rfc9249xml2.original.xml   rfc9249.xml 
<?xml version="1.0" encoding="windows-1252"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd"> <!DOCTYPE rfc [
<?rfc toc="yes"?> <!ENTITY nbsp "&#160;">
<?rfc tocompact="yes"?> <!ENTITY zwsp "&#8203;">
<?rfc tocdepth="3"?> <!ENTITY nbhy "&#8209;">
<?rfc tocindent="yes"?> <!ENTITY wj "&#8288;">
<?rfc symrefs="yes"?> ]>
<?rfc sortrefs="yes"?>
<?rfc comments="yes"?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" submissionType="IETF" category="
<?rfc inline="yes"?> std" consensus="true" docName="draft-ietf-ntp-yang-data-model-17" number="9249"
<?rfc compact="yes"?> ipr="trust200902" obsoletes="" updates="" xml:lang="en" tocInclude="true" tocDep
<?rfc subcompact="no"?> th="3" symRefs="true" sortRefs="true" version="3">
<rfc category="std" docName="draft-ietf-ntp-yang-data-model-17" ipr="trust200902
">
<front> <front>
<title abbrev="YANG for NTP">A YANG Data Model for NTP</title> <title abbrev="YANG for NTP">A YANG Data Model for NTP</title>
<seriesInfo name="RFC" value="9249"/>
<author fullname="Nan Wu" initials="N." surname="Wu"> <author fullname="Nan Wu" initials="N." surname="Wu">
<organization>Huawei</organization> <organization>Huawei</organization>
<address> <address>
<postal> <postal>
<street>Huawei Bld., No.156 Beiqing Rd.</street> <street>Huawei Bld., No.156 Beiqing Rd.</street>
<city>Beijing</city> <city>Beijing</city>
<code>100095</code> <code>100095</code>
<country>China</country> <country>China</country>
</postal> </postal>
<email>eric.wu@huawei.com</email> <email>eric.wu@huawei.com</email>
</address> </address>
</author> </author>
<author fullname="Dhruv Dhody" initials="D." surname="Dhody" role="editor"> <author fullname="Dhruv Dhody" initials="D." surname="Dhody" role="editor">
<organization>Huawei</organization> <organization>Huawei</organization>
<address> <address>
<postal> <postal>
<street>Divyashree Techno Park, Whitefield</street> <street>Divyashree Techno Park, Whitefield</street>
<city>Bangalore</city> <city>Bangalore</city>
<region>Kanataka</region> <region>Kanataka</region>
<code>560066</code> <code>560066</code>
<country>India</country> <country>India</country>
</postal> </postal>
<email>dhruv.ietf@gmail.com</email> <email>dhruv.ietf@gmail.com</email>
</address> </address>
</author> </author>
<author fullname="Ankit Kumar Sinha" initials="A." surname="Sinha" role="edi
<author fullname="Ankit kumar Sinha" initials="A." surname="Sinha" role="edi tor">
tor">
<organization>RtBrick Inc.</organization> <organization>RtBrick Inc.</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city>Bangalore</city> <city>Bangalore</city>
<region>Kanataka</region> <region>Kanataka</region>
<code/> <code/>
<country>India</country> <country>India</country>
</postal> </postal>
<email>ankit.ietf@gmail.com</email> <email>ankit.ietf@gmail.com</email>
</address> </address>
</author> </author>
<author fullname="Anil Kumar S N" initials="A." surname="Kumar S N"> <author fullname="Anil Kumar S N" initials="A." surname="Kumar S N">
<organization>RtBrick Inc.</organization> <organization>RtBrick Inc.</organization>
<address> <address>
<postal> <postal>
<street/> <street/>
<city>Bangalore</city> <city>Bangalore</city>
<region>Kanataka</region> <region>Kanataka</region>
<code/> <code/>
<country>India</country> <country>India</country>
</postal> </postal>
<email>anil.ietf@gmail.com</email> <email>anil.ietf@gmail.com</email>
</address> </address>
</author> </author>
<author fullname="Yi Zhao" initials="Y." surname="Zhao"> <author fullname="Yi Zhao" initials="Y." surname="Zhao">
<organization>Ericsson</organization> <organization>Ericsson</organization>
<address> <address>
<postal> <postal>
<street>China Digital Kingdom Bld., No.1 WangJing North Rd.</street> <street>China Digital Kingdom Bld., No.1 WangJing North Rd.</street>
<city>Beijing</city> <city>Beijing</city>
<code>100102</code> <code>100102</code>
<country>China</country> <country>China</country>
</postal> </postal>
<email>yi.z.zhao@ericsson.com</email> <email>yi.z.zhao@ericsson.com</email>
</address> </address>
</author> </author>
<date year="2022" month="July" />
<date year="2022"/> <area>int</area>
<area>Internet</area> <workgroup>ntp</workgroup>
<workgroup>NTP Working Group</workgroup> <keyword>NTP</keyword>
<keyword>YANG</keyword>
<keyword>NTP, YANG</keyword>
<abstract> <abstract>
<t>This document defines a YANG data model for Network Time Protocol (NTP) <t>This document defines a YANG data model that can be used to
version 4 implementations. It can also be used to configure version 3. The configure and manage Network Time Protocol (NTP) version 4. It can
data model includes configuration data and state data.</t> also be used to configure and manage version 3. The data model
includes configuration data and state data.</t>
</abstract> </abstract>
<note title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when
, and only when, they
appear in all capitals, as shown here.</t>
</note>
</front> </front>
<middle> <middle>
<section title="Introduction"> <section numbered="true" toc="default">
<t>This document defines a YANG <xref target="RFC7950"/> data model for <name>Introduction</name>
Network Time Protocol <xref target="RFC5905"/> implementations. Note that <t>This document defines a YANG data model <xref target="RFC7950" format="
the model could also be used to configure NTPv3 <xref target="RFC1305"/> (see <x default"/> that can be used to configure and manage
ref target="ver"/>).</t> Network Time Protocol version 4 <xref target="RFC5905" format="default"/>.
Note that the model could also be used to configure and manage NTPv3 <xref targ
<t>The data model covers configuration of system parameters of NTP, et="RFC1305" format="default"/> (see <xref target="ver" format="default"/>).</t>
such as access rules, authentication and VPN Routing and Forwarding (VRF) <t>The data model covers configuration of system parameters of NTP
binding, and also various modes of NTP and per-interface parameters. such as access rules, authentication and VPN Routing and Forwarding (VRF)
binding, and various modes of NTP and per-interface parameters.
It also provides access to information about running state of NTP It also provides access to information about running state of NTP
implementations.</t> implementations.</t>
<section numbered="true" toc="default">
<section title="Operational State"> <name>Operational State</name>
<t>NTP Operational State is included in the same tree as NTP configurati <t>NTP operational state is included in the same tree as NTP configurati
on, on,
consistent with Network Management Datastore Architecture (NMDA) <xref t consistent with "<xref target="RFC8342" format="title"/>" <xref target="
arget="RFC8342"/>. RFC8342" format="default"/>.
NTP current state and statistics are also maintained NTP current state and statistics are also maintained
in the operational state. The operational state also includes the NTP as sociation state.</t> in the operational state. The operational state also includes the NTP as sociation state.</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Terminology"> <name>Terminology</name>
<t>The terminology used in this document is aligned to <xref target="RFC <t>The terminology used in this document is aligned with <xref target="R
5905"/> and <xref target="RFC1305"/>.</t> FC5905" format="default"/> and <xref target="RFC1305" format="default"/>.</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Tree Diagrams"> <name>Tree Diagrams</name>
<t>A simplified graphical representation of the data model is used in <t>A simplified graphical representation of the data model is used in
this document. this document.
This document uses the graphical representation of data models This document uses the graphical representation of data models
defined in <xref target="RFC8340"/>. defined in <xref target="RFC8340" format="default"/>.
</t></section> </t>
<section title="Prefixes in Data Node Names" toc="default"> </section>
<t>In this document, names of data nodes and other data <section toc="default" numbered="true">
<name>Prefixes in Data Node Names</name>
<t>In this document, names of data nodes and other data
model objects are often used without a prefix, as long as it is clear model objects are often used without a prefix, as long as it is clear
from the context in which YANG module each name is defined. from the context in which YANG module each name is defined.
