<?xml version="1.0"encoding="windows-1252"?>encoding="UTF-8"?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"> <?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?>[ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="std" consensus="true" docName="draft-ietf-ntp-yang-data-model-17"ipr="trust200902">number="9249" ipr="trust200902" obsoletes="" updates="" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <front> <title abbrev="YANG for NTP">A YANG Data Model for NTP</title> <seriesInfo name="RFC" value="9249"/> <author fullname="Nan Wu" initials="N." surname="Wu"> <organization>Huawei</organization> <address> <postal> <street>Huawei Bld., No.156 Beiqing Rd.</street> <city>Beijing</city> <code>100095</code> <country>China</country> </postal> <email>eric.wu@huawei.com</email> </address> </author> <author fullname="Dhruv Dhody" initials="D." surname="Dhody" role="editor"> <organization>Huawei</organization> <address> <postal> <street>Divyashree Techno Park, Whitefield</street> <city>Bangalore</city> <region>Kanataka</region> <code>560066</code> <country>India</country> </postal> <email>dhruv.ietf@gmail.com</email> </address> </author> <author fullname="AnkitkumarKumar Sinha" initials="A." surname="Sinha" role="editor"> <organization>RtBrick Inc.</organization> <address> <postal> <street/> <city>Bangalore</city> <region>Kanataka</region> <code/> <country>India</country> </postal> <email>ankit.ietf@gmail.com</email> </address> </author> <author fullname="Anil Kumar S N" initials="A." surname="Kumar S N"> <organization>RtBrick Inc.</organization> <address> <postal> <street/> <city>Bangalore</city> <region>Kanataka</region> <code/> <country>India</country> </postal> <email>anil.ietf@gmail.com</email> </address> </author> <author fullname="Yi Zhao" initials="Y." surname="Zhao"> <organization>Ericsson</organization> <address> <postal> <street>China Digital Kingdom Bld., No.1 WangJing North Rd.</street> <city>Beijing</city> <code>100102</code> <country>China</country> </postal> <email>yi.z.zhao@ericsson.com</email> </address> </author> <dateyear="2022"/> <area>Internet</area> <workgroup>NTP Working Group</workgroup> <keyword>NTP, YANG</keyword>year="2022" month="July" /> <area>int</area> <workgroup>ntp</workgroup> <keyword>NTP</keyword> <keyword>YANG</keyword> <abstract> <t>This document defines a YANG data modelforthat can be used to configure and manage Network Time Protocol (NTP) version4 implementations.4. It can also be used to configure and manage version 3. The data model includes configuration data and state data.</t> </abstract><note title="Requirements Language"> <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here.</t> </note></front> <middle> <sectiontitle="Introduction">numbered="true" toc="default"> <name>Introduction</name> <t>This document defines a YANG<xref target="RFC7950"/>data modelfor<xref target="RFC7950" format="default"/> that can be used to configure and manage Network Time Protocol version 4 <xreftarget="RFC5905"/> implementations.target="RFC5905" format="default"/>. Note that the model could also be used to configure and manage NTPv3 <xreftarget="RFC1305"/>target="RFC1305" format="default"/> (see <xreftarget="ver"/>).</t>target="ver" format="default"/>).</t> <t>The data model covers configuration of system parameters ofNTP,NTP such as access rules, authentication and VPN Routing and Forwarding (VRF) binding, andalsovarious modes of NTP and per-interface parameters. It also provides access to information about running state of NTP implementations.</t> <sectiontitle="Operational State">numbered="true" toc="default"> <name>Operational State</name> <t>NTPOperational Stateoperational state is included in the same tree as NTP configuration, consistent withNetwork Management Datastore Architecture (NMDA)"<xref target="RFC8342" format="title"/>" <xreftarget="RFC8342"/>.target="RFC8342" format="default"/>. NTP current state and statistics are also maintained in the operational state. The operational state also includes the NTP association state.</t> </section> <sectiontitle="Terminology">numbered="true" toc="default"> <name>Terminology</name> <t>The terminology used in this document is alignedtowith <xreftarget="RFC5905"/>target="RFC5905" format="default"/> and <xreftarget="RFC1305"/>.</t>target="RFC1305" format="default"/>.</t> </section> <sectiontitle="Tree Diagrams">numbered="true" toc="default"> <name>Tree Diagrams</name> <t>A simplified graphical representation of the data model is used in this document. This document uses the graphical representation of data models defined in <xreftarget="RFC8340"/>. </t></section>target="RFC8340" format="default"/>. </t> </section> <sectiontitle="Prefixestoc="default" numbered="true"> <name>Prefixes in Data NodeNames" toc="default">Names</name> <t>In this document, names of data nodes and other data model objects are often used without a prefix, as long as it is clear from the context in which YANG module each name is defined. Otherwise, names are prefixed using the standard prefix associated with the corresponding YANG module, as shown in <xref target="tab.prefixes"pageno="false"format="default"/>.</t><texttable<table anchor="tab.prefixes"title="Prefixesalign="center"> <name>Prefixes andcorrespondingCorresponding YANGmodules" suppress-title="false" align="center" style="full"> <ttcol align="left">Prefix</ttcol> <ttcolModules</name> <thead> <tr> <th align="left">Prefix</th> <th align="left">YANGmodule</ttcol> <ttcol align="left">Reference</ttcol> <c>yang</c><c>ietf-yang-types</c><c><xrefModule</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="left">yang</td> <td align="left">ietf-yang-types</td> <td align="left"> <xref target="RFC6991"pageno="false" format="default"/></c> <c>inet</c><c>ietf-inet-types</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">inet</td> <td align="left">ietf-inet-types</td> <td align="left"> <xref target="RFC6991"pageno="false" format="default"/></c> <c>if</c><c>ietf-interfaces</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">if</td> <td align="left">ietf-interfaces</td> <td align="left"> <xref target="RFC8343"pageno="false" format="default"/></c> <c>sys</c><c>ietf-system</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">sys</td> <td align="left">ietf-system</td> <td align="left"> <xref target="RFC7317"pageno="false" format="default"/></c> <!--<c>key-chain</c><c>ietf-key-chain</c><c><xref target="RFC8177" pageno="false" format="default"/></c>--> <c>acl</c><c>ietf-access-control-list</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">acl</td> <td align="left">ietf-access-control-list</td> <td align="left"> <xref target="RFC8519"pageno="false" format="default"/></c> <c>rt-types</c><c>ietf-routing-types</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">rt-types</td> <td align="left">ietf-routing-types</td> <td align="left"> <xref target="RFC8294"pageno="false" format="default"/></c> <c>nacm</c><c>ietf-netconf-acm</c><c><xrefformat="default"/></td> </tr> <tr> <td align="left">nacm</td> <td align="left">ietf-netconf-acm</td> <td align="left"> <xref target="RFC8341"pageno="false" format="default"/></c> </texttable>format="default"/></td> </tr> </tbody> </table> </section> <sectiontitle="Referencestoc="default" numbered="true"> <name>References in theModel" toc="default"> <t>FollowingModel</name> <t>The following documents are referenced in the model defined in thisdocument -</t> <texttabledocument.</t> <table anchor="tab.ref"title="Referencesalign="center"> <name>References in the YANGmodules" suppress-title="false" align="center" style="full"> <ttcol align="left">Title</ttcol> <ttcol align="left">Reference</ttcol> <c>NetworkModule</name> <thead> <tr> <th align="left">Title</th> <th align="left">Reference</th> </tr> </thead> <tbody> <tr> <td align="left">Network Time Protocol Version 4: Protocol and AlgorithmsSpecification</c><c><xrefSpecification</td> <td align="left"> <xref target="RFC5905"pageno="false" format="default"/></c> <c>Commonformat="default"/></td> </tr> <tr> <td align="left">Common YANG DataTypes</c><c><xrefTypes</td> <td align="left"> <xref target="RFC6991"pageno="false" format="default"/></c> <c>Aformat="default"/></td> </tr> <tr> <td align="left">A YANG Data Model for SystemManagement</c><c><xrefManagement</td> <td align="left"> <xref target="RFC7317"pageno="false" format="default"/></c> <!--<c>YANG Data Model for Key Chains</c><c><xref target="RFC8177" pageno="false" format="default"/></c>--> <c>Commonformat="default"/></td> </tr> <tr> <td align="left">Common YANG Data Types for the RoutingArea</c><c><xrefArea</td> <td align="left"> <xref target="RFC8294"pageno="false" format="default"/></c> <c>Networkformat="default"/></td> </tr> <tr> <td align="left">Network Configuration Access ControlModel</c><c><xrefModel</td> <td align="left"> <xref target="RFC8341"pageno="false" format="default"/></c> <c>Aformat="default"/></td> </tr> <tr> <td align="left">A YANG Data Model for InterfaceManagement</c><c><xrefManagement</td> <td align="left"> <xref target="RFC8343"pageno="false" format="default"/></c> <c>YANGformat="default"/></td> </tr> <tr> <td align="left">YANG Data Model for Network Access Control Lists(ACLs)</c><c><xref(ACLs)</td> <td align="left"> <xref target="RFC8519"pageno="false" format="default"/></c> <c>Messageformat="default"/></td> </tr> <tr> <td align="left">Message Authentication Code for the Network TimeProtocol</c><c><xrefProtocol</td> <td align="left"> <xref target="RFC8573"pageno="false" format="default"/></c> <c>Theformat="default"/></td> </tr> <tr> <td align="left">The AES-CMACAlgorithm</c><c><xrefAlgorithm</td> <td align="left"> <xref target="RFC4493"pageno="false" format="default"/></c> <c>Theformat="default"/></td> </tr> <tr> <td align="left">The MD5 Message-DigestAlgorithm</c><c><xrefAlgorithm</td> <td align="left"> <xref target="RFC1321"pageno="false" format="default"/></c> <c>USformat="default"/></td> </tr> <tr> <td align="left">US Secure Hash Algorithm 1(SHA1)</c><c><xref(SHA1)</td> <td align="left"> <xref target="RFC3174"pageno="false" format="default"/></c> <c>FIPSformat="default"/></td> </tr> <tr> <td align="left">FIPS 180-4: Secure Hash Standard(SHS)</c><c><xref target="SHS"/></c> </texttable>(SHS)</td> <td align="left"> <xref target="SHS" format="default"/></td> </tr> </tbody> </table> </section> <section> <name>Requirements Language</name> <t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shown here. </t> </section> </section> <sectiontitle="NTP data model">numbered="true" toc="default"> <name>NTP Data Model</name> <t>This document defines the YANG module "ietf-ntp", which has the following condensedstructure:<figure> <artwork><![CDATA[structure:</t> <sourcecode