) and indirectly creates or modify modifies the NTP
associations. Unexpected changes could lead to disruption and/or network misbehavior.</t>
<t>/ntp/interfaces/interface - The misbehavior.</dd>
        <dt>/ntp/interfaces/interface:</dt><dd>The entries in the list include all per-interface configurations related to broadcast, multicast multicast, and manycast mode, and indirectly creates or modify modifies the NTP
associations. Unexpected changes could lead to disruption and/or network misbehavior. It could also lead to syncronization synchronization over an untrusted source over trusted ones.</t>
</list></t> ones.</dd>
      </dl>
<!--DNE Begins-->
      <t>Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
<list>
  <t>/ntp/authentication/authentication-keys - The
      </t>
<!--DNE Ends-->
      <dl  spacing="normal">
        <dt>/ntp/authentication/authentication-keys:</dt><dd>The entries in the list includes include all the NTP authentication keys. Unauthorized access to the keys can be easily exploited to permit unauthorized access to the NTP service. This information is sensitive and thus sensitive; thus, unauthorized access to this needs to be curtailed. </t>
  <t>/ntp/associations/association/ - The </dd>
        <dt>/ntp/associations/association/:</dt><dd>The entries in the list includes include all active NTP associations of all modes. Exposure of these nodes
could reveal network topology or trust relationship. relationships. Unauthorized access to this also needs to be curtailed. </t>
<t>/ntp/authentication </dd>
        <dt>/ntp/authentication and /ntp/access-rules - The /ntp/access-rules:</dt><dd>The entries in the list include the authentication and access control configurations. Exposure of these nodes
could reveal network topology or trust relationship.</t>
</list>
</t> relationships.</dd>
      </dl>
 <!--DNE Begins-->
 <t>Some of the RPC operations in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control access to these operations. These are the operations and their sensitivity/vulnerability:
  <list>
    <t>statistics-reset - The
 <!--DNE Ends-->
      </t>
      <dl spacing="normal">
        <dt>statistics-reset:</dt><dd>The RPC is used to reset statistics. Unauthorized reset could impact monitoring.</t>
  </list>
</t> monitoring.</dd>
      </dl>
      <t>The leaf /ntp/authentication/authentication-keys/algorithm can be set to cryptographic algorithms that are no longer considered to be secure. As per <xref target="RFC8573"/>, target="RFC8573" format="default"/>, AES-CMAC is the recommended algorithm. </t>
    </section>

    <section title="Acknowledgments">
      <t>The authors would like to express their thanks to Sladjana Zoric,
      Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice Angermann, Watson Ladd, and Rich Salz for their
      review and suggestions.</t>
      <t>Thanks to Andy Bierman for
  </middle>
  <back>
    <references>
      <name>References</name>
      <references>
        <name>Normative References</name>
<!--[rfced] FYI - we have moved several references from the YANG doctor review.</t>
      <t>Thanks
"Informative References" section to Dieter Sibold for being the document shepherd and Erik Kline for being the responsible AD.</t>
      <t>Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens for GENART review.</t>
      <t>A special thanks to Tom Petch for a very detailed YANG review and providing great suggestions for improvements.</t>
      <t>Thanks for "Normative References"
section per the IESG review from Benjamin Kaduk, Francesca Palombini, Eric Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and Zaheduzzaman Sarker.</t>
    </section>
  </middle>

  <back>
    <references title="Normative References">

      <?rfc include="reference.RFC.2119"?>
      <?rfc include="reference.RFC.3688"?>

      <?rfc include="reference.RFC.5905"?>

      <?rfc include="reference.RFC.6020"?>

      <?rfc include="reference.RFC.6991"?>
      <?rfc include="reference.RFC.7317"?>
      <?rfc include="reference.RFC.7950"?>

      <?rfc include="reference.RFC.8174"?> guidance at
https://trac.ietf.org/trac/ops/wiki/yang-security-guidelines.
-->

        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5905.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/>
	<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6991.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7317.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
        <!--<?rfc include="reference.RFC.8177"?>-->
      <?rfc include="reference.RFC.8294"?>