Otherwise, names are prefixed using the standard prefix associated Otherwise, names are prefixed using the standard prefix associated
with the corresponding YANG module, as shown in <xref target="tab.prefixes" p with the corresponding YANG module, as shown in <xref target="tab.prefixes" f
ageno="false" format="default"/>.</t> ormat="default"/>.</t>
<table anchor="tab.prefixes" align="center">
<texttable anchor="tab.prefixes" title="Prefixes and corresponding YANG mo <name>Prefixes and Corresponding YANG Modules</name>
dules" suppress-title="false" align="center" style="full"> <thead>
<ttcol align="left">Prefix</ttcol> <tr>
<ttcol align="left">YANG module</ttcol> <th align="left">Prefix</th>
<ttcol align="left">Reference</ttcol> <th align="left">YANG Module</th>
<c>yang</c><c>ietf-yang-types</c><c><xref target="RFC6991" pageno="false <th align="left">Reference</th>
" format="default"/></c> </tr>
<c>inet</c><c>ietf-inet-types</c><c><xref target="RFC6991" pageno="false </thead>
" format="default"/></c> <tbody>
<c>if</c><c>ietf-interfaces</c><c><xref target="RFC8343" pageno="false" <tr>
format="default"/></c> <td align="left">yang</td>
<c>sys</c><c>ietf-system</c><c><xref target="RFC7317" pageno="false" for <td align="left">ietf-yang-types</td>
mat="default"/></c> <td align="left">
<!--<c>key-chain</c><c>ietf-key-chain</c><c><xref target="RFC8177" pagen <xref target="RFC6991" format="default"/></td>
o="false" format="default"/></c>--> </tr>
<c>acl</c><c>ietf-access-control-list</c><c><xref target="RFC8519" pagen <tr>
o="false" format="default"/></c> <td align="left">inet</td>
<c>rt-types</c><c>ietf-routing-types</c><c><xref target="RFC8294" pageno <td align="left">ietf-inet-types</td>
="false" format="default"/></c> <td align="left">
<c>nacm</c><c>ietf-netconf-acm</c><c><xref target="RFC8341" pageno="fals <xref target="RFC6991" format="default"/></td>
e" format="default"/></c> </tr>
<tr>
</texttable> <td align="left">if</td>
</section> <td align="left">ietf-interfaces</td>
<section title="References in the Model" toc="default"> <td align="left">
<t>Following documents are referenced in the model defined in this <xref target="RFC8343" format="default"/></td>
document -</t> </tr>
<texttable anchor="tab.ref" title="References in the YANG modules" suppress-t <tr>
itle="false" align="center" style="full"> <td align="left">sys</td>
<ttcol align="left">Title</ttcol> <td align="left">ietf-system</td>
<ttcol align="left">Reference</ttcol> <td align="left">
<c>Network Time Protocol Version 4: Protocol and Algorithms Specificatio <xref target="RFC7317" format="default"/></td>
n</c><c><xref target="RFC5905" pageno="false" format="default"/></c> </tr>
<c>Common YANG Data Types</c><c><xref target="RFC6991" pageno="false" fo <tr>
rmat="default"/></c> <td align="left">acl</td>
<c>A YANG Data Model for System Management</c><c><xref target="RFC7317" <td align="left">ietf-access-control-list</td>
pageno="false" format="default"/></c> <td align="left">
<!--<c>YANG Data Model for Key Chains</c><c><xref target="RFC8177" pagen <xref target="RFC8519" format="default"/></td>
o="false" format="default"/></c>--> </tr>
<c>Common YANG Data Types for the Routing Area</c><c><xref target="RFC82 <tr>
94" pageno="false" format="default"/></c> <td align="left">rt-types</td>
<c>Network Configuration Access Control Model</c><c><xref target="RFC834 <td align="left">ietf-routing-types</td>
1" pageno="false" format="default"/></c> <td align="left">
<c>A YANG Data Model for Interface Management</c><c><xref target="RFC834 <xref target="RFC8294" format="default"/></td>
3" pageno="false" format="default"/></c> </tr>
<c>YANG Data Model for Network Access Control Lists (ACLs)</c><c><xref t <tr>
arget="RFC8519" pageno="false" format="default"/></c> <td align="left">nacm</td>
<c>Message Authentication Code for the Network Time Protocol</c><c><xref <td align="left">ietf-netconf-acm</td>
target="RFC8573" pageno="false" format="default"/></c> <td align="left">
<c>The AES-CMAC Algorithm</c><c><xref target="RFC4493" pageno="false" fo <xref target="RFC8341" format="default"/></td>
rmat="default"/></c> </tr>
<c>The MD5 Message-Digest Algorithm</c><c><xref target="RFC1321" pageno= </tbody>
"false" format="default"/></c> </table>
<c>US Secure Hash Algorithm 1 (SHA1)</c><c><xref target="RFC3174" pageno </section>
="false" format="default"/></c> <section toc="default" numbered="true">
<c>FIPS 180-4: Secure Hash Standard (SHS)</c><c><xref target="SHS"/></c> <name>References in the Model</name>
</texttable> <t>The following documents are referenced in the model defined in this
document.</t>
<table anchor="tab.ref" align="center">
<name>References in the YANG Module</name>
<thead>
<tr>
<th align="left">Title</th>
<th align="left">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td align="left">Network Time Protocol Version 4: Protocol and Alg
orithms Specification</td>
<td align="left">
<xref target="RFC5905" format="default"/></td>
</tr>
<tr>
<td align="left">Common YANG Data Types</td>
<td align="left">
<xref target="RFC6991" format="default"/></td>
</tr>
<tr>
<td align="left">A YANG Data Model for System Management</td>
<td align="left">
<xref target="RFC7317" format="default"/></td>
</tr>
<tr>
<td align="left">Common YANG Data Types for the Routing Area</td>
<td align="left">
<xref target="RFC8294" format="default"/></td>
</tr>
<tr>
<td align="left">Network Configuration Access Control Model</td>
<td align="left">
<xref target="RFC8341" format="default"/></td>
</tr>
<tr>
<td align="left">A YANG Data Model for Interface Management</td>
<td align="left">
<xref target="RFC8343" format="default"/></td>
</tr>
<tr>
<td align="left">YANG Data Model for Network Access Control Lists
(ACLs)</td>
<td align="left">
<xref target="RFC8519" format="default"/></td>
</tr>
<tr>
<td align="left">Message Authentication Code for the Network Time
Protocol</td>
<td align="left">
<xref target="RFC8573" format="default"/></td>
</tr>
<tr>
<td align="left">The AES-CMAC Algorithm</td>
<td align="left">
<xref target="RFC4493" format="default"/></td>
</tr>
<tr>
<td align="left">The MD5 Message-Digest Algorithm</td>
<td align="left">
<xref target="RFC1321" format="default"/></td>
</tr>
<tr>
<td align="left">US Secure Hash Algorithm 1 (SHA1)</td>
<td align="left">
<xref target="RFC3174" format="default"/></td>
</tr>
<tr>
<td align="left">FIPS 180-4: Secure Hash Standard (SHS)</td>
<td align="left">
<xref target="SHS" format="default"/></td>
</tr>
</tbody>
</table>
</section>
<section>
<name>Requirements Language</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>
",
"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be
interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref
target="RFC8174"/> when, and only when, they appear in all capitals, as
shown here.
</t>
</section> </section>
</section> </section>
<section numbered="true" toc="default">
<section title="NTP data model"> <name>NTP Data Model</name>
<t>This document defines the YANG module "ietf-ntp", which has the <t>This document defines the YANG module "ietf-ntp", which has the
following condensed structure:<figure> following condensed structure:</t>
<artwork><![CDATA[
<sourcecode type="yangtree"><![CDATA[
module: ietf-ntp module: ietf-ntp
+--rw ntp! +--rw ntp!
+--rw port? inet:port-number {ntp-port}? +--rw port? inet:port-number {ntp-port}?
+--rw refclock-master! +--rw refclock-master!
| +--rw master-stratum? ntp-stratum | +--rw master-stratum? ntp-stratum
+--rw authentication {authentication}? +--rw authentication {authentication}?
| +--rw auth-enabled? boolean | +--rw auth-enabled? boolean
| +--rw authentication-keys* [key-id] | +--rw authentication-keys* [keyid]
| +--rw key-id uint32 | +--rw keyid uint32
| +--... | +--...
+--rw access-rules {access-rules}? +--rw access-rules {access-rules}?
| +--rw access-rule* [access-mode] | +--rw access-rule* [access-mode]
| +--rw access-mode identityref | +--rw access-mode identityref
| +--rw acl? -> /acl:acls/acl/name | +--rw acl? -> /acl:acls/acl/name
+--ro clock-state +--ro clock-state
| +--ro system-status | +--ro system-status
| +--ro clock-state identityref | +--ro clock-state identityref
| +--ro clock-stratum ntp-stratum | +--ro clock-stratum ntp-stratum
| +--ro clock-refid refid | +--ro clock-refid refid
skipping to change at line 274 skipping to change at line 343
+---w (association-or-all)? +---w (association-or-all)?