type="yangtree"><![CDATA[ module: ietf-ntp +--rw ntp! +--rw port? inet:port-number {ntp-port}? +--rw refclock-master! | +--rw master-stratum? ntp-stratum +--rw authentication {authentication}? | +--rw auth-enabled? boolean | +--rw authentication-keys*[key-id][keyid] | +--rwkey-idkeyid uint32 | +--... +--rw access-rules {access-rules}? | +--rw access-rule* [access-mode] | +--rw access-mode identityref | +--rw acl? -> /acl:acls/acl/name +--ro clock-state | +--ro system-status | +--ro clock-state identityref | +--ro clock-stratum ntp-stratum | +--ro clock-refid refid | +--... +--rw unicast-configuration* [address type] | {unicast-configuration}? | +--rw address inet:ip-address | +--rw type identityref | +--... +--rw associations | +--ro association* [address local-mode isconfigured] | +--ro address inet:ip-address | +--ro local-mode identityref | +--ro isconfigured boolean | +--... | +--ro ntp-statistics | +--... +--rw interfaces | +--rw interface* [name] | +--rw name if:interface-ref | +--rw broadcast-server! {broadcast-server}? | | +--... | +--rw broadcast-client! {broadcast-client}? | +--rw multicast-server* [address] {multicast-server}? | | +--rw address | | | rt-types:ip-multicast-group-address | | +--... | +--rw multicast-client* [address] {multicast-client}? | | +--rw address rt-types:ip-multicast-group-address | +--rw manycast-server* [address] {manycast-server}? | | +--rw address rt-types:ip-multicast-group-address | +--rw manycast-client* [address] {manycast-client}? | +--rw address | | rt-types:ip-multicast-group-address | +--... +--ro ntp-statistics +--... rpcs: +---x statistics-reset +---w input +---w (association-or-all)? +--:(association) | +---w associations-address? | | -> /ntp/associations/association/address | +---w associations-local-mode? | | -> /ntp/associations/association/local-mode | +---w associations-isconfigured? | -> /ntp/associations/association/isconfigured +--:(all)]]></artwork> </figure></t>]]></sourcecode> <t>The full data model tree for the YANG module "ietf-ntp" is in <xreftarget="full"/>.</t>target="full" format="default"/>.</t> <t>This data model defines one top-level containerwhichthat includes both the NTP configuration and the NTP running state including access rules, authentication, associations, unicast configurations, interfaces, systemstatusstatus, and associations.</t> </section> <sectiontitle="Relationshipnumbered="true" toc="default"> <name>Relationship withNTPv4-MIB">NTPv4-MIB</name> <t>If the device implements the NTPv4-MIB <xreftarget="RFC5907"/>,target="RFC5907" format="default"/>, data nodes from the YANG module can be mapped to table entries in the NTPv4-MIB.</t> <t>The following tables list the YANG data nodes with corresponding objects in the NTPv4-MIB.</t><t>YANG<table align="center"> <name>YANG NTPConfigurationData Nodes in /ntp/clock-state/system-status and Related NTPv4-MIBObjects</t> <texttable> <ttcolObjects</name> <thead> <tr> <th align="center">YANGdata nodes in /ntp/clock-state/system-status</ttcol> <ttcol align="center">NTPv4-MIB objects</ttcol> <c>clock-state</c> <c>ntpEntStatusCurrentMode</c> <c>clock-stratum</c> <c>ntpEntStatusStratum</c> <c>clock-refid</c> <c>ntpEntStatusActiveRefSourceId</c> <c> </c> <c>ntpEntStatusActiveRefSourceName</c> <c>clock-precision</c> <c>ntpEntTimePrecision</c> <c>clock-offset</c> <c>ntpEntStatusActiveOffset</c> <c>root-dispersion</c> <c>ntpEntStatusDispersion</c> <postamble/> </texttable> <texttable> <ttcol align="center">YANG data nodesData Nodes in/ntp/associations/</ttcol> <ttcol/ntp/clock-state/system-status</th> <th align="center">NTPv4-MIBobjects</ttcol> <c>address</c> <c>ntpAssocAddressType</c> <c> </c> <c>ntpAssocAddress</c> <c>stratum</c> <c>ntpAssocStratum</c> <c>refid</c> <c>ntpAssocRefId</c> <c>offset</c> <c>ntpAssocOffset</c> <c>delay</c> <c>ntpAssocStatusDelay</c> <c>dispersion</c> <c>ntpAssocStatusDispersion</c> <c>ntp-statistics/packet-sent</c> <c>ntpAssocStatOutPkts</c> <c>ntp-statistics/packet-received</c> <c>ntpAssocStatInPkts</c> <c>ntp-statistics/packet-dropped</c> <c>ntpAssocStatProtocolError</c> <postamble/> </texttable> <t>YANGObjects</th> </tr> </thead> <tbody> <tr> <td align="center">clock-state</td> <td align="center">ntpEntStatusCurrentMode</td> </tr> <tr> <td align="center">clock-stratum</td> <td align="center">ntpEntStatusStratum</td> </tr> <tr> <td align="center">clock-refid</td> <td align="center"><ul empty="true" spacing="compact" bare="true"><li>ntpEntStatusActiveRefSourceId</li><li>ntpEntStatusActiveRefSourceName</li></ul></td> </tr> <tr> <td align="center">clock-precision</td> <td align="center">ntpEntTimePrecision</td> </tr> <tr> <td align="center">clock-offset</td> <td align="center">ntpEntStatusActiveOffset</td> </tr> <tr> <td align="center">root-dispersion</td> <td align="center">ntpEntStatusDispersion</td> </tr> </tbody> </table> <t keepWithPrevious="true"/> <table align="center"> <name>YANG NTPStateData Nodes in /ntp/associations/ and Related NTPv4-MIBObjects</t>Objects</name> <thead> <tr> <th align="center">YANG Data Nodes in /ntp/associations/</th> <th align="center">NTPv4-MIB Objects</th> </tr> </thead> <tbody> <tr> <td align="center">address</td> <td align="center"><ul empty="true" spacing="compact" bare="true"><li>ntpAssocAddressType</li><li>ntpAssocAddress</li></ul></td> </tr> <tr> <td align="center">stratum</td> <td align="center">ntpAssocStratum</td> </tr> <tr> <td align="center">refid</td> <td align="center">ntpAssocRefId</td> </tr> <tr> <td align="center">offset</td> <td align="center">ntpAssocOffset</td> </tr> <tr> <td align="center">delay</td> <td align="center">ntpAssocStatusDelay</td> </tr> <tr> <td align="center">dispersion</td> <td align="center">ntpAssocStatusDispersion</td> </tr> <tr> <td align="center">ntp-statistics/packet-sent</td> <td align="center">ntpAssocStatOutPkts</td> </tr> <tr> <td align="center">ntp-statistics/packet-received</td> <td align="center">ntpAssocStatInPkts</td> </tr> <tr> <td align="center">ntp-statistics/packet-dropped</td> <td align="center">ntpAssocStatProtocolError</td> </tr> </tbody> </table> </section> <sectiontitle="Relationshipnumbered="true" toc="default"> <name>Relationship with RFC7317">7317</name> <t>This section describes the relationship withNTPdefinition of NTP in Section3.2 System<xref target="RFC7317" section="3.2" sectionFormat="bare">System TimeManagementManagement</xref> of <xreftarget="RFC7317"/> .target="RFC7317" format="default"/>. YANG data nodes in /ntp/ also support per-interfaceconfigurationconfiguration, which is not supported in /system/ntp. If theyangYANG data model defined in this document is implemented, then /system/ntpSHOULD NOT<bcp14>SHOULD NOT</bcp14> be used andMUST<bcp14>MUST</bcp14> be ignored.</t><texttable> <ttcol<table align="center"> <name>YANG NTP Configuration Data Nodes and Counterparts from RFC 7317</name> <thead> <tr> <th align="center">YANGdata nodesData Nodes in /ntp/</ttcol> <ttcol</th> <th align="center">YANGdata nodes in /system/ntp</ttcol> <c>ntp!</c> <c>enabled</c> <c>unicast-configuration</c> <c>server</c> <c> </c> <c>server/name</c> <c>unicast-configuration/address</c> <c>server/transport/udp/address</c> <c>unicast-configuration/port</c> <c>server/transport/udp/port</c> <c>unicast-configuration/type</c> <c>server/association-type</c> <c>unicast-configuration/iburst</c> <c>server/iburst</c> <c>unicast-configuration/prefer</c> <c>server/prefer</c> <postamble>YANG NTP ConfigurationData Nodesand counterpartsinRFC 7317 Objects</postamble> </texttable>/system/ntp</th> </tr> </thead> <tbody> <tr> <td align="center">ntp!</td> <td align="center">enabled</td> </tr> <tr> <td align="center">unicast-configuration</td> <td align="center"><ul empty="true" spacing="compact" bare="true"><li>server</li><li>server/name</li></ul></td> </tr> <tr> <td align="center">unicast-configuration/address</td> <td align="center">server/transport/udp/address</td> </tr> <tr> <td align="center">unicast-configuration/port</td> <td align="center">server/transport/udp/port</td> </tr> <tr> <td align="center">unicast-configuration/type</td> <td align="center">server/association-type</td> </tr> <tr> <td align="center">unicast-configuration/iburst</td> <td align="center">server/iburst</td> </tr> <tr> <td align="center">unicast-configuration/prefer</td> <td align="center">server/prefer</td> </tr> </tbody> </table> </section> <sectiontitle="Access Rules">numbered="true" toc="default"> <name>Access Rules</name> <t>The access rules in this sectionrefersrefer to the on-the-wire access control to the NTP service and are completely independent of any management API access control, e.g., NETCONF Access Control Model (NACM)(<xref target="RFC8341"/>).</t><xref target="RFC8341" format="default"/>.</t> <t>An Access Control List (ACL) is one of the basic elements used to configure device-forwarding behavior. An ACL is a user-ordered set of rules that is used to filter traffic on a networking device.</t> <t>As per <xreftarget="RFC1305"/>target="RFC1305" format="default"/> (for NTPv3) and <xreftarget="RFC5905"/>target="RFC5905" format="default"/> (for NTPv4), NTP could include an access-control feature that prevents unauthorized access and that controls which peers are allowed to update the local clock.FurtherFurther, it is useful to differentiate between the various kinds of access and attach a different acl-rule to each. For this, the YANG module allows such configuration via /ntp/access-rules. The access-rule itself is configured via <xreftarget="RFC8519"/>.</t> <t>Following access modestarget="RFC8519" format="default"/>.</t> <t>The following access-modes aresupported - <list style="symbols"> <t>Peer: Permitsupported: </t> <dl spacing="normal"> <dt>Peer:</dt> <dd>Permit others to synchronize their time with the NTP entity orit can synchronize its time with others.vice versa. NTP control queries are alsoaccepted.</t> <t>Server: Permitaccepted.</dd> <dt>Server:</dt><dd>Permit others to synchronize their time with the NTP entity, but vice versa is not supported. NTP control queries areaccepted.</t> <t>Server-only: Permitaccepted.</dd> <dt>Server-only:</dt><dd>Permit others to synchronize their time with the NTP entity, but vice versa is not supported. NTP control queries are notaccepted.</t> <t>Query-only: Onlyaccepted.</dd> <dt>Query-only:</dt><dd>Only control queries areaccepted.</t> </list></t>accepted.</dd> </dl> <t>Query-only is the most restrictedwhere aswhereas the peer is the full access authority. The ability to give different ACL rules for differentaccess modesaccess-modes allows for a greater control by the operator.