      <?rfc include="reference.RFC.8340"?>
      <?rfc include="reference.RFC.8341"?>
      <?rfc include="reference.RFC.8343"?>
      <?rfc include="reference.RFC.8446"?>
      <?rfc include="reference.RFC.8519"?>
      <?rfc include="reference.RFC.8573"?>
      <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8294.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8343.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8519.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8573.xml"/>
      </references>

    <references title="Informative References">
      <?rfc include="reference.RFC.1305"?>
      <?rfc include="reference.RFC.1321"?>
      <?rfc include="reference.RFC.3174"?>
      <?rfc include="reference.RFC.4493"?>
      <?rfc include="reference.RFC.5907"?>
      <?rfc include="reference.RFC.6241"?>
      <?rfc include="reference.RFC.6242"?>
      <?rfc include="reference.RFC.8040"?>
      <?rfc include="reference.RFC.8342"?>
      <?rfc include="reference.RFC.8792"?>
      <references>
        <name>Informative References</name>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1305.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1321.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3174.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4493.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5907.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"/>
        <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8792.xml"/>

<!--[rfced] May we update the [SHS] reference entry to match what was
used in RFC 9216 (2015 version instead of 2012)?

Currently:
   [SHS]      NIST, "Secure Hash Standard (SHS)", FIPS PUB 180-4, March
              2012, <https://nvlpubs.nist.gov/nistpubs/fips/
              nist.fips.180-4.pdf>.
RFC 9216:
   [SHA]      National Institute of Standards and Technology (NIST),
              "Secure Hash Standard (SHS)", FIPS PUB 180-4,
              DOI 10.6028/NIST.FIPS.180-4, August 2015,
              <https://doi.org/10.6028/NIST.FIPS.180-4>.
-->