+--:(association) +--:(association)
| +---w associations-address? | +---w associations-address?
| | -> /ntp/associations/association/address | | -> /ntp/associations/association/address
| +---w associations-local-mode? | +---w associations-local-mode?
| | -> /ntp/associations/association/local-mode | | -> /ntp/associations/association/local-mode
| +---w associations-isconfigured? | +---w associations-isconfigured?
| -> /ntp/associations/association/isconfigured | -> /ntp/associations/association/isconfigured
+--:(all) +--:(all)
]]></artwork> ]]></sourcecode>
</figure></t> <t>The full data model tree for the YANG module "ietf-ntp" is in <xref tar
get="full" format="default"/>.</t>
<t>The full data model tree for the YANG module "ietf-ntp" is in <xref target="f <t>This data model defines one top-level container that includes both
ull"/>.</t>
<t>This data model defines one top-level container which includes both
the NTP configuration and the NTP running state including access rules, the NTP configuration and the NTP running state including access rules,
authentication, associations, unicast configurations, interfaces, system s tatus and associations.</t> authentication, associations, unicast configurations, interfaces, system s tatus, and associations.</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Relationship with NTPv4-MIB"> <name>Relationship with NTPv4-MIB</name>
<t>If the device implements the NTPv4-MIB <xref target="RFC5907"/>, data <t>If the device implements the NTPv4-MIB <xref target="RFC5907" format="d
nodes from YANG module can be mapped efault"/>, data
to table entries in NTPv4-MIB.</t> nodes from the YANG module can be mapped
to table entries in the NTPv4-MIB.</t>
<t>The following tables list the YANG data nodes with corresponding <t>The following tables list the YANG data nodes with corresponding
objects in the NTPv4-MIB.</t> objects in the NTPv4-MIB.</t>
<table align="center">
<name>YANG NTP Data Nodes in /ntp/clock-state/system-status and Related N
TPv4-MIB Objects</name>
<thead>
<tr>
<th align="center">YANG Data Nodes in /ntp/clock-state/system-status
</th>
<th align="center">NTPv4-MIB Objects</th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">clock-state</td>
<td align="center">ntpEntStatusCurrentMode</td>
</tr>
<tr>
<td align="center">clock-stratum</td>
<td align="center">ntpEntStatusStratum</td>
</tr>
<tr>
<td align="center">clock-refid</td>
<td align="center"><ul empty="true" spacing="compact" bare="true"><l
i>ntpEntStatusActiveRefSourceId</li><li>ntpEntStatusActiveRefSourceName</li></ul
></td>
</tr>
<t>YANG NTP Configuration Data Nodes and Related NTPv4-MIB Objects</t> <tr>
<td align="center">clock-precision</td>
<texttable> <td align="center">ntpEntTimePrecision</td>
<ttcol align="center">YANG data nodes in /ntp/clock-state/system-statu </tr>
s</ttcol> <tr>
<ttcol align="center">NTPv4-MIB objects</ttcol> <td align="center">clock-offset</td>
<c>clock-state</c> <td align="center">ntpEntStatusActiveOffset</td>
<c>ntpEntStatusCurrentMode</c> </tr>
<c>clock-stratum</c> <tr>
<c>ntpEntStatusStratum</c> <td align="center">root-dispersion</td>
<c>clock-refid</c> <td align="center">ntpEntStatusDispersion</td>
<c>ntpEntStatusActiveRefSourceId</c> </tr>
<c> </c> </tbody>
<c>ntpEntStatusActiveRefSourceName</c> </table>
<c>clock-precision</c> <t keepWithPrevious="true"/>
<c>ntpEntTimePrecision</c> <table align="center">
<c>clock-offset</c> <name>YANG NTP Data Nodes in /ntp/associations/ and Related NTPv4
<c>ntpEntStatusActiveOffset</c> -MIB Objects</name>
<c>root-dispersion</c> <thead>
<c>ntpEntStatusDispersion</c> <tr>
<postamble/> <th align="center">YANG Data Nodes in /ntp/associations/</th>
</texttable> <th align="center">NTPv4-MIB Objects</th>
</tr>
</thead>
<tbody>
<tr>
<td align="center">address</td>
<td align="center"><ul empty="true" spacing="compact" bare="true"><l
i>ntpAssocAddressType</li><li>ntpAssocAddress</li></ul></td>
</tr>
<texttable> <tr>
<ttcol align="center">YANG data nodes in /ntp/associations/</ttcol> <td align="center">stratum</td>
<ttcol align="center">NTPv4-MIB objects</ttcol> <td align="center">ntpAssocStratum</td>
<c>address</c> </tr>
<c>ntpAssocAddressType</c> <tr>
<c> </c> <td align="center">refid</td>
<c>ntpAssocAddress</c> <td align="center">ntpAssocRefId</td>
<c>stratum</c> </tr>
<c>ntpAssocStratum</c> <tr>
<c>refid</c> <td align="center">offset</td>
<c>ntpAssocRefId</c> <td align="center">ntpAssocOffset</td>
<c>offset</c> </tr>
<c>ntpAssocOffset</c> <tr>
<c>delay</c> <td align="center">delay</td>
<c>ntpAssocStatusDelay</c> <td align="center">ntpAssocStatusDelay</td>
<c>dispersion</c> </tr>
<c>ntpAssocStatusDispersion</c> <tr>
<c>ntp-statistics/packet-sent</c> <td align="center">dispersion</td>
<c>ntpAssocStatOutPkts</c> <td align="center">ntpAssocStatusDispersion</td>
<c>ntp-statistics/packet-received</c> </tr>
<c>ntpAssocStatInPkts</c> <tr>
<c>ntp-statistics/packet-dropped</c> <td align="center">ntp-statistics/packet-sent</td>
<c>ntpAssocStatProtocolError</c> <td align="center">ntpAssocStatOutPkts</td>
<postamble/> </tr>
</texttable> <tr>
<td align="center">ntp-statistics/packet-received</td>
<td align="center">ntpAssocStatInPkts</td>
</tr>
<tr>
<td align="center">ntp-statistics/packet-dropped</td>
<td align="center">ntpAssocStatProtocolError</td>
</tr>
</tbody>
</table>
<t>YANG NTP State Data Nodes and Related NTPv4-MIB Objects</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Relationship with RFC 7317"> <name>Relationship with RFC 7317</name>
<t>This section describes the relationship with NTP definition in <t>This section describes the relationship with definition of NTP in
Section 3.2 System Time Management of <xref target="RFC7317"/> . Section <xref target="RFC7317" section="3.2" sectionFormat="bare">System T
ime Management</xref> of <xref target="RFC7317" format="default"/>.
YANG data nodes in /ntp/ also support per-interface YANG data nodes in /ntp/ also support per-interface
configuration which is not supported in /system/ntp. configuration, which is not supported in /system/ntp.