</t> </section> <sectiontitle="Key Management">numbered="true" toc="default"> <name>Key Management</name> <t>As per <xreftarget="RFC1305"/>target="RFC1305" format="default"/> (for NTPv3) and <xreftarget="RFC5905"/>target="RFC5905" format="default"/> (for NTPv4), when authentication is enabled, NTP employs a crypto-checksum, computed by the sender and checked by the receiver, together with a set of predistributed algorithms, and cryptographic keys indexed by a key identifier included in the NTP message. Thiskey-idkeyid is a 32-bit unsigned integer thatMUST<bcp14>MUST</bcp14> be configured on the NTP peers before the authenticationcouldcan be used. For this reason, this YANG module allows such configuration via /ntp/authentication/authentication-keys/. Further at the time of configuration of NTP association (forexample unicast-server),example, unicast server), thekey-idkeyid is specified.</t> <t>The 'nacm:default-deny-all' is used to prevent retrieval of the actual key information after it is set.</t> </section> <sectiontitle="NTP Version" anchor="ver">anchor="ver" numbered="true" toc="default"> <name>NTP Version</name> <t>This YANG data modelallowallows a version to be configured for the NTPassociation i.e.association, i.e., an operator can control the use of NTPv3 <xreftarget="RFC1305"/>target="RFC1305" format="default"/> or NTPv4 <xreftarget="RFC5905"/>target="RFC5905" format="default"/> for each association it forms. This allows backward compatibility with a legacy system. Note thatthe version 3 of NTPNTPv3 <xreftarget="RFC1305"/>target="RFC1305" format="default"/> is obsoleted by NTPv4 <xreftarget="RFC5905"/>.target="RFC5905" format="default"/>. </t> </section> <sectiontitle="NTPnumbered="true" toc="default"> <name>NTP YANGModule"> <t><figure align="left"> <artwork><![CDATA[ <CODE BEGINS> file "ietf-ntp@2022-03-21.yang"Module</name> <sourcecode name="ietf-ntp@2022-06-10.yang" type="yang" markers="true"><![CDATA[ module ietf-ntp { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; prefix ntp; import ietf-yang-types { prefix yang; reference "RFC 6991: Common YANG Data Types"; } import ietf-inet-types { prefix inet; reference "RFC 6991: Common YANG Data Types"; } import ietf-interfaces { prefix if; reference "RFC 8343: A YANG Data Model for Interface Management"; } import ietf-system { prefix sys; reference "RFC 7317: A YANG Data Model for System Management"; } import ietf-access-control-list { prefix acl; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } import ietf-routing-types { prefix rt-types; reference "RFC 8294: Common YANG Data Types for the Routing Area"; } import ietf-netconf-acm { prefix nacm; reference "RFC 8341: Network ConfigurationProtocol (NETCONF)Access Control Model"; } organization "IETF NTP (Network Time Protocol) Working Group"; contact "WG Web:<https://datatracker.ietf.org/wg/ntp/about/><https://datatracker.ietf.org/wg/ntp/> WG List: <mailto: ntp@ietf.org Editor: Dhruv Dhody <mailto:dhruv.ietf@gmail.com> Editor: Ankit Kumar Sinha <mailto:ankit.ietf@gmail.com>"; description "This document defines a YANG data modelforthat can be used to configure and manage Network Time Protocol (NTP)implementations.version 4. It can also be used to configure and manage version 3. The data model includes configuration data and state data. The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, they appear in all capitals, as shown here. Copyright (c) 2022 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Revised BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info). This version of this YANG module is part of RFCXXXX;9249; see the RFC itself for full legal notices."; revision2022-03-212022-06-10 { description "Initialrevision.";revision"; reference "RFCXXXX:9249: A YANG Data Model forNTP.";NTP"; } /*Note: The RFC Editor will replace XXXX with the number assigned to this document once it becomes an RFC.*/ /*Typedef Definitions */ typedef ntp-stratum { type uint8 { range "1..16"; } description "The level of each server in the hierarchy is defined by a stratum. Primary servers are assigned with stratum one; secondary servers at each lower level are assigned with one stratum greater than the precedinglevel";level."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } typedef ntp-version { type uint8 { range "3..max"; } default "4"; description "The current NTP version supported by the correspondingassociation.";association"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 1"; } typedef refid { type union { type inet:ipv4-address; type uint32; type string { length "4"; } } description "A code identifying the particular server or reference clock. The interpretation depends upon stratum. It could be an IPv4address oraddress, the first 32 bits of the MD5 hash of the IPv6addressaddress, or a string for the Reference Identifier andKISSkiss codes. Some examples: -- a refclock ID like '127.127.1.0' for local clock sync -- uni/multi/broadcast associations for IPv4 will look like '203.0.113.1' and '0x4321FEDC' for IPv6 -- sync with a primary source will look like 'DCN', 'NIST', 'ATOM' --KISSkiss codes will look like 'AUTH', 'DROP', or 'RATE' Note that the use of an MD5 hash for IPv6addressaddresses is not for cryptographicpurposes ";purposes."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } typedef ntp-date-and-time { type union { type yang:date-and-time; type uint8; } description "Follows the date-and-time format when validvalue exist, otherwisevalues exist. Otherwise, allows for setting a special value such as zero."; reference "RFC 6991: Common YANG Data Types"; } typedef log2seconds { type int8; description "An 8-bit signed integer that represents signed log2 seconds."; } /* features */ feature ntp-port { description "Support for NTP port configuration"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.2"; } feature authentication { description "Support for NTP symmetric key authentication"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } feature deprecated { description "Support deprecated MD5-based authentication (RFC8573) or SHA-18573), SHA-1, or any other deprecated authentication mechanism. It is enabled to support legacy compatibility when secure cryptographic algorithms are not available to use. It is also used to configure keystrings in ASCII format."; reference "RFC 1321: The MD5 Message-DigestAlgorithmAlgorithm, RFC 3174: US Secure Hash Algorithm 1(SHA1) FIPS 180-4:(SHA1), SHS: Secure Hash Standard(SHS)";(SHS) (FIPS PUB 180-4)"; } feature hex-key-string { description "Support hexadecimal keystring.";string"; } feature access-rules { description "Support for NTP access control"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 9.2"; } feature unicast-configuration { description "Support for NTP client/server or active/passive in unicast"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } feature broadcast-server { description "Support for broadcast server"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } feature broadcast-client { description "Support for broadcast client"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } feature multicast-server { description "Support for multicast server"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } feature multicast-client { description "Support for multicast client"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } feature manycast-server { description "Support for manycast server"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } feature manycast-client { description "Support for manycast client"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } /* Identity */ /* unicast-configurations types */ identity unicast-configuration-type { if-feature "unicast-configuration"; description "This defines NTP unicast mode of operation as used for unicast-configurations."; } identity uc-server { if-feature "unicast-configuration"; base unicast-configuration-type; description "Use client association mode where the unicast server address is configured."; } identity uc-peer { if-feature "unicast-configuration"; base unicast-configuration-type; description "Use symmetric active association mode where the peer address is configured."; } /* association-modes */ identity association-mode { description "The NTP associationmodes.";modes"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } identity active { base association-mode; description "Use symmetric active association mode (mode 1). This device may synchronize with its NTPpeer,peer or provide synchronization to a configured NTP peer."; } identity passive { base association-mode; description "Use symmetric passive association mode (mode 2). This device has learned this association dynamically. This device may synchronize with its NTP peer."; } identity client { base association-mode; description "Use client association mode (mode 3). This device will not provide synchronization to the configured NTP server."; } identity server { base association-mode; description "Use server association mode (mode 4). This device will provide synchronization to NTP clients."; } identity broadcast-server { base association-mode; description "Use broadcast server mode (mode 5). This mode defines thatitsit's either working asbroadcast-servera broadcast server ormulticast-server.";a multicast server."; } identity broadcast-client { base association-mode; description "This mode defines thatitsit's either working asbroadcast-clienta broadcast client (mode 6) ormulticast-client.";a multicast client."; } /* access-mode */ identity access-mode { if-feature "access-rules"; description "This defines NTPaccess modes.access-modes. These identify how the ACL is applied with NTP."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 9.2"; } identity peer-access-mode { if-feature "access-rules"; base access-mode; description "Permit others to synchronize their time with this NTPentityorit can synchronize its time with others.vice versa. NTP control queries are also accepted. This enables full access authority."; } identity server-access-mode { if-feature "access-rules"; base access-mode; description "Permit others to synchronize their time with this NTP entity, but vice versa is not supported. NTP control queries are accepted."; } identity server-only-access-mode { if-feature "access-rules"; base access-mode; description "Permit others to synchronize their time with this NTP entity, but vice versa is not supported. NTP control queries are not accepted."; } identity query-only-access-mode { if-feature "access-rules"; base access-mode; description "Only control queries are accepted."; } /* clock-state */ identity clock-state { description "This defines NTP clock status at a high level."; } identity synchronized { base clock-state; description "Indicates that the local clock has been synchronized with an NTP server or the reference clock."; } identity unsynchronized { base clock-state; description "Indicates that the local clock has not been synchronized with any NTP server."; } /* ntp-sync-state */ identity ntp-sync-state { description "This defines NTP clock sync state at a more granular level. Referred to as 'Clock state definitions' in RFC5905";5905."