        <reference anchor="SHS" target="https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.180-4.pdf">
          <front>
            <title>Secure Hash Standard (SHS)</title>
            <author initials="" surname="" fullname="">
              <organization>NIST</organization>
            </author>
            <date month="March" year="2012" /> year="2012"/>
          </front>
          <seriesInfo name="FIPS PUB" value="180-4" /> value="180-4"/>
        </reference>
      </references>
    </references>
    <section title="Full anchor="full" numbered="true" toc="default">
      <name>Full YANG Tree" anchor="full"> Tree</name>
      <t>The full tree for the ietf-ntp YANG data model is - as follows. </t>
        <t><figure align="center">
          <artwork><![CDATA[
     <sourcecode type="yangtree"><![CDATA[
module: ietf-ntp
  +--rw ntp!
     +--rw port?                    inet:port-number {ntp-port}?
     +--rw refclock-master!
     |  +--rw master-stratum?   ntp-stratum
     +--rw authentication {authentication}?
     |  +--rw auth-enabled?          boolean
     |  +--rw authentication-keys* [key-id]
     |     +--rw key-id       uint32
     |     +--rw algorithm?   identityref
     |     +--rw key
     |     |  +--rw (key-string-style)?
     |     |     +--:(keystring)
     |     |     |  +--rw keystring?            string {deprecated}?
     |     |     +--:(hexadecimal) {hex-key-string}?
     |     |        +--rw hexadecimal-string?   yang:hex-string
     |     +--rw istrusted?   boolean
     +--rw access-rules {access-rules}?
     |  +--rw access-rule* [access-mode]
     |     +--rw access-mode    identityref
     |     +--rw acl?           -> /acl:acls/acl/name
     +--ro clock-state
     |  +--ro system-status
     |     +--ro clock-state                  identityref
     |     +--ro clock-stratum                ntp-stratum
     |     +--ro clock-refid                  refid
     |     +--ro associations-address?
     |     |       -> /ntp/associations/association/address
     |     +--ro associations-local-mode?
     |     |       -> /ntp/associations/association/local-mode
     |     +--ro associations-isconfigured?
     |     |       -> /ntp/associations/association/isconfigured
     |     +--ro nominal-freq                 decimal64
     |     +--ro actual-freq                  decimal64
     |     +--ro clock-precision              log2seconds
     |     +--ro clock-offset?                decimal64
     |     +--ro root-delay?                  decimal64
     |     +--ro root-dispersion?             decimal64
     |     +--ro reference-time?              ntp-date-and-time
     |     +--ro sync-state                   identityref
     +--rw unicast-configuration* [address type]
     |       {unicast-configuration}?
     |  +--rw address           inet:ip-address
     |  +--rw type              identityref
     |  +--rw authentication {authentication}?
     |  |  +--rw (authentication-type)?
     |  |     +--:(symmetric-key)
     |  |        +--rw key-id?   leafref
     |  +--rw prefer?           boolean
     |  +--rw burst?            boolean
     |  +--rw iburst?           boolean
     |  +--rw source?           if:interface-ref
     |  +--rw minpoll?          log2seconds
     |  +--rw maxpoll?          log2seconds
     |  +--rw port?             inet:port-number {ntp-port}?
     |  +--rw version?          ntp-version
     +--rw associations
     |  +--ro association* [address local-mode isconfigured]
     |     +--ro address           inet:ip-address
     |     +--ro local-mode        identityref
     |     +--ro isconfigured      boolean
     |     +--ro stratum?          ntp-stratum
     |     +--ro refid?            refid
     |     +--ro authentication?
     |     |       -> /ntp/authentication/authentication-keys/key-id
     |     |       {authentication}?
     |     +--ro prefer?           boolean
     |     +--ro peer-interface?   if:interface-ref
     |     +--ro minpoll?          log2seconds
     |     +--ro maxpoll?          log2seconds
     |     +--ro port?             inet:port-number {ntp-port}?
     |     +--ro version?          ntp-version
     |     +--ro reach?            uint8
     |     +--ro unreach?          uint8
     |     +--ro poll?             log2seconds
     |     +--ro now?              uint32
     |     +--ro offset?           decimal64
     |     +--ro delay?            decimal64
     |     +--ro dispersion?       decimal64
     |     +--ro originate-time?   ntp-date-and-time
     |     +--ro receive-time?     ntp-date-and-time
     |     +--ro transmit-time?    ntp-date-and-time
     |     +--ro input-time?       ntp-date-and-time
     |     +--ro ntp-statistics
     |        +--ro discontinuity-time?   ntp-date-and-time
     |        +--ro packet-sent?          yang:counter32
     |        +--ro packet-sent-fail?     yang:counter32
     |        +--ro packet-received?      yang:counter32
     |        +--ro packet-dropped?       yang:counter32
     +--rw interfaces
     |  +--rw interface* [name]
     |     +--rw name                if:interface-ref
     |     +--rw broadcast-server! {broadcast-server}?
     |     |  +--rw ttl?              uint8
     |     |  +--rw authentication {authentication}?
     |     |  |  +--rw (authentication-type)?
     |     |  |     +--:(symmetric-key)
     |     |  |        +--rw key-id?   leafref
     |     |  +--rw minpoll?          log2seconds
     |     |  +--rw maxpoll?          log2seconds
     |     |  +--rw port?             inet:port-number {ntp-port}?
     |     |  +--rw version?          ntp-version
     |     +--rw broadcast-client! {broadcast-client}?
     |     +--rw multicast-server* [address] {multicast-server}?
     |     |  +--rw address
     |     |  |       rt-types:ip-multicast-group-address
     |     |  +--rw ttl?              uint8
     |     |  +--rw authentication {authentication}?
     |     |  |  +--rw (authentication-type)?
     |     |  |     +--:(symmetric-key)
     |     |  |        +--rw key-id?   leafref
     |     |  +--rw minpoll?          log2seconds
     |     |  +--rw maxpoll?          log2seconds
     |     |  +--rw port?             inet:port-number {ntp-port}?
     |     |  +--rw version?          ntp-version
     |     +--rw multicast-client* [address] {multicast-client}?
     |     |  +--rw address    rt-types:ip-multicast-group-address
     |     +--rw manycast-server* [address] {manycast-server}?
     |     |  +--rw address    rt-types:ip-multicast-group-address
     |     +--rw manycast-client* [address] {manycast-client}?
     |        +--rw address
     |        |       rt-types:ip-multicast-group-address
     |        +--rw authentication {authentication}?
     |        |  +--rw (authentication-type)?
     |        |     +--:(symmetric-key)
     |        |        +--rw key-id?   leafref
     |        +--rw ttl?              uint8
     |        +--rw minclock?         uint8
     |        +--rw maxclock?         uint8
     |        +--rw beacon?           log2seconds
     |        +--rw minpoll?          log2seconds
     |        +--rw maxpoll?          log2seconds
     |        +--rw port?             inet:port-number {ntp-port}?
     |        +--rw version?          ntp-version
     +--ro ntp-statistics
        +--ro discontinuity-time?   ntp-date-and-time
        +--ro packet-sent?          yang:counter32
        +--ro packet-sent-fail?     yang:counter32
        +--ro packet-received?      yang:counter32
        +--ro packet-dropped?       yang:counter32