If the yang model defined in this document is implemented, then If the YANG data model defined in this document is implemented, then
/system/ntp SHOULD NOT be used and MUST be ignored.</t> /system/ntp <bcp14>SHOULD NOT</bcp14> be used and <bcp14>MUST</bcp14> be i
gnored.</t>
<texttable> <table align="center">
<ttcol align="center">YANG data nodes in /ntp/ </ttcol> <name>YANG NTP Configuration Data Nodes and Counterparts from RFC 7317</n
<ttcol align="center">YANG data nodes in /system/ntp</ttcol> ame>
<c>ntp!</c> <thead>
<c>enabled</c> <tr>
<c>unicast-configuration</c> <th align="center">YANG Data Nodes in /ntp/ </th>
<c>server</c> <th align="center">YANG Data Nodes in /system/ntp</th>
<c> </c> </tr>
<c>server/name</c> </thead>
<c>unicast-configuration/address</c> <tbody>
<c>server/transport/udp/address</c> <tr>
<c>unicast-configuration/port</c> <td align="center">ntp!</td>
<c>server/transport/udp/port</c> <td align="center">enabled</td>
<c>unicast-configuration/type</c> </tr>
<c>server/association-type</c> <tr>
<c>unicast-configuration/iburst</c> <td align="center">unicast-configuration</td>
<c>server/iburst</c> <td align="center"><ul empty="true" spacing="compact" bare="true"><l
<c>unicast-configuration/prefer</c> i>server</li><li>server/name</li></ul></td>
<c>server/prefer</c> </tr>
<postamble>YANG NTP Configuration Data Nodes and counterparts in RFC 7 <tr>
317 Objects</postamble> <td align="center">unicast-configuration/address</td>
</texttable> <td align="center">server/transport/udp/address</td>
</tr>
<tr>
<td align="center">unicast-configuration/port</td>
<td align="center">server/transport/udp/port</td>
</tr>
<tr>
<td align="center">unicast-configuration/type</td>
<td align="center">server/association-type</td>
</tr>
<tr>
<td align="center">unicast-configuration/iburst</td>
<td align="center">server/iburst</td>
</tr>
<tr>
<td align="center">unicast-configuration/prefer</td>
<td align="center">server/prefer</td>
</tr>
</tbody>
</table>
</section> </section>
<section title="Access Rules"> <section numbered="true" toc="default">
<t>The access rules in this section refers to the on-the-wire <name>Access Rules</name>
access control to the NTP service and completely independent of any management A
PI access control, e.g., NETCONF Access Control Model (NACM) (<xref target="RFC8 <t>The access rules in this section refer to the on-the-wire
341"/>).</t> access control to the NTP service and are completely independent
of any management API access control, e.g., NETCONF Access
Control Model (NACM) <xref target="RFC8341"
format="default"/>.</t>
<t>An Access Control List (ACL) is one of the basic elements used to <t>An Access Control List (ACL) is one of the basic elements used to
configure device-forwarding behavior. An ACL is a user-ordered set of rules t hat is used to filter traffic configure device-forwarding behavior. An ACL is a user-ordered set of rules t hat is used to filter traffic
on a networking device.</t> on a networking device.</t>
<t>As per <xref target="RFC1305"/> (for NTPv3) and <xref target="RFC5905"/ > (for NTPv4), NTP could <t>As per <xref target="RFC1305" format="default"/> (for NTPv3) and <xref target="RFC5905" format="default"/> (for NTPv4), NTP could
include an access-control feature that prevents unauthorized access and include an access-control feature that prevents unauthorized access and
controls which peers are allowed to update the local clock. Further it is useful that controls which peers are allowed to update the local clock. Further, it is
to differentiate between the various kinds of access and attach a different acl useful to differentiate between the various kinds of access and attach a differe
-rule to each. For this, the YANG module allows such configuration via /ntp/acce nt acl-rule to each. For this, the YANG module allows such configuration via /nt
ss-rules. The access-rule itself is configured via <xref target="RFC8519"/>.</t> p/access-rules. The access-rule itself is configured via <xref target="RFC8519"
<t>Following access modes are supported - format="default"/>.</t>
<list style="symbols"> <t>The following access-modes are supported:
<t>Peer: Permit others to synchronize their time with the NTP entity or it can s </t>
ynchronize its time with others. NTP control queries are also accepted.</t> <dl spacing="normal">
<t>Server: Permit others to synchronize their time with the NTP entity, but vice <dt>Peer:</dt> <dd>Permit others to synchronize their time with the NTP
versa is not supported. NTP control queries are accepted.</t> entity or vice versa. NTP control queries are also accepted.</dd>
<t>Server-only: Permit others to synchronize their time with NTP entity, but vic <dt>Server:</dt><dd>Permit others to synchronize their time with the NTP
e versa is not supported. NTP control queries are not accepted.</t> entity, but vice versa is not supported. NTP control queries are accepted.</dd>
<t>Query-only: Only control queries are accepted.</t> <dt>Server-only:</dt><dd>Permit others to synchronize their time with th
</list></t> e NTP entity, but vice versa is not supported. NTP control queries are not accep
<t>Query-only is the most restricted where as the peer is the full access auth ted.</dd>
ority. The ability to give different ACL rules for different access modes allows <dt>Query-only:</dt><dd>Only control queries are accepted.</dd>
for a greater control by the operator.</t> </dl>
<t>Query-only is the most restricted whereas the peer is the full access a
uthority. The ability to give different ACL rules for different access-modes all
ows for a greater control by the operator.</t>
</section> </section>
<section title="Key Management"> <section numbered="true" toc="default">
<t>As per <xref target="RFC1305"/> (for NTPv3) and <xref target="RFC5905"/ <name>Key Management</name>
> (for NTPv4), when authentication is enabled, NTP employs <t>As per <xref target="RFC1305" format="default"/> (for NTPv3) and <xref
target="RFC5905" format="default"/> (for NTPv4), when authentication is enabled,
NTP employs
a crypto-checksum, computed by the sender and checked by the receiver, a crypto-checksum, computed by the sender and checked by the receiver,
together with a set of predistributed algorithms, and together with a set of predistributed algorithms, and
cryptographic keys indexed by a key identifier included in the NTP message. This cryptographic keys indexed by a key identifier included in the NTP message. This
key-id is a 32-bit unsigned integer that MUST be configured on the NTP peers be keyid is a 32-bit unsigned integer that <bcp14>MUST</bcp14> be configured on th
fore the authentication could be used. e NTP peers before the authentication can be used.
For this reason, this YANG module allows such configuration via /ntp/authenticat For this reason, this YANG module allows such configuration via /ntp/authenticat
ion/authentication-keys/. Further at the time of configuration of NTP associatio ion/authentication-keys/. Further at the time of configuration of NTP associatio
n (for example unicast-server), the key-id is specified.</t> n (for example, unicast server), the keyid is specified.</t>
<t>The 'nacm:default-deny-all' is <t>The 'nacm:default-deny-all' is
used to prevent retrieval of the actual key information after it is set.</t> used to prevent retrieval of the actual key information after it is set.</t>
</section> </section>
<section title="NTP Version" anchor="ver"> <section anchor="ver" numbered="true" toc="default">
<t>This YANG model allow a version to be configured for the NTP associatio <name>NTP Version</name>
n i.e. an operator can control the use of NTPv3 <xref target="RFC1305"/> or NTPv <t>This YANG data model allows a version to be configured for the NTP asso
4 <xref target="RFC5905"/> for each association it forms. This allows backward c ciation, i.e., an operator can control the use of NTPv3 <xref target="RFC1305" f
ompatibility with a legacy system. Note that the version 3 of NTP <xref target=" ormat="default"/> or NTPv4 <xref target="RFC5905" format="default"/> for each as
RFC1305"/> is obsoleted by NTPv4 <xref target="RFC5905"/>. sociation it forms. This allows backward compatibility with a legacy system. Not
</t> e that NTPv3 <xref target="RFC1305" format="default"/> is obsoleted by NTPv4 <xr
ef target="RFC5905" format="default"/>.
</t>
</section> </section>
<section numbered="true" toc="default">
<name>NTP YANG Module</name>
<section title="NTP YANG Module"> <sourcecode name="ietf-ntp@2022-06-10.yang" type="yang" markers="true"><![
<t><figure align="left"> CDATA[
<artwork><![CDATA[
<CODE BEGINS> file "ietf-ntp@2022-03-21.yang"
module ietf-ntp { module ietf-ntp {
yang-version 1.1; yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ntp"; namespace "urn:ietf:params:xml:ns:yang:ietf-ntp";
prefix ntp; prefix ntp;
import ietf-yang-types { import ietf-yang-types {
prefix yang; prefix yang;
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
skipping to change at line 448 skipping to change at line 574
Lists (ACLs)"; Lists (ACLs)";
} }
import ietf-routing-types { import ietf-routing-types {
prefix rt-types; prefix rt-types;
reference reference
"RFC 8294: Common YANG Data Types for the Routing Area"; "RFC 8294: Common YANG Data Types for the Routing Area";
} }
import ietf-netconf-acm { import ietf-netconf-acm {
prefix nacm; prefix nacm;
reference reference
"RFC 8341: Network Configuration Protocol (NETCONF) Access "RFC 8341: Network Configuration Access Control Model";
Control Model";
} }
organization organization
"IETF NTP (Network Time Protocol) Working Group"; "IETF NTP (Network Time Protocol) Working Group";
contact contact
"WG Web: <https://datatracker.ietf.org/wg/ntp/about/> "WG Web: <https://datatracker.ietf.org/wg/ntp/>
WG List: <mailto: ntp@ietf.org WG List: <mailto: ntp@ietf.org
Editor: Dhruv Dhody Editor: Dhruv Dhody
<mailto:dhruv.ietf@gmail.com> <mailto:dhruv.ietf@gmail.com>
Editor: Ankit Kumar Sinha Editor: Ankit Kumar Sinha
<mailto:ankit.ietf@gmail.com>"; <mailto:ankit.ietf@gmail.com>";
description description
"This document defines a YANG data model for Network Time Protocol "This document defines a YANG data model that can be used
(NTP) implementations. The data model includes configuration data to configure and manage Network Time Protocol (NTP) version 4.
and state data. It can also be used to configure and manage version 3.