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Appendix A.1.1"; } identity clock-never-set { base ntp-sync-state; description "Indicates the clock was never set."; } identity freq-set-by-cfg { base ntp-sync-state; description "Indicates the clock frequency is set by NTP configuration or file."; } identity spike { base ntp-sync-state; description "Indicates a spike is detected."; } identity freq { base ntp-sync-state; description "Indicates the frequency mode."; } identity clock-synchronized { base ntp-sync-state; description "Indicates that the clock issynchronized";synchronized."; } /* crypto-algorithm */ identity crypto-algorithm { description "Base identity of cryptographic algorithm options."; } identity md5 { if-feature "deprecated"; base crypto-algorithm; description "The MD5 algorithm. Note that RFC 8573 deprecates the use of MD5-based authentication."; reference "RFC 1321: The MD5 Message-Digest Algorithm"; } identity sha-1 { if-feature "deprecated"; base crypto-algorithm; description "The SHA-1algorithm.";algorithm"; reference "RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; } identity hmac-sha-1 { if-feature "deprecated"; base crypto-algorithm; description "HMAC-SHA-1 authenticationalgorithm.";algorithm"; reference"FIPS 180-4:"SHS: Secure Hash Standard(SHS)";(SHS) (FIPS PUB 180-4)"; } identity hmac-sha1-12 { if-feature "deprecated"; base crypto-algorithm; description "The HMAC-SHA1-12algorithm.";algorithm"; } identity hmac-sha-256 { description "HMAC-SHA-256 authenticationalgorithm.";algorithm"; reference"FIPS 180-4:"SHS: Secure Hash Standard(SHS)";(SHS) (FIPS PUB 180-4)"; } identity hmac-sha-384 { description "HMAC-SHA-384 authenticationalgorithm.";algorithm"; reference"FIPS 180-4:"SHS: Secure Hash Standard(SHS)";(SHS) (FIPS PUB 180-4)"; } identity hmac-sha-512 { description "HMAC-SHA-512 authenticationalgorithm.";algorithm"; reference"FIPS 180-4:"SHS: Secure Hash Standard(SHS)";(SHS) (FIPS PUB 180-4)"; } identity aes-cmac { base crypto-algorithm; description "The AES-CMAC algorithm--- required by RFC 8573 for MAC for theNTP";NTP."; reference "RFC 4493: The AES-CMACAlgorithmAlgorithm, RFC 8573: Message Authentication Code for the Network Time Protocol"; } /* Groupings */ grouping key { description "Thekey.";key"; nacm:default-deny-all; choice key-string-style { description "Key string styles"; case keystring { leaf keystring { if-feature "deprecated"; type string; description "Key string in ASCIIformat.";format"; } } case hexadecimal { if-feature "hex-key-string"; leaf hexadecimal-string { type yang:hex-string; description "Key in hexadecimal string format. When compared to ASCII, specification in hexadecimal affords greater key entropy with the same number of internal key-string octets. Additionally, it discouragesusageuse of well-known words or numbers."; } } } } grouping authentication-key { description "To define an authentication key fora Network Time Protocol (NTP)an NTP time source."; leafkey-idkeyid { type uint32 { range "1..max"; } description "Authentication keyidentifier.";identifier"; } leaf algorithm { type identityref { base crypto-algorithm; } description "Authentication algorithm. Note that RFC 8573 deprecates the use of MD5-based authentication and recommends AES-CMAC."; } container key { uses key; description "The key. Note that RFC 8573 deprecates the use of MD5-based authentication."; } leaf istrusted { type boolean; description"Key-id"Keyid is trusted or not"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification,SectionSections 7.3 and 7.4"; } grouping authentication { description"Authentication.";"Authentication"; choice authentication-type { description "Type ofauthentication.";authentication"; case symmetric-key { leafkey-idkeyid { type leafref { path "/ntp:ntp/ntp:authentication/" +"ntp:authentication-keys/ntp:key-id";"ntp:authentication-keys/ntp:keyid"; } description "Authentication key id referenced in this association."; } } } } grouping statistics { description "NTP packetstatistic.";statistic"; leaf discontinuity-time { type ntp-date-and-time; description "The time on the most recent occasion at which any one or more ofthisthese NTP counters suffered a discontinuity. If no such discontinuities have occurred, then this node contains the time the NTP association was (re-)initialized."; } leaf packet-sent { type yang:counter32; description "The total number of NTP packets delivered to the transport service by this NTP entity for this association. Discontinuities in the value of this counter can occur upon coldstart orstart, reinitialization of the NTPentity,entity or the managementsystemsystem, and at other times."; } leaf packet-sent-fail { type yang:counter32; description "The number of times NTPpacketspacket sending failed."; } leaf packet-received { type yang:counter32; description "The total number of NTP packets delivered to the NTP entity from this association. Discontinuities in the value of this counter can occur upon coldstart orstart, reinitialization of the NTPentity,entity or the managementsystemsystem, and at other times."; } leaf packet-dropped { type yang:counter32; description "The total number of NTP packets that were delivered to this NTP entity from this association and that this entity was not able to process due to an NTPprotocolerror. Discontinuities in the value of this counter can occur upon coldstart orstart, reinitialization of the NTPentity,entity or the managementsystemsystem, and at other times."; } } grouping common-attributes { description "NTP common attributes forconfiguration.";configuration"; leaf minpoll { type log2seconds; default "6"; description "The minimum poll interval used in thisassociation.";association"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.2"; } leaf maxpoll { type log2seconds; default "10"; description "The maximum poll interval used in thisassociation.";association"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.2"; } leaf port { if-feature "ntp-port"; type inet:port-number { range "123 | 1024..max"; } default "123"; description "Specify the port used to send NTP packets."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.2"; } leaf version { type ntp-version; description "NTPversion.";version"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification"; } grouping association-ref { description "Reference to NTP association mode"; leaf associations-address { type leafref { path "/ntp:ntp/ntp:associations/ntp:association" + "/ntp:address"; } description "Indicates the association's addresswhich resultthat results in clock synchronization."; } leaf associations-local-mode { type leafref { path "/ntp:ntp/ntp:associations/ntp:association" + "/ntp:local-mode"; } description "Indicates the association's local-modewhich resultthat results in clock synchronization."; } leaf associations-isconfigured { type leafref { path "/ntp:ntp/ntp:associations/ntp:association/" + "ntp:isconfigured"; } description "Indicates if the association (that resulted in the clock synchronization) is explicitly configured."; } } container ntp { when 'false() = boolean(/sys:system/sys:ntp)' { description "Applicable when the system /sys/ntp/ is not used."; } presence "NTP is enabled and system should attempt to synchronize the system clock with an NTP server from the 'ntp/associations' list."; description "Configuration parameters forNTP.";NTP"; leaf port { if-feature "ntp-port"; type inet:port-number { range "123 | 1024..max"; } default "123"; description "Specify the port used to send and receive NTP packets."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.2"; } container refclock-master { presence "NTP master clock is enabled."; description "Configures the local clock of this device as NTP server."; leaf master-stratum { type ntp-stratum; default "16"; description "Stratum level from which NTP clients get their time synchronized."; } } container authentication { if-feature "authentication"; description "Configuration ofauthentication.";authentication"; leaf auth-enabled { type boolean; default "false"; description "Controls whether NTP authentication is enabled or disabled on this device."; } list authentication-keys { key"key-id";"keyid"; uses authentication-key; description "List of authenticationkeys.";keys"; } } container access-rules { if-feature "access-rules"; description "Configuration to control access to NTP service by using the NTP access-group feature. The access-mode identifies how the ACL is applied with NTP."; list access-rule { key "access-mode"; description "List of accessrules.";rules"; leaf access-mode { type identityref { base access-mode; } description "The NTPaccess mode.access-mode. Some of the possiblevalue includesvalues include peer, server, synchronization,queryquery, etc."; } leaf acl { type leafref { path "/acl:acls/acl:acl/acl:name"; } description "Control access configuration to be used."; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 9.2"; } } container clock-state { config false; description "Clock operational state of theNTP.";NTP"; container system-status { description "System status ofNTP.";NTP"; leaf clock-state { type identityref { base clock-state; } mandatory true; description "The state of the system clock. Some of the possiblevalue includesvalues include synchronized andunsynchronized";unsynchronized."; } leaf clock-stratum { type ntp-stratum; mandatory true; description "The NTP entity's own stratum value. Should be one greater thanpreceedingthe preceding level. 16 ifunsyncronized.";unsynchronized."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } leaf clock-refid { type refid; mandatory true; description "A code identifying the particular server or reference clock. The interpretation depends upon stratum. It could be an IPv4address oraddress, the first 32 bits of the MD5 hash of the IPv6addressaddress, or a string for the Reference Identifier andKISSkiss codes. Some examples: -- a refclock ID like '127.127.1.0' for local clock sync -- uni/multi/broadcast associations for IPv4 will look like '203.0.113.1' and '0x4321FEDC' for IPv6 -- sync with primary source will look like 'DCN', 'NIST', 'ATOM' --KISSkiss codes will look like 'AUTH', 'DROP', 'RATE' Note that the use of MD5 hash for IPv6 address is not for cryptographicpurposes ";purposes."