  rpcs:
    +---x statistics-reset
       +---w input
          +---w (association-or-all)?
             +--:(association)
             |  +---w associations-address?
             |  |       -> /ntp/associations/association/address
             |  +---w associations-local-mode?
             |  |       -> /ntp/associations/association/local-mode
             |  +---w associations-isconfigured?
             |          -> /ntp/associations/association/isconfigured
             +--:(all)

          ]]></artwork>
        </figure></t>

          ]]></sourcecode>
   </section>

    <section numbered="false" toc="default">
      <name>Acknowledgments</name>
      <t>The authors would like to express their thanks to <contact fullname=" Sladjana Zoric"/>,
      <contact fullname="Danny Mayer"/>,  <contact fullname="Harlan Stenn"/>,  <contact fullname="Ulrich Windl"/>,  <contact fullname="Miroslav Lichvar"/>,  <contact fullname="Maurice Angermann"/>,  <contact fullname="Watson Ladd"/>, and  <contact fullname="Rich Salz"/> for their
      review and suggestions.</t>
      <t>Thanks to  <contact fullname="Andy Bierman"/> for the YANG doctor review.</t>
      <t>Thanks to  <contact fullname="Dieter Sibold"/> for being the Document Shepherd and  <contact fullname="Erik Kline"/> for being the Responsible AD.</t>
      <t>Thanks to  <contact fullname="Takeshi Takahashi"/> for SECDIR review. Thanks to  <contact fullname="Tim Evens"/> for GENART review.</t>
      <t>A special thanks to  <contact fullname="Tom Petch"/> for a very detailed YANG review and providing great suggestions for improvements.</t>
      <t>Thanks for the IESG review from  <contact fullname="Benjamin Kaduk"/>,  <contact fullname="Francesca Palombini"/>,  <contact fullname="Eric Vyncke"/>,  <contact fullname="Murray Kucherawy"/>,  <contact fullname="Robert Wilton"/>,  <contact fullname="Roman Danyliw"/>, and  <contact fullname="Zaheduzzaman Sarker"/>.</t>
    </section>

<!-- [rfced] Throughout the text, we had the following questions about terminology.  Please review and let us know how you would like to proceed.

a) How may we expand "KISS"? We note that RFC 5905 uses lowercase
"kiss code".

Original:
It could be an IPv4 address or first 32 bits of the MD5 hash of the
IPv6 address or a string for the Reference Identifier and KISS codes.

b) The following terms appear to be used inconsistently.  Please review and let us know if/how these terms should be made uniform.

key-id vs. key id vs. keyid
access-mode vs. access mode
local-mode vs. local mode
Authentication Key vs. authentication key
Association vs. association

c) We see variations in hyphenation in the following related terms.

unicast server vs. unicast-server

(see also broadcast and multicast forms as well as client, for example
multicast client vs. multicast-client)
-->
  </back>
</rfc>

mirror server hosted at Truenetwork, Russian Federation.