The data model includes configuration data and state data.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED', NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as 'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when, described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here. they appear in all capitals, as shown here.
Copyright (c) 2022 IETF Trust and the persons identified as Copyright (c) 2022 IETF Trust and the persons identified as
authors of the code. All rights reserved. authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject without modification, is permitted pursuant to, and subject
to the license terms contained in, the Revised BSD License to the license terms contained in, the Revised BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents Relating to IETF Documents
(https://trustee.ietf.org/license-info). (https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see the This version of this YANG module is part of RFC 9249; see the
RFC itself for full legal notices."; RFC itself for full legal notices.";
revision 2022-03-21 { revision 2022-06-10 {
description description
"Initial revision."; "Initial revision";
reference reference
"RFC XXXX: A YANG Data Model for NTP."; "RFC 9249: A YANG Data Model for NTP";
} }
/* Note: The RFC Editor will replace XXXX with the number assigned
to this document once it becomes an RFC.*/
/* Typedef Definitions */ /* Typedef Definitions */
typedef ntp-stratum { typedef ntp-stratum {
type uint8 { type uint8 {
range "1..16"; range "1..16";
} }
description description
"The level of each server in the hierarchy is defined by "The level of each server in the hierarchy is defined by
a stratum. Primary servers are assigned with stratum a stratum. Primary servers are assigned with stratum
one; secondary servers at each lower level are assigned with one; secondary servers at each lower level are assigned with
one stratum greater than the preceding level"; one stratum greater than the preceding level.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3"; Algorithms Specification, Section 3";
} }
typedef ntp-version { typedef ntp-version {
type uint8 { type uint8 {
range "3..max"; range "3..max";
} }
default "4"; default "4";
description description
"The current NTP version supported by corresponding "The current NTP version supported by the corresponding
association."; association";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 1"; Algorithms Specification, Section 1";
} }
typedef refid { typedef refid {
type union { type union {
type inet:ipv4-address; type inet:ipv4-address;
type uint32; type uint32;
type string { type string {
length "4"; length "4";
} }
} }
description description
"A code identifying the particular server or reference "A code identifying the particular server or reference
clock. The interpretation depends upon stratum. It clock. The interpretation depends upon stratum. It
could be an IPv4 address or first 32 bits of the MD5 hash of could be an IPv4 address, the first 32 bits of the MD5 hash
the IPv6 address or a string for the Reference Identifier of the IPv6 address, or a string for the Reference Identifier
and KISS codes. Some examples: and kiss codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync -- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like -- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6 '203.0.113.1' and '0x4321FEDC' for IPv6
-- sync with primary source will look like 'DCN', 'NIST',
'ATOM' -- sync with a primary source will look like 'DCN', 'NIST',
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' 'ATOM'
Note that the use of MD5 hash for IPv6 address is not for
cryptographic purposes "; -- kiss codes will look like 'AUTH', 'DROP', or 'RATE'
Note that the use of an MD5 hash for IPv6 addresses is not
for cryptographic purposes.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
typedef ntp-date-and-time { typedef ntp-date-and-time {
type union { type union {
type yang:date-and-time; type yang:date-and-time;
type uint8; type uint8;
} }
description description
"Follows the date-and-time format when valid value exist, "Follows the date-and-time format when valid values exist.
otherwise allows for setting special value such as Otherwise, allows for setting a special value such as
zero."; zero.";
reference reference
"RFC 6991: Common YANG Data Types"; "RFC 6991: Common YANG Data Types";
} }
typedef log2seconds { typedef log2seconds {
type int8; type int8;
description description
"An 8-bit signed integer that represents signed log2 "An 8-bit signed integer that represents signed log2
seconds."; seconds.";
skipping to change at line 590 skipping to change at line 719
feature authentication { feature authentication {
description description
"Support for NTP symmetric key authentication"; "Support for NTP symmetric key authentication";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
feature deprecated { feature deprecated {
description description
"Support deprecated MD5-based authentication (RFC 8573) or "Support deprecated MD5-based authentication (RFC 8573),
SHA-1 or any other deprecated authentication mechanism. SHA-1, or any other deprecated authentication mechanism.
It is enabled to support legacy compatibility when secure It is enabled to support legacy compatibility when secure
cryptographic algorithms are not available to use. cryptographic algorithms are not available to use.
It is also used to configure keystrings in ASCII format."; It is also used to configure keystrings in ASCII format.";
reference reference
"RFC 1321: The MD5 Message-Digest Algorithm "RFC 1321: The MD5 Message-Digest Algorithm,
RFC 3174: US Secure Hash Algorithm 1 (SHA1) RFC 3174: US Secure Hash Algorithm 1 (SHA1),
FIPS 180-4: Secure Hash Standard (SHS)"; SHS: Secure Hash Standard (SHS) (FIPS PUB 180-4)";
} }
feature hex-key-string { feature hex-key-string {
description description
"Support hexadecimal key string."; "Support hexadecimal key string";
} }
feature access-rules { feature access-rules {
description description
"Support for NTP access control"; "Support for NTP access control";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2"; Algorithms Specification, Section 9.2";
} }
skipping to change at line 700 skipping to change at line 829
base unicast-configuration-type; base unicast-configuration-type;
description description
"Use symmetric active association mode where the peer "Use symmetric active association mode where the peer
address is configured."; address is configured.";
} }
/* association-modes */ /* association-modes */
identity association-mode { identity association-mode {
description description
"The NTP association modes."; "The NTP association modes";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3"; Algorithms Specification, Section 3";
} }
identity active { identity active {
base association-mode; base association-mode;
description description
"Use symmetric active association mode (mode 1). "Use symmetric active association mode (mode 1).
This device may synchronize with its NTP peer, This device may synchronize with its NTP peer
or provide synchronization to configured NTP peer."; or provide synchronization to a configured NTP peer.";
} }
identity passive { identity passive {
base association-mode; base association-mode;
description description
"Use symmetric passive association mode (mode 2). "Use symmetric passive association mode (mode 2).
This device has learned this association dynamically. This device has learned this association dynamically.
This device may synchronize with its NTP peer."; This device may synchronize with its NTP peer.";
} }
skipping to change at line 742 skipping to change at line 871
description description
"Use server association mode (mode 4). "Use server association mode (mode 4).
This device will provide synchronization to This device will provide synchronization to
NTP clients."; NTP clients.";
} }
identity broadcast-server { identity broadcast-server {
base association-mode; base association-mode;
description description
"Use broadcast server mode (mode 5). "Use broadcast server mode (mode 5).
This mode defines that its either working This mode defines that it's either working
as broadcast-server or multicast-server."; as a broadcast server or a multicast server.";
} }
identity broadcast-client { identity broadcast-client {
base association-mode; base association-mode;
description description
"This mode defines that its either working "This mode defines that it's either working
as broadcast-client (mode 6) or multicast-client."; as a broadcast client (mode 6) or a multicast client.";
} }
/* access-mode */ /* access-mode */
identity access-mode { identity access-mode {
if-feature "access-rules"; if-feature "access-rules";
description description
"This defines NTP access modes. These identify "This defines NTP access-modes. These identify
how the ACL is applied with NTP."; how the ACL is applied with NTP.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2"; Algorithms Specification, Section 9.2";
} }
identity peer-access-mode { identity peer-access-mode {
if-feature "access-rules"; if-feature "access-rules";
base access-mode; base access-mode;
description description
"Permit others to synchronize their time with this NTP "Permit others to synchronize their time with this NTP
entity or it can synchronize its time with others. or vice versa.