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } uses association-ref { description "Reference toAssociation.";association"; } leaf nominal-freq { type decimal64 { fraction-digits 4; } units "Hz"; mandatory true; description "The nominal frequency of the local clock. An ideal frequency with zero uncertainty."; } leaf actual-freq { type decimal64 { fraction-digits 4; } units "Hz"; mandatory true; description "The actual frequency of the localclock.";clock"; } leaf clock-precision { type log2seconds; mandatory true; description "Clock precision of this system in signed integer format, in log 2 seconds - (prec=2^(-n)). A value of 5 would mean 2^-5 = 0.03125 seconds = 31.25 ms."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } leaf clock-offset { type decimal64 { fraction-digits 3; } units "milliseconds"; description "The signed time offset to the current selected reference timesourcesource, e.g., '0.032ms' or '1.232ms'. The negative valueIndicatesindicates that the local clock is behind the current selected reference time source."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 9.1"; } leaf root-delay { type decimal64 { fraction-digits 3; } units "milliseconds"; description "Total delay along the path to the rootclock.";clock"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification,SectionSections 4 and 7.3"; } leaf root-dispersion { type decimal64 { fraction-digits 3; } units "milliseconds"; description "The dispersionbetweento the local clock and the root clock, e.g., '6.927ms'."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification,SectionSections 4,7.37.3, and10.";10"; } leaf reference-time { type ntp-date-and-time; description "The reference timestamp. Time when the system clock was last set orcorrected";corrected."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } leaf sync-state { type identityref { base ntp-sync-state; } mandatory true; description "The synchronization status of the local clock. Referred to as 'Clock state definitions' in RFC5905";5905."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Appendix A.1.1"; } } } list unicast-configuration { if-feature "unicast-configuration"; key "address type"; description "List of NTPunicast-configurations.";unicast-configurations"; leaf address { type inet:ip-address; description "Address of thisassociation.";association"; } leaf type { type identityref { base unicast-configuration-type; } description "The unicast configuration type, forexampleexample, unicast-server"; } container authentication { if-feature "authentication"; description "Authentication used for thisassociation.";association"; uses authentication; } leaf prefer { type boolean; default "false"; description "Whether or not this association ispreferred or not.";preferred"; } leaf burst { type boolean; default "false"; description "If set, a series of packets are sent instead of a single packet within each synchronization interval to achieve faster synchronization."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 13.1"; } leaf iburst { type boolean; default "false"; description "If set, a series of packets are sent instead of a single packet within the initial synchronization interval to achieve faster initial synchronization."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 13.1"; } leaf source { type if:interface-ref; description "The interface whose IP address is used by this association as the source address."; } uses common-attributes { description "Common attributes like port, version, and min and max poll."; } } container associations { description "Association parameters"; list association { key "address local-mode isconfigured"; config false; description "List of NTP associations. Here address,local-modelocal-mode, and isconfigured are required to uniquely identify a particular association.LetsLet's take the followingexamples -examples: 1) If RT1 is acting as broadcastserver,server and RT2 is acting as broadcast client, then RT2 will form a dynamic association with the address as RT1, local-mode asclientclient, and isconfigured as false. 2) When RT2 is configured withunicast-serverunicast server RT1, then RT2 will form an association with the address as RT1, local-mode asclientclient, and isconfigured as true.ThusThus, all3three leaves are needed as key touniqueuniquely identify the association."; leaf address { type inet:ip-address; description "The remote address of this association. Represents the IP address of a unicast/multicast/broadcast address."; } leaf local-mode { type identityref { base association-mode; } description"Local mode"Local-mode of this NTPassociation.";association"; } leaf isconfigured { type boolean; description "Indicates if this association is configured (true) or dynamically learned (false)."; } leaf stratum { type ntp-stratum; description "The association stratumvalue.";value"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3"; } leaf refid { type refid; description "A code identifying the particular server or reference clock. The interpretation depends upon stratum. It could be an IPv4 address or first 32 bits of the MD5 hash of the IPv6 address or a string for the Reference Identifier andKISSkiss codes. Some examples: -- a refclock ID like '127.127.1.0' for local clock sync -- uni/multi/broadcast associations for IPv4 will look like '203.0.113.1' and '0x4321FEDC' for IPv6 -- sync with primary source will look like 'DCN', 'NIST', or 'ATOM' --KISSkiss codes will look like 'AUTH', 'DROP', or 'RATE' Note that the use of an MD5 hash for IPv6 address is not for cryptographicpurposes";purposes."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } leaf authentication { if-feature "authentication"; type leafref { path "/ntp:ntp/ntp:authentication/" +"ntp:authentication-keys/ntp:key-id";"ntp:authentication-keys/ntp:keyid"; } description "AuthenticationKeykey used for thisassociation.";association"; } leaf prefer { type boolean; default "false"; description "Indicates if this association ispreferred.";preferred"; } leaf peer-interface { type if:interface-ref; description "The interfacewhichthat is used forcommunication.";communication"; } uses common-attributes { description "Common attributes like port, version, and min and maxpoll.";poll"; } leaf reach { type uint8; description"It is an"An 8-bit shift register that tracks packet generation and receipt. It is used to determine whether the server is reachable and the data are fresh."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification,SectionSections 9.2 and 13"; } leaf unreach { type uint8; units "seconds"; description"It is a"A count of how long in second the server has beenunreachable i.e.unreachable, i.e., the reach value has been zero."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification,SectionSections 9.2 and 13"; } leaf poll { type log2seconds; description "The polling interval for current association in signed log2 seconds."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 7.3"; } leaf now { type uint32; units "seconds"; description "The time since the last NTP packet was received or last synchronized."; } leaf offset { type decimal64 { fraction-digits 3; } units "milliseconds"; description "The signed offset between the local clock and the peer clock, e.g., '0.032ms' or '1.232ms'. The negative valueIndicatesindicates that the local clock is behind the peer."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } leaf delay { type decimal64 { fraction-digits 3; } units "milliseconds"; description "The network delay between the local clock and the peerclock.";clock"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } leaf dispersion { type decimal64 { fraction-digits 3; } units "milliseconds"; description "The root dispersion between the local clock and the peer clock."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 10"; } leaf originate-time { type ntp-date-and-time; description "This is the local time, in timestamp format, when the latest NTP packet was sent to the peer (called T1)."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } leaf receive-time { type ntp-date-and-time; description "This is the local time, in timestamp format, when the latest NTP packet arrived at the peer (called T2). If the peer becomesunreachableunreachable, the value is set to zero."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } leaf transmit-time { type ntp-date-and-time; description "This is the local time, in timestamp format, at which the NTP packet departed the peer (called T3). If the peer becomesunreachableunreachable, the value is set to zero."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } leaf input-time { type ntp-date-and-time; description "This is the local time, in timestamp format, when the latest NTP message from the peer arrived (called T4). If the peer becomesunreachable theunreachable, value is set to zero."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 8"; } container ntp-statistics { description "PerPeerpeer packet send and receivestatistics.";statistics"; uses statistics { description "NTP send and receive packetstatistics.";statistics"; } } } } container interfaces { description "Configuration parameters for NTPinterfaces.";interfaces"; list interface { key "name"; description "List ofinterfaces.";interfaces"; leaf name { type if:interface-ref; description "The interfacename.";name"; } container broadcast-server { if-feature "broadcast-server"; presence "NTP broadcast-server is configured on thisinterface";interface."; description "Configuration of broadcastserver.";server"; leaf ttl { type uint8; description "Specifies the time to live (TTL) for a broadcastpacket.";packet"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } container authentication { if-feature "authentication"; description "Authentication used on thisinterface.";interface"; uses authentication; } uses common-attributes { description "Common attributes such as port, version, and min and maxpoll.";poll"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } container broadcast-client { if-feature "broadcast-client"; presence "NTP broadcast-client is configured on this interface."; description "Configuration ofbroadcast-client.";broadcast client"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } list multicast-server { if-feature "multicast-server"; key "address"; description "Configuration of multicastserver.";server"; leaf address { type rt-types:ip-multicast-group-address; description "The IP address to send NTP multicastpackets.";packets"; } leaf ttl { type uint8; description "Specifies thetime to live (TTL)TTL for a multicastpacket.";packet"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } container authentication { if-feature "authentication"; description "Authentication used on thisinterface.";interface"; uses authentication; } uses common-attributes { description "Common attributes such as port, version, and min and maxpoll.";poll"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } list multicast-client { if-feature "multicast-client"; key "address"; description "Configuration ofmulticast-client.";a multicast client"; leaf address { type rt-types:ip-multicast-group-address; description "The IP address of the multicast group tojoin.";join"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } list manycast-server { if-feature "manycast-server"; key "address"; description "Configuration of a manycastserver.";server"; leaf address { type rt-types:ip-multicast-group-address; description "The multicast group IP address to receive manycast client messages."; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } list manycast-client { if-feature "manycast-client"; key "address"; description "Configuration ofmanycast-client.";manycast-client"; leaf address { type rt-types:ip-multicast-group-address; description "The group IP address that the manycast client broadcasts the request messageto.";to"; } container authentication { if-feature "authentication"; description "Authentication used on thisinterface.";interface"; uses authentication; } leaf ttl { type uint8; description "Specifies the maximumtime to live (TTL)TTL for the expanding ringsearch.";search"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } leaf minclock { type uint8; description "The minimum manycast survivors in thisassociation.";association"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 13.2"; } leaf maxclock { type uint8; description "The maximum manycast candidates in thisassociation.";association"; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 13.2"; } leaf beacon { type log2seconds; description "The beacon is the upper limit of the poll interval. When thettlTTL reaches its limit without finding the minimum number of manycast servers, the poll interval increases until reaching the beacon value, when it starts over from the beginning."; reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 13.2"; } uses common-attributes { description "Common attributes like port, version, and min and maxpoll.";poll"; } reference "RFC 5905: Network Time Protocol Version 4: Protocol and Algorithms Specification, Section 3.1"; } } } container ntp-statistics { config false; description "Total NTP packetstatistics.";statistics"; uses statistics { description "NTP send and receive packetstatistics.";statistics"; } } } rpc statistics-reset { description "Reset statistics collected."; input { choice association-or-all { description "Resets statistics for a particular association orall";all."; case association { uses association-ref; description "This resets all the statistics collected for the association."; } case all { description "This resets all the statistics collected."; } } } } }<CODE ENDS>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Usage Example">numbered="true" toc="default"> <name>Usage Example</name> <t>This section include examples for illustration purposes.</t> <t>Note: '\' indicates line wrapping per <xreftarget="RFC8792"/>.</t>target="RFC8792" format="default"/>.</t> <sectiontitle="Unicast association">numbered="true" toc="default"> <name>Unicast Association</name> <t>This example describes how to configure a preferred unicast server present at 192.0.2.1 running at port 1025 with authentication-key 10 and version 4 (default).</t><t><figure align="center"> <artwork><![CDATA[<sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <unicast-configuration> <address>192.0.2.1</address> <type>uc-server</type> <prefer>true</prefer> <port>1025</port> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> </unicast-configuration> </ntp> </config> </edit-config>]]></artwork> </figure></t> <t>An]]></sourcecode> <t keepWithNext="true">An example with IPv6 would use an IPv6 address (say 2001:db8::1) in the "address" leaf with no change in any other data tree.</t><t><figure align="center"> <artwork><![CDATA[<sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <unicast-configuration> <address>2001:db8::1</address> <type>uc-server</type> <prefer>true</prefer> <port>1025</port> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> </unicast-configuration> </ntp> </config> </edit-config>]]></artwork> </figure></t>]]></sourcecode> <t>This example is for retrieving unicastconfigurations -configurations: </t><t><figure align="center"> <artwork><![CDATA[<sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <unicast-configuration> </unicast-configuration> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <unicast-configuration> <address>192.0.2.1</address> <type>uc-server</type> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> <prefer>true</prefer> <burst>false</burst> <iburst>true</iburst> <source/> <minpoll>6</minpoll> <maxpoll>10</maxpoll> <port>1025</port> <stratum>9</stratum> <refid>203.0.113.1</refid> <reach>255</reach> <unreach>0</unreach> <poll>128</poll> <now>10</now> <offset>0.025</offset> <delay>0.5</delay> <dispersion>0.6</dispersion> <originate-time>10-10-2017 07:33:55.253 Z+05:30\ </originate-time> <receive-time>10-10-2017 07:33:55.258 Z+05:30\ </receive-time> <transmit-time>10-10-2017 07:33:55.300 Z+05:30\ </transmit-time> <input-time>10-10-2017 07:33:55.305 Z+05:30\ </input-time> <ntp-statistics> <packet-sent>20</packet-sent> <packet-sent-fail>0</packet-sent-fail> <packet-received>20</packet-received> <packet-dropped>0</packet-dropped> </ntp-statistics> </unicast-configuration> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Refclock master">numbered="true" toc="default"> <name>Refclock Master</name> <t>This example describes how to configure reference clock with stratum8 - </t> <t><figure align="center"> <artwork><![CDATA[8:</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <refclock-master> <master-stratum>8</master-stratum> </refclock-master> </ntp> </config> </edit-config>]]></artwork> </figure></t> <t>This]]></sourcecode> <t keepWithNext="true">This example describes how to get reference clockconfiguration -configuration: </t><t><figure align="center"> <artwork><![CDATA[<sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <refclock-master> </refclock-master> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <refclock-master> <master-stratum>8</master-stratum> </refclock-master> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Authentication configuration">numbered="true" toc="default"> <name>Authentication Configuration</name> <t>This example describes how to enable authentication and configure trusted authentication key 10 with mode as AES-CMAC andana hexadecimal stringkey - </t> <t><figure align="center"> <artwork><![CDATA[key:</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <authentication> <auth-enabled>true</auth-enabled> <authentication-keys><key-id>10</key-id><keyid>10</keyid> <algorithm>aes-cmac</algorithm> <key> <hexadecimal-string> bb1d6929e95937287fa37d129b756746 </hexadecimal-string> </key> <istrusted>true</istrusted> </authentication-keys> </authentication> </ntp> </config> </edit-config>]]></artwork> </figure></t> <!-- <t>This example describes how to get authentication related configuration - </t> <t><figure align="center"> <artwork><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <authentication> </authentication> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <authentication> <auth-enabled>false</auth-enabled> <trusted-keys/> <authentication-keys> <key-id>10</key-id> <algorithm>aes-cmac</algorithm> <key> <hexadecimal-string> bb1d6929e95937287fa37d129b756746 </hexadecimal-string> </key> <istrusted>true</istrusted> </authentication-keys> </authentication> </ntp> </data> ]]></artwork> </figure></t> -->]]></sourcecode> </section> <sectiontitle="Access configuration">numbered="true" toc="default"> <name>Access Configuration</name> <t>This example describes how to configureaccess mode "peer""peer-access-mode" associated with ACL2000 - </t> <t><figure align="center"> <artwork><![CDATA[2000:</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <access-rules> <access-rule> <access-mode>peer-access-mode</access-mode> <acl>2000</acl> </access-rule> </access-rules> </ntp> </config> </edit-config>]]></artwork> </figure></t>]]></sourcecode> <t>This example describes how to getaccess related configuration - </t> <t><figure align="center"> <artwork><![CDATA[access-related configuration:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <access-rules> </access-rules> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <access-rules> <access-rule> <access-mode>peer-access-mode</access-mode> <acl>2000</acl> </access-rule> </access-rules> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Multicast configuration">numbered="true" toc="default"> <name>Multicast Configuration</name> <t>This example describes how to configuremulticast-servera multicast server with an addressasof "224.0.1.1", portasof 1025,andversionas 3of 3, and authentication keyidas 10 - </t> <t><figure align="center"> <artwork><![CDATA[of 10.