NTP control queries are also accepted. This enables NTP control queries are also accepted. This enables
full access authority."; full access authority.";
} }
identity server-access-mode { identity server-access-mode {
if-feature "access-rules"; if-feature "access-rules";
base access-mode; base access-mode;
description description
"Permit others to synchronize their time with this NTP "Permit others to synchronize their time with this NTP
entity, but vice versa is not supported. NTP control entity, but vice versa is not supported. NTP control
queries are accepted."; queries are accepted.";
} }
identity server-only-access-mode { identity server-only-access-mode {
if-feature "access-rules"; if-feature "access-rules";
base access-mode; base access-mode;
description description
"Permit others to synchronize their time with this NTP "Permit others to synchronize their time with this NTP
entity, but vice versa is not supported. NTP control entity, but vice versa is not supported. NTP control
queries are not accepted."; queries are not accepted.";
} }
identity query-only-access-mode { identity query-only-access-mode {
if-feature "access-rules"; if-feature "access-rules";
base access-mode; base access-mode;
description description
"Only control queries are accepted."; "Only control queries are accepted.";
} }
skipping to change at line 826 skipping to change at line 955
description description
"Indicates that the local clock has not been synchronized "Indicates that the local clock has not been synchronized
with any NTP server."; with any NTP server.";
} }
/* ntp-sync-state */ /* ntp-sync-state */
identity ntp-sync-state { identity ntp-sync-state {
description description
"This defines NTP clock sync state at a more granular "This defines NTP clock sync state at a more granular
level. Referred as 'Clock state definitions' in RFC 5905"; level. Referred to as 'Clock state definitions' in
RFC 5905.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Appendix A.1.1"; Algorithms Specification, Appendix A.1.1";
} }
identity clock-never-set { identity clock-never-set {
base ntp-sync-state; base ntp-sync-state;
description description
"Indicates the clock was never set."; "Indicates the clock was never set.";
} }
skipping to change at line 860 skipping to change at line 990
identity freq { identity freq {
base ntp-sync-state; base ntp-sync-state;
description description
"Indicates the frequency mode."; "Indicates the frequency mode.";
} }
identity clock-synchronized { identity clock-synchronized {
base ntp-sync-state; base ntp-sync-state;
description description
"Indicates that the clock is synchronized"; "Indicates that the clock is synchronized.";
} }
/* crypto-algorithm */ /* crypto-algorithm */
identity crypto-algorithm { identity crypto-algorithm {
description description
"Base identity of cryptographic algorithm options."; "Base identity of cryptographic algorithm options.";
} }
identity md5 { identity md5 {
if-feature "deprecated"; if-feature "deprecated";
base crypto-algorithm; base crypto-algorithm;
description description
"The MD5 algorithm. Note that RFC 8573 "The MD5 algorithm. Note that RFC 8573
deprecates the use of MD5-based authentication."; deprecates the use of MD5-based authentication.";
reference reference
"RFC 1321: The MD5 Message-Digest Algorithm"; "RFC 1321: The MD5 Message-Digest Algorithm";
} }
identity sha-1 { identity sha-1 {
if-feature "deprecated"; if-feature "deprecated";
base crypto-algorithm; base crypto-algorithm;
description description
"The SHA-1 algorithm."; "The SHA-1 algorithm";
reference reference
"RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; "RFC 3174: US Secure Hash Algorithm 1 (SHA1)";
} }
identity hmac-sha-1 { identity hmac-sha-1 {
if-feature "deprecated"; if-feature "deprecated";
base crypto-algorithm; base crypto-algorithm;
description description
"HMAC-SHA-1 authentication algorithm."; "HMAC-SHA-1 authentication algorithm";
reference reference
"FIPS 180-4: Secure Hash Standard (SHS)"; "SHS: Secure Hash Standard (SHS) (FIPS PUB 180-4)";
} }
identity hmac-sha1-12 { identity hmac-sha1-12 {
if-feature "deprecated"; if-feature "deprecated";
base crypto-algorithm; base crypto-algorithm;
description description
"The HMAC-SHA1-12 algorithm."; "The HMAC-SHA1-12 algorithm";
} }
identity hmac-sha-256 { identity hmac-sha-256 {
description description
"HMAC-SHA-256 authentication algorithm."; "HMAC-SHA-256 authentication algorithm";
reference reference
"FIPS 180-4: Secure Hash Standard (SHS)"; "SHS: Secure Hash Standard (SHS) (FIPS PUB 180-4)";
} }
identity hmac-sha-384 { identity hmac-sha-384 {
description description
"HMAC-SHA-384 authentication algorithm."; "HMAC-SHA-384 authentication algorithm";
reference reference
"FIPS 180-4: Secure Hash Standard (SHS)"; "SHS: Secure Hash Standard (SHS) (FIPS PUB 180-4)";
} }
identity hmac-sha-512 { identity hmac-sha-512 {
description description
"HMAC-SHA-512 authentication algorithm."; "HMAC-SHA-512 authentication algorithm";
reference reference
"FIPS 180-4: Secure Hash Standard (SHS)"; "SHS: Secure Hash Standard (SHS) (FIPS PUB 180-4)";
} }
identity aes-cmac { identity aes-cmac {
base crypto-algorithm; base crypto-algorithm;
description description
"The AES-CMAC algorithm - required by "The AES-CMAC algorithm -- required by
RFC 8573 for MAC for the NTP"; RFC 8573 for MAC for the NTP.";
reference reference
"RFC 4493: The AES-CMAC Algorithm "RFC 4493: The AES-CMAC Algorithm,
RFC 8573: Message Authentication Code for the Network RFC 8573: Message Authentication Code for the Network
Time Protocol"; Time Protocol";
} }
/* Groupings */ /* Groupings */
grouping key { grouping key {
description description
"The key."; "The key";
nacm:default-deny-all; nacm:default-deny-all;
choice key-string-style { choice key-string-style {
description description
"Key string styles"; "Key string styles";
case keystring { case keystring {
leaf keystring { leaf keystring {
if-feature "deprecated"; if-feature "deprecated";
type string; type string;
description description
"Key string in ASCII format."; "Key string in ASCII format";
} }
} }
case hexadecimal { case hexadecimal {
if-feature "hex-key-string"; if-feature "hex-key-string";
leaf hexadecimal-string { leaf hexadecimal-string {
type yang:hex-string; type yang:hex-string;
description description
"Key in hexadecimal string format. When compared "Key in hexadecimal string format. When compared
to ASCII, specification in hexadecimal affords to ASCII, specification in hexadecimal affords
greater key entropy with the same number of greater key entropy with the same number of
internal key-string octets. Additionally, it internal key-string octets. Additionally, it
discourages usage of well-known words or discourages use of well-known words or
numbers."; numbers.";
} }
} }
} }
} }
grouping authentication-key { grouping authentication-key {
description description
"To define an authentication key for a Network Time "To define an authentication key for an NTP
Protocol (NTP) time source."; time source.";
leaf key-id { leaf keyid {
type uint32 { type uint32 {
range "1..max"; range "1..max";
} }
description description
"Authentication key identifier."; "Authentication key identifier";
} }
leaf algorithm { leaf algorithm {
type identityref { type identityref {
base crypto-algorithm; base crypto-algorithm;
} }
description description
"Authentication algorithm. Note that RFC 8573 "Authentication algorithm. Note that RFC 8573
deprecates the use of MD5-based authentication deprecates the use of MD5-based authentication
and recommends AES-CMAC."; and recommends AES-CMAC.";
} }
container key { container key {
uses key; uses key;
description description
"The key. Note that RFC 8573 deprecates the use "The key. Note that RFC 8573 deprecates the use
of MD5-based authentication."; of MD5-based authentication.";
} }
leaf istrusted { leaf istrusted {
type boolean; type boolean;
description description
"Key-id is trusted or not"; "Keyid is trusted or not";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3 and 7.4"; Algorithms Specification, Sections 7.3 and 7.4";
} }
grouping authentication { grouping authentication {
description description
"Authentication."; "Authentication";
choice authentication-type { choice authentication-type {
description description
"Type of authentication."; "Type of authentication";
case symmetric-key { case symmetric-key {
leaf key-id { leaf keyid {
type leafref { type leafref {
path "/ntp:ntp/ntp:authentication/" path "/ntp:ntp/ntp:authentication/"
+ "ntp:authentication-keys/ntp:key-id"; + "ntp:authentication-keys/ntp:keyid";
} }
description description
"Authentication key id referenced in this "Authentication key id referenced in this
association."; association.";
} }
} }
} }
} }
grouping statistics { grouping statistics {
description description
"NTP packet statistic."; "NTP packet statistic";
leaf discontinuity-time { leaf discontinuity-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"The time on the most recent occasion at which any one or "The time on the most recent occasion at which any one or
more of this NTP counters suffered a discontinuity. If more of these NTP counters suffered a discontinuity. If
no such discontinuities have occurred, then this node no such discontinuities have occurred, then this node
contains the time the NTP association was contains the time the NTP association was
(re-)initialized."; (re-)initialized.";
} }
leaf packet-sent { leaf packet-sent {
type yang:counter32; type yang:counter32;
description description
"The total number of NTP packets delivered to the "The total number of NTP packets delivered to the
transport service by this NTP entity for this transport service by this NTP entity for this
association. association.