</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <multicast-server> <address>224.0.1.1</address> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> <port>1025</port> <version>3</version> </multicast-server> </interface> </interfaces> </ntp> </config> </edit-config>]]></artwork> </figure></t> <t>This]]></sourcecode> <t keepWithNext="true">This example describes how to getmulticast-server related configuration - </t> <t><figure align="center"> <artwork><![CDATA[multicast-server-related configuration:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <multicast-server> </multicast-server> </interface> </interfaces> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <multicast-server> <address>224.0.1.1</address> <ttl>8</ttl> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> <minpoll>6</minpoll> <maxpoll>10</maxpoll> <port>1025</port> <version>3</version> </multicast-server> </interface> </interfaces> </ntp> </data>]]></artwork> </figure></t> <t>This]]></sourcecode> <t keepWithNext="true">This example describes how to configuremulticast-clienta multicast client with an addressas "224.0.1.1" - </t> <t><figure align="center"> <artwork><![CDATA[of "224.0.1.1":</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <multicast-client> <address>224.0.1.1</address> </multicast-client> </interface> </interfaces> </ntp> </config> </edit-config>]]></artwork> </figure></t>]]></sourcecode> <t>This example describes how to getmulticast-client related configuration - </t> <t><figure align="center"> <artwork><![CDATA[multicast-client-related configuration:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <multicast-client> </multicast-client> </interface> </interfaces> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <multicast-client> <address>224.0.1.1</address> </multicast-client> </interface> </interfaces> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Manycast configuration">numbered="true" toc="default"> <name>Manycast Configuration</name> <t>This example describes how to configure a manycast-client with an addressasof "224.0.1.1", portas 1025of 1025, and authentication keyidas 10 - </t> <t><figure align="center"> <artwork><![CDATA[of 10:</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <manycast-client> <address>224.0.1.1</address> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> <port>1025</port> </manycast-client> </interface> </interfaces> </ntp> </config> </edit-config>]]></artwork> </figure></t> <t>This]]></sourcecode> <t keepWithNext="true">This example describes how to getmanycast-client related configuration - </t> <t><figure align="center"> <artwork><![CDATA[manycast-client-related configuration:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <manycast-client> </manycast-client> </interface> </interfaces> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <manycast-client> <address>224.0.1.1</address> <authentication> <symmetric-key><key-id>10</key-id><keyid>10</keyid> </symmetric-key> </authentication> <ttl>8</ttl> <minclock>3</minclock> <maxclock>10</maxclock> <beacon>6</beacon> <minpoll>6</minpoll> <maxpoll>10</maxpoll> <port>1025</port> </manycast-client> </interface> </interfaces> </ntp> </data>]]></artwork> </figure></t> <t>This]]></sourcecode> <t keepWithNext="true">This example describes how to configure a manycast-server with an addressas "224.0.1.1" - </t> <t><figure align="center"> <artwork><![CDATA[of "224.0.1.1":</t> <sourcecode type="xml"><![CDATA[ <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <target> <running/> </target> <config> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <manycast-server> <address>224.0.1.1</address> </manycast-server> </interface> </interfaces> </ntp> </config> </edit-config>]]></artwork> </figure></t>]]></sourcecode> <t>This example describes how to getmanycast-server related configuration - </t> <t><figure align="center"> <artwork><![CDATA[manycast-server-related configuration:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <manycast-server> </manycast-server> </interface> </interfaces> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <interfaces> <interface> <name>Ethernet3/0/0</name> <manycast-server> <address>224.0.1.1</address> </manycast-server> </interface> </interfaces> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Clock state">numbered="true" toc="default"> <name>Clock State</name> <t>This example describes how to getclockcurrentstate - </t> <t><figure align="center"> <artwork><![CDATA[clock state:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <clock-state> </clock-state> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <clock-state> <system-status> <clock-state>synchronized</clock-state> <clock-stratum>7</clock-stratum> <clock-refid>192.0.2.1</clock-refid> <associations-address>192.0.2.1\ </associations-address> <associations-local-mode>client\ </associations-local-mode> <associations-isconfigured>yes\ </associations-isconfigured> <nominal-freq>100.0</nominal-freq> <actual-freq>100.0</actual-freq> <clock-precision>18</clock-precision> <clock-offset>0.025</clock-offset> <root-delay>0.5</root-delay> <root-dispersion>0.8</root-dispersion> <reference-time>10-10-2017 07:33:55.258 Z+05:30\ </reference-time> <sync-state>clock-synchronized</sync-state> </system-status> </clock-state> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Get all association">numbered="true" toc="default"> <name>Get All Association</name> <t>This example describes how to get allassociationassociations present in thesystem - </t> <t><figure align="center"> <artwork><![CDATA[system:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <associations> </associations> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <associations> <association> <address>192.0.2.1</address> <stratum>9</stratum> <refid>203.0.113.1</refid> <local-mode>client</local-mode> <isconfigured>true</isconfigured> <authentication-key>10</authentication-key> <prefer>true</prefer> <peer-interface>Ethernet3/0/0</peer-interface> <minpoll>6</minpoll> <maxpoll>10</maxpoll> <port>1025</port> <version>4</version> <reach>255</reach> <unreach>0</unreach> <poll>128</poll> <now>10</now> <offset>0.025</offset> <delay>0.5</delay> <dispersion>0.6</dispersion> <originate-time>10-10-2017 07:33:55.253 Z+05:30\ </originate-time> <receive-time>10-10-2017 07:33:55.258 Z+05:30\ </receive-time> <transmit-time>10-10-2017 07:33:55.300 Z+05:30\ </transmit-time> <input-time>10-10-2017 07:33:55.305 Z+05:30\ </input-time> <ntp-statistics> <packet-sent>20</packet-sent> <packet-sent-fail>0</packet-sent-fail> <packet-received>20</packet-received> <packet-dropped>0</packet-dropped> </ntp-statistics> </association> </associations> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> <sectiontitle="Global statistic">numbered="true" toc="default"> <name>Global Statistic</name> <t>This example describes how to get globalstatistics - </t> <t><figure align="center"> <artwork><![CDATA[statistics:</t> <sourcecode type="xml"><![CDATA[ <get> <filter type="subtree"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp-statistics> </ntp-statistics> </ntp> </filter> </get> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp-statistics> <packet-sent>30</packet-sent> <packet-sent-fail>5</packet-sent-fail> <packet-received>20</packet-received> <packet-dropped>2</packet-dropped> </ntp-statistics> </ntp> </data>]]></artwork> </figure></t>]]></sourcecode> </section> </section> <section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <sectiontitle="IETFnumbered="true" toc="default"> <name>IETF XMLRegistry">Registry</name> <t>This document registers a URI in the "IETF XML Registry" <xreftarget="RFC3688"/>.target="RFC3688" format="default"/>. Following the format in RFC 3688, the following registration has been made.</t><t>URI: urn:ietf:params:xml:ns:yang:ietf-ntp</t> <t>Registrant Contact: The IESG.</t> <t>XML: N/A;<dl spacing="normal"> <dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd> <dt>Registrant Contact:</dt><dd>The IESG.</dd> <dt>XML:</dt><dd>N/A; the requested URI is an XMLnamespace.</t>namespace.</dd> </dl> </section> <sectiontitle="YANGnumbered="true" toc="default"> <name>YANG ModuleNames">Names</name> <t>This document registers a YANG module in the "YANG Module Names" registry <xreftarget="RFC6020"/>.</t> <t>Name: ietf-ntp</t> <t>Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp</t> <t>Prefix: ntp</t> <t>Reference: RFC XXXX</t> <t>Note: The RFC Editor will replace XXXX with the number assigned to this document once it becomes an RFC.</t>target="RFC6020" format="default"/>.</t> <dl spacing="normal"> <dt>Name:</dt><dd>ietf-ntp</dd> <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd> <dt>Prefix:</dt><dd>ntp</dd> <dt>Reference:</dt><dd>RFC 9249</dd> </dl> </section> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t>The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF <xreftarget="RFC6241"/>target="RFC6241" format="default"/> or RESTCONF <xreftarget="RFC8040"/>.target="RFC8040" format="default"/>. The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) <xreftarget="RFC6242"/>.target="RFC6242" format="default"/>. The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS <xreftarget="RFC8446"/>.</t>target="RFC8446" format="default"/>.</t> <t>TheNETCONFNetwork Configuration Access Control Model (NACM) <xreftarget="RFC8341"/>target="RFC8341" format="default"/> provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content. The 'nacm:default-deny-all' is used to prevent retrieval of the key information. </t> <t>There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:<list> <t>/ntp/port - This</t> <dl spacing="normal"> <dt>/ntp/port:</dt><dd>This data nodespecifyspecifies the port number to be used to send NTP packets. Unexpected changes could lead to disruption and/or networkmisbehavior.</t> <t>/ntp/authenticationmisbehavior.</dd> <dt>/ntp/authentication and/ntp/access-rules - The/ntp/access-rules:</dt><dd>The entries in the list include the authentication and access control configurations. Care should be taken while setting theseparameters.</t> <t>/ntp/unicast-configuration - Theparameters.</dd> <dt>/ntp/unicast-configuration:</dt><dd>The entries in the list include all unicast configurations (server or peermode),mode) and indirectly creates ormodifymodifies the NTP associations. Unexpected changes could lead to disruption and/or networkmisbehavior.</t> <t>/ntp/interfaces/interface - Themisbehavior.</dd> <dt>/ntp/interfaces/interface:</dt><dd>The entries in the list include all per-interface configurations related to broadcast,multicastmulticast, and manycast mode, and indirectly creates ormodifymodifies the NTP associations. Unexpected changes could lead to disruption and/or network misbehavior. It could also lead tosyncronizationsynchronization over an untrusted source over trustedones.</t> </list></t>ones.</dd> </dl> <t>Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:<list> <t>/ntp/authentication/authentication-keys - The</t> <dl spacing="normal"> <dt>/ntp/authentication/authentication-keys:</dt><dd>The entries in the listincludesinclude all the NTP authentication keys. Unauthorized access to the keys can be easily exploited to permit unauthorized access to the NTP service. This information issensitive and thussensitive; thus, unauthorized access to this needs to be curtailed.</t> <t>/ntp/associations/association/ - The</dd> <dt>/ntp/associations/association/:</dt><dd>The entries in the listincludesinclude all active NTP associations of all modes. Exposure of these nodes could reveal network topology or trustrelationship.relationships. Unauthorized access to this also needs to be curtailed.</t> <t>/ntp/authentication</dd> <dt>/ntp/authentication and/ntp/access-rules - The/ntp/access-rules:</dt><dd>The entries in the list include the authentication and access control configurations. Exposure of these nodes could reveal network topology or trustrelationship.</t> </list> </t>relationships.</dd> </dl> <t>Some of the RPC operations in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control access to these operations. These are the operations and their sensitivity/vulnerability:<list> <t>statistics-reset - The</t> <dl spacing="normal"> <dt>statistics-reset:</dt><dd>The RPC is used to reset statistics. Unauthorized reset could impactmonitoring.</t> </list> </t>monitoring.</dd> </dl> <t>The leaf /ntp/authentication/authentication-keys/algorithm can be set to cryptographic algorithms that are no longer considered to be secure. As per <xreftarget="RFC8573"/>,target="RFC8573" format="default"/>, AES-CMAC is the recommended algorithm. </t> </section><section title="Acknowledgments"> <t>The authors would like to express their thanks to Sladjana Zoric, Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice Angermann, Watson Ladd, and Rich Salz for their review and suggestions.</t> <t>Thanks to Andy Bierman for the YANG doctor review.</t> <t>Thanks to Dieter Sibold for being the document shepherd and Erik Kline for being the responsible AD.</t> <t>Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens for GENART review.</t> <t>A special thanks to Tom Petch for a very detailed YANG review and providing great suggestions for improvements.</t> <t>Thanks for the IESG review from Benjamin Kaduk, Francesca Palombini, Eric Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and Zaheduzzaman Sarker.</t> </section></middle> <back><references title="Normative References"> <?rfc include="reference.RFC.2119"?> <?rfc include="reference.RFC.3688"?> <?rfc include="reference.RFC.5905"?> <?rfc include="reference.RFC.6020"?> <?rfc include="reference.RFC.6991"?> <?rfc include="reference.RFC.7317"?> <?rfc include="reference.RFC.7950"?> <?rfc include="reference.RFC.8174"?> <!--<?rfc include="reference.RFC.8177"?>--> <?rfc include="reference.RFC.8294"?> <?rfc include="reference.RFC.8340"?> <?rfc include="reference.RFC.8341"?> <?rfc include="reference.RFC.8343"?> <?rfc include="reference.RFC.8446"?> <?rfc include="reference.RFC.8519"?> <?rfc include="reference.RFC.8573"?><references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5905.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6020.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6241.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6242.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6991.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7317.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8040.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8294.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8340.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8341.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8343.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8446.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8519.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8573.xml"/> </references><references title="Informative References"> <?rfc include="reference.RFC.1305"?> <?rfc include="reference.RFC.1321"?> <?rfc include="reference.RFC.3174"?> <?rfc include="reference.RFC.4493"?> <?rfc include="reference.RFC.5907"?> <?rfc include="reference.RFC.6241"?> <?rfc include="reference.RFC.6242"?> <?rfc include="reference.RFC.8040"?> <?rfc include="reference.RFC.8342"?> <?rfc include="reference.RFC.8792"?><references> <name>Informative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1305.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.1321.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.3174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4493.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5907.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8342.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8792.xml"/> <reference anchor="SHS"target="https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.180-4.pdf">target="https://doi.org/10.6028/NIST.FIPS.180-4"> <front> <title>Secure Hash Standard (SHS)</title> <author initials="" surname="" fullname=""><organization>NIST</organization><organization>National Institute of Standards and Technology (NIST)</organization> </author> <datemonth="March" year="2012" />month="August" year="2015"/> </front> <seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/> <seriesInfo name="FIPS PUB"value="180-4" />value="180-4"/> </reference> </references> </references> <sectiontitle="Fullanchor="full" numbered="true" toc="default"> <name>Full YANGTree" anchor="full">Tree</name> <t>The full tree for the ietf-ntp YANG data model is-as follows. </t><t><figure align="center"> <artwork><![CDATA[<sourcecode type="yangtree"><![CDATA[ module: ietf-ntp +--rw ntp! +--rw port? inet:port-number {ntp-port}? +--rw refclock-master! | +--rw master-stratum? ntp-stratum +--rw authentication {authentication}? | +--rw auth-enabled? boolean | +--rw authentication-keys*[key-id][keyid] | +--rwkey-idkeyid uint32 | +--rw algorithm? identityref | +--rw key | | +--rw (key-string-style)? | | +--:(keystring) | | | +--rw keystring? string {deprecated}? | | +--:(hexadecimal) {hex-key-string}? | | +--rw hexadecimal-string? yang:hex-string | +--rw istrusted? boolean +--rw access-rules {access-rules}? | +--rw access-rule* [access-mode] | +--rw access-mode identityref | +--rw acl? -> /acl:acls/acl/name +--ro clock-state | +--ro system-status | +--ro clock-state identityref | +--ro clock-stratum ntp-stratum | +--ro clock-refid refid | +--ro associations-address? | | -> /ntp/associations/association/address | +--ro associations-local-mode? | | -> /ntp/associations/association/local-mode | +--ro associations-isconfigured? | | -> /ntp/associations/association/isconfigured | +--ro nominal-freq decimal64 | +--ro actual-freq decimal64 | +--ro clock-precision log2seconds | +--ro clock-offset? decimal64 | +--ro root-delay? decimal64 | +--ro root-dispersion? decimal64 | +--ro reference-time? ntp-date-and-time | +--ro sync-state identityref +--rw unicast-configuration* [address type] | {unicast-configuration}? | +--rw address inet:ip-address | +--rw type identityref | +--rw authentication {authentication}? | | +--rw (authentication-type)? | | +--:(symmetric-key) | | +--rwkey-id?keyid? leafref | +--rw prefer? boolean | +--rw burst? boolean | +--rw iburst? boolean | +--rw source? if:interface-ref | +--rw minpoll? log2seconds | +--rw maxpoll? log2seconds | +--rw port? inet:port-number {ntp-port}? | +--rw version? ntp-version +--rw associations | +--ro association* [address local-mode isconfigured] | +--ro address inet:ip-address | +--ro local-mode identityref | +--ro isconfigured boolean | +--ro stratum? ntp-stratum | +--ro refid? refid | +--ro authentication? | | ->/ntp/authentication/authentication-keys/key-id/ntp/authentication/authentication-keys/keyid | | {authentication}? | +--ro prefer? boolean | +--ro peer-interface? if:interface-ref | +--ro minpoll? log2seconds | +--ro maxpoll? log2seconds | +--ro port? inet:port-number {ntp-port}? | +--ro version? ntp-version | +--ro reach? uint8 | +--ro unreach? uint8 | +--ro poll? log2seconds | +--ro now? uint32 | +--ro offset? decimal64 | +--ro delay? decimal64 | +--ro dispersion? decimal64 | +--ro originate-time? ntp-date-and-time | +--ro receive-time? ntp-date-and-time | +--ro transmit-time? ntp-date-and-time | +--ro input-time? ntp-date-and-time | +--ro ntp-statistics | +--ro discontinuity-time? ntp-date-and-time | +--ro packet-sent? yang:counter32 | +--ro packet-sent-fail? yang:counter32 | +--ro packet-received? yang:counter32 | +--ro packet-dropped? yang:counter32 +--rw interfaces | +--rw interface* [name] | +--rw name if:interface-ref | +--rw broadcast-server! {broadcast-server}? | | +--rw ttl? uint8 | | +--rw authentication {authentication}? | | | +--rw (authentication-type)? | | | +--:(symmetric-key) | | | +--rwkey-id?keyid? leafref | | +--rw minpoll? log2seconds | | +--rw maxpoll? log2seconds | | +--rw port? inet:port-number {ntp-port}? | | +--rw version? ntp-version | +--rw broadcast-client! {broadcast-client}? | +--rw multicast-server* [address] {multicast-server}? | | +--rw address | | | rt-types:ip-multicast-group-address | | +--rw ttl? uint8 | | +--rw authentication {authentication}? | | | +--rw (authentication-type)? | | | +--:(symmetric-key) | | | +--rwkey-id?keyid? leafref | | +--rw minpoll? log2seconds | | +--rw maxpoll? log2seconds | | +--rw port? inet:port-number {ntp-port}? | | +--rw version? ntp-version | +--rw multicast-client* [address] {multicast-client}? | | +--rw address rt-types:ip-multicast-group-address | +--rw manycast-server* [address] {manycast-server}? | | +--rw address rt-types:ip-multicast-group-address | +--rw manycast-client* [address] {manycast-client}? | +--rw address | | rt-types:ip-multicast-group-address | +--rw authentication {authentication}? | | +--rw (authentication-type)? | | +--:(symmetric-key) | | +--rwkey-id?keyid? leafref | +--rw ttl? uint8 | +--rw minclock? uint8 | +--rw maxclock? uint8 | +--rw beacon? log2seconds | +--rw minpoll? log2seconds | +--rw maxpoll? log2seconds | +--rw port? inet:port-number {ntp-port}? | +--rw version? ntp-version +--ro ntp-statistics +--ro discontinuity-time? ntp-date-and-time +--ro packet-sent? yang:counter32 +--ro packet-sent-fail? yang:counter32 +--ro packet-received? yang:counter32 +--ro packet-dropped? yang:counter32 rpcs: +---x statistics-reset +---w input +---w (association-or-all)? +--:(association) | +---w associations-address? | | -> /ntp/associations/association/address | +---w associations-local-mode? | | -> /ntp/associations/association/local-mode | +---w associations-isconfigured? | -> /ntp/associations/association/isconfigured +--:(all)]]></artwork> </figure></t>]]></sourcecode> </section> <section numbered="false" toc="default"> <name>Acknowledgments</name> <t>The authors would like to express their thanks to <contact fullname=" Sladjana Zoric"/>, <contact fullname="Danny Mayer"/>, <contact fullname="Harlan Stenn"/>, <contact fullname="Ulrich Windl"/>, <contact fullname="Miroslav Lichvar"/>, <contact fullname="Maurice Angermann"/>, <contact fullname="Watson Ladd"/>, and <contact fullname="Rich Salz"/> for their review and suggestions.</t> <t>Thanks to <contact fullname="Andy Bierman"/> for the YANG doctor review.</t> <t>Thanks to <contact fullname="Dieter Sibold"/> for being the Document Shepherd and <contact fullname="Erik Kline"/> for being the Responsible AD.</t> <t>Thanks to <contact fullname="Takeshi Takahashi"/> for SECDIR review. Thanks to <contact fullname="Tim Evens"/> for GENART review.</t> <t>A special thanks to <contact fullname="Tom Petch"/> for a very detailed YANG review and providing great suggestions for improvements.</t> <t>Thanks for the IESG review from <contact fullname="Benjamin Kaduk"/>, <contact fullname="Francesca Palombini"/>, <contact fullname="Eric Vyncke"/>, <contact fullname="Murray Kucherawy"/>, <contact fullname="Robert Wilton"/>, <contact fullname="Roman Danyliw"/>, and <contact fullname="Zaheduzzaman Sarker"/>.</t> </section> </back> </rfc>