Discontinuities in the value of this counter can occur Discontinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start, reinitialization of the NTP entity or the
management system and at other times."; management system, and at other times.";
} }
leaf packet-sent-fail { leaf packet-sent-fail {
type yang:counter32; type yang:counter32;
description description
"The number of times NTP packets sending failed."; "The number of times NTP packet sending failed.";
} }
leaf packet-received { leaf packet-received {
type yang:counter32; type yang:counter32;
description description
"The total number of NTP packets delivered to the "The total number of NTP packets delivered to the
NTP entity from this association. NTP entity from this association.
Discontinuities in the value of this counter can occur Discontinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start, reinitialization of the NTP entity or the
management system and at other times."; management system, and at other times.";
} }
leaf packet-dropped { leaf packet-dropped {
type yang:counter32; type yang:counter32;
description description
"The total number of NTP packets that were delivered "The total number of NTP packets that were delivered
to this NTP entity from this association and this entity to this NTP entity from this association and that this
was not able to process due to an NTP protocol error. entity was not able to process due to an NTP error.
Discontinuities in the value of this counter can occur Discontinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start, reinitialization of the NTP entity or the
management system and at other times."; management system, and at other times.";
} }
} }
grouping common-attributes { grouping common-attributes {
description description
"NTP common attributes for configuration."; "NTP common attributes for configuration";
leaf minpoll { leaf minpoll {
type log2seconds; type log2seconds;
default "6"; default "6";
description description
"The minimum poll interval used in this association."; "The minimum poll interval used in this association";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2"; Algorithms Specification, Section 7.2";
} }
leaf maxpoll { leaf maxpoll {
type log2seconds; type log2seconds;
default "10"; default "10";
description description
"The maximum poll interval used in this association."; "The maximum poll interval used in this association";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2"; Algorithms Specification, Section 7.2";
} }
leaf port { leaf port {
if-feature "ntp-port"; if-feature "ntp-port";
type inet:port-number { type inet:port-number {
range "123 | 1024..max"; range "123 | 1024..max";
} }
default "123"; default "123";
description description
"Specify the port used to send NTP packets."; "Specify the port used to send NTP packets.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2"; Algorithms Specification, Section 7.2";
} }
leaf version { leaf version {
type ntp-version; type ntp-version;
description description
"NTP version."; "NTP version";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification"; Algorithms Specification";
} }
grouping association-ref { grouping association-ref {
description description
"Reference to NTP association mode"; "Reference to NTP association mode";
leaf associations-address { leaf associations-address {
type leafref { type leafref {
path "/ntp:ntp/ntp:associations/ntp:association" path "/ntp:ntp/ntp:associations/ntp:association"
+ "/ntp:address"; + "/ntp:address";
} }
description description
"Indicates the association's address "Indicates the association's address
which result in clock synchronization."; that results in clock synchronization.";
} }
leaf associations-local-mode { leaf associations-local-mode {
type leafref { type leafref {
path "/ntp:ntp/ntp:associations/ntp:association" path "/ntp:ntp/ntp:associations/ntp:association"
+ "/ntp:local-mode"; + "/ntp:local-mode";
} }
description description
"Indicates the association's local-mode "Indicates the association's local-mode
which result in clock synchronization."; that results in clock synchronization.";
} }
leaf associations-isconfigured { leaf associations-isconfigured {
type leafref { type leafref {
path "/ntp:ntp/ntp:associations/ntp:association/" path "/ntp:ntp/ntp:associations/ntp:association/"
+ "ntp:isconfigured"; + "ntp:isconfigured";
} }
description description
"Indicates if the association (that resulted in the "Indicates if the association (that resulted in the
clock synchronization) is explicitly configured."; clock synchronization) is explicitly configured.";
} }
skipping to change at line 1158 skipping to change at line 1288
container ntp { container ntp {
when 'false() = boolean(/sys:system/sys:ntp)' { when 'false() = boolean(/sys:system/sys:ntp)' {
description description
"Applicable when the system /sys/ntp/ is not used."; "Applicable when the system /sys/ntp/ is not used.";
} }
presence "NTP is enabled and system should attempt to presence "NTP is enabled and system should attempt to
synchronize the system clock with an NTP server synchronize the system clock with an NTP server
from the 'ntp/associations' list."; from the 'ntp/associations' list.";
description description
"Configuration parameters for NTP."; "Configuration parameters for NTP";
leaf port { leaf port {
if-feature "ntp-port"; if-feature "ntp-port";
type inet:port-number { type inet:port-number {
range "123 | 1024..max"; range "123 | 1024..max";
} }
default "123"; default "123";
description description
"Specify the port used to send and receive NTP packets."; "Specify the port used to send and receive NTP packets.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
skipping to change at line 1186 skipping to change at line 1316
type ntp-stratum; type ntp-stratum;
default "16"; default "16";
description description
"Stratum level from which NTP clients get their time "Stratum level from which NTP clients get their time
synchronized."; synchronized.";
} }
} }
container authentication { container authentication {
if-feature "authentication"; if-feature "authentication";
description description
"Configuration of authentication."; "Configuration of authentication";
leaf auth-enabled { leaf auth-enabled {
type boolean; type boolean;
default "false"; default "false";
description description
"Controls whether NTP authentication is enabled "Controls whether NTP authentication is enabled
or disabled on this device."; or disabled on this device.";
} }
list authentication-keys { list authentication-keys {
key "key-id"; key "keyid";
uses authentication-key; uses authentication-key;
description description
"List of authentication keys."; "List of authentication keys";
} }
} }
container access-rules { container access-rules {
if-feature "access-rules"; if-feature "access-rules";
description description
"Configuration to control access to NTP service "Configuration to control access to NTP service
by using NTP access-group feature. by using the NTP access-group feature.
The access-mode identifies how the ACL is The access-mode identifies how the ACL is
applied with NTP."; applied with NTP.";
list access-rule { list access-rule {
key "access-mode"; key "access-mode";
description description
"List of access rules."; "List of access rules";
leaf access-mode { leaf access-mode {
type identityref { type identityref {
base access-mode; base access-mode;
} }
description description
"The NTP access mode. Some of the possible value "The NTP access-mode. Some of the possible values
includes peer, server, synchronization, query include peer, server, synchronization, query,
etc."; etc.";
} }
leaf acl { leaf acl {
type leafref { type leafref {
path "/acl:acls/acl:acl/acl:name"; path "/acl:acls/acl:acl/acl:name";
} }
description description
"Control access configuration to be used."; "Control access configuration to be used.";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2"; Algorithms Specification, Section 9.2";
} }
} }
container clock-state { container clock-state {
config false; config false;
description description
"Clock operational state of the NTP."; "Clock operational state of the NTP";
container system-status { container system-status {
description description
"System status of NTP."; "System status of NTP";
leaf clock-state { leaf clock-state {
type identityref { type identityref {
base clock-state; base clock-state;
} }
mandatory true; mandatory true;
description description
"The state of system clock. Some of the possible value "The state of the system clock. Some of the possible
includes synchronized and unsynchronized"; values include synchronized and unsynchronized.";
} }
leaf clock-stratum { leaf clock-stratum {
type ntp-stratum; type ntp-stratum;
mandatory true; mandatory true;
description description
"The NTP entity's own stratum value. Should be one greater "The NTP entity's own stratum value. Should be one
than preceeding level. 16 if unsyncronized."; greater than the preceding level.
16 if unsynchronized.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3"; Algorithms Specification, Section 3";
} }
leaf clock-refid { leaf clock-refid {
type refid; type refid;
mandatory true; mandatory true;
description description
"A code identifying the particular server or reference "A code identifying the particular server or reference
clock. The interpretation depends upon stratum. It clock. The interpretation depends upon stratum. It
could be an IPv4 address or first 32 bits of the MD5 hash could be an IPv4 address, the first 32 bits of the MD5
of the IPv6 address or a string for the Reference hash of the IPv6 address, or a string for the Reference
Identifier and KISS codes. Some examples: Identifier and kiss codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync -- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6 -- uni/multi/broadcast associations for IPv4 will look
-- sync with primary source will look like 'DCN', 'NIST', like '203.0.113.1' and '0x4321FEDC' for IPv6
'ATOM'
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' -- sync with primary source will look like 'DCN',
Note that the use of MD5 hash for IPv6 address is not for 'NIST', 'ATOM'
cryptographic purposes ";
-- kiss codes will look like 'AUTH', 'DROP', 'RATE'
Note that the use of MD5 hash for IPv6 address is not
for cryptographic purposes.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
uses association-ref { uses association-ref {
description description
"Reference to Association."; "Reference to association";
} }
leaf nominal-freq { leaf nominal-freq {
type decimal64 { type decimal64 {
fraction-digits 4; fraction-digits 4;
} }
units "Hz"; units "Hz";
mandatory true; mandatory true;
description description
"The nominal frequency of the local clock. An ideal "The nominal frequency of the local clock. An ideal
frequency with zero uncertainty."; frequency with zero uncertainty.";
} }
leaf actual-freq { leaf actual-freq {
type decimal64 { type decimal64 {
fraction-digits 4; fraction-digits 4;
} }
units "Hz"; units "Hz";
mandatory true; mandatory true;
description description
"The actual frequency of the local clock."; "The actual frequency of the local clock";
} }
leaf clock-precision { leaf clock-precision {
type log2seconds; type log2seconds;
mandatory true; mandatory true;
description description
"Clock precision of this system in signed integer format, "Clock precision of this system in signed integer format,
in log 2 seconds - (prec=2^(-n)). A value of 5 would in log 2 seconds - (prec=2^(-n)). A value of 5 would
mean 2^-5 = 0.03125 seconds = 31.25 ms."; mean 2^-5 = 0.03125 seconds = 31.25 ms.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
leaf clock-offset { leaf clock-offset {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"The signed time offset to the current selected reference "The signed time offset to the current selected reference
time source e.g., '0.032ms' or '1.232ms'. The negative time source, e.g., '0.032ms' or '1.232ms'. The negative
value Indicates that the local clock is behind the value indicates that the local clock is behind the
current selected reference time source."; current selected reference time source.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.1"; Algorithms Specification, Section 9.1";
} }
leaf root-delay { leaf root-delay {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"Total delay along the path to root clock."; "Total delay along the path to the root clock";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 4 and 7.3"; Algorithms Specification, Sections 4 and 7.3";
} }
leaf root-dispersion { leaf root-dispersion {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"The dispersion between the local clock "The dispersion to the local clock
and the root clock, e.g., '6.927ms'."; and the root clock, e.g., '6.927ms'.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 4, 7.3 and 10."; Algorithms Specification, Sections 4, 7.3, and 10";
} }
leaf reference-time { leaf reference-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"The reference timestamp. Time when the system clock was "The reference timestamp. Time when the system clock was
last set or corrected"; last set or corrected.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
leaf sync-state { leaf sync-state {
type identityref { type identityref {
base ntp-sync-state; base ntp-sync-state;
} }
mandatory true; mandatory true;
description description
"The synchronization status of the local clock. Referred to "The synchronization status of the local clock. Referred
as 'Clock state definitions' in RFC 5905"; to as 'Clock state definitions' in RFC 5905.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Appendix A.1.1"; Algorithms Specification, Appendix A.1.1";
} }
} }
} }
list unicast-configuration { list unicast-configuration {
if-feature "unicast-configuration"; if-feature "unicast-configuration";
key "address type"; key "address type";
description description
"List of NTP unicast-configurations."; "List of NTP unicast-configurations";
leaf address { leaf address {
type inet:ip-address; type inet:ip-address;
description description
"Address of this association."; "Address of this association";
} }
leaf type { leaf type {
type identityref { type identityref {
base unicast-configuration-type; base unicast-configuration-type;
} }
description description
"The unicast configuration type, for example "The unicast configuration type, for example,
unicast-server"; unicast-server";
} }
container authentication { container authentication {
if-feature "authentication"; if-feature "authentication";
description description
"Authentication used for this association."; "Authentication used for this association";
uses authentication; uses authentication;
} }
leaf prefer { leaf prefer {
type boolean; type boolean;
default "false"; default "false";
description description
"Whether this association is preferred or not."; "Whether or not this association is preferred";
} }
leaf burst { leaf burst {
type boolean; type boolean;
default "false"; default "false";
description description
"If set, a series of packets are sent instead of a single "If set, a series of packets are sent instead of a single
packet within each synchronization interval to achieve packet within each synchronization interval to achieve
faster synchronization."; faster synchronization.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 13.1"; and Algorithms Specification, Section 13.1";
} }
leaf iburst { leaf iburst {
type boolean; type boolean;
default "false"; default "false";
description description
"If set, a series of packets are sent instead of a single "If set, a series of packets are sent instead of a single
packet within the initial synchronization interval to packet within the initial synchronization interval to
achieve faster initial synchronization."; achieve faster initial synchronization.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 13.1"; and Algorithms Specification, Section 13.1";
} }
leaf source { leaf source {
type if:interface-ref; type if:interface-ref;
description description
"The interface whose IP address is used by this association "The interface whose IP address is used by this association
as the source address."; as the source address.";
} }
uses common-attributes { uses common-attributes {
description description
"Common attributes like port, version, min and max "Common attributes like port, version, and min and max
poll."; poll.";
} }
} }
container associations { container associations {
description description
"Association parameters"; "Association parameters";
list association { list association {
key "address local-mode isconfigured"; key "address local-mode isconfigured";
config false; config false;
description description
"List of NTP associations. Here address, local-mode "List of NTP associations. Here address, local-mode,
and isconfigured are required to uniquely identify and isconfigured are required to uniquely identify
a particular association. Lets take following examples - a particular association. Let's take the following
examples:
1) If RT1 acting as broadcast server, 1) If RT1 is acting as broadcast server
and RT2 acting as broadcast client, then RT2 and RT2 is acting as broadcast client, then RT2
will form dynamic association with address as RT1, will form a dynamic association with the address as
local-mode as client and isconfigured as false. RT1, local-mode as client, and isconfigured as false.
2) When RT2 is configured 2) When RT2 is configured with unicast server RT1,
with unicast-server RT1, then RT2 will form then RT2 will form an association with the address as
association with address as RT1, local-mode as client RT1, local-mode as client, and isconfigured as true.
and isconfigured as true.
Thus all 3 leaves are needed as key to unique identify Thus, all three leaves are needed as key to uniquely
the association."; identify the association.";
leaf address { leaf address {
type inet:ip-address; type inet:ip-address;
description description
"The remote address of this association. Represents the "The remote address of this association. Represents the
IP address of a unicast/multicast/broadcast address."; IP address of a unicast/multicast/broadcast address.";
} }
leaf local-mode { leaf local-mode {
type identityref { type identityref {
base association-mode; base association-mode;
} }
description description
"Local mode of this NTP association."; "Local-mode of this NTP association";
} }
leaf isconfigured { leaf isconfigured {
type boolean; type boolean;
description description
"Indicates if this association is configured (true) or "Indicates if this association is configured (true) or
dynamically learned (false)."; dynamically learned (false).";
} }
leaf stratum { leaf stratum {
type ntp-stratum; type ntp-stratum;
description description
"The association stratum value."; "The association stratum value";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3"; Algorithms Specification, Section 3";
} }
leaf refid { leaf refid {
type refid; type refid;
description description
"A code identifying the particular server or reference "A code identifying the particular server or reference
clock. The interpretation depends upon stratum. It clock. The interpretation depends upon stratum. It
could be an IPv4 address or first 32 bits of the MD5 hash of could be an IPv4 address or first 32 bits of the MD5
the IPv6 address or a string for the Reference Identifier hash of the IPv6 address or a string for the Reference
and KISS codes. Some examples: Identifier and kiss codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync -- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6 -- uni/multi/broadcast associations for IPv4 will look
-- sync with primary source will look like 'DCN', 'NIST', like '203.0.113.1' and '0x4321FEDC' for IPv6
'ATOM'
-- KISS codes will look like 'AUTH', 'DROP', 'RATE' -- sync with primary source will look like 'DCN',
Note that the use of MD5 hash for IPv6 address is not for 'NIST', or 'ATOM'
cryptographic purposes";
-- kiss codes will look like 'AUTH', 'DROP', or 'RATE'
Note that the use of an MD5 hash for IPv6 address is
not for cryptographic purposes.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
leaf authentication { leaf authentication {
if-feature "authentication"; if-feature "authentication";
type leafref { type leafref {
path "/ntp:ntp/ntp:authentication/" path "/ntp:ntp/ntp:authentication/"
+ "ntp:authentication-keys/ntp:key-id"; + "ntp:authentication-keys/ntp:keyid";
} }
description description
"Authentication Key used for this association."; "Authentication key used for this association";
} }
leaf prefer { leaf prefer {
type boolean; type boolean;
default "false"; default "false";
description description
"Indicates if this association is preferred."; "Indicates if this association is preferred";
} }
leaf peer-interface { leaf peer-interface {
type if:interface-ref; type if:interface-ref;
description description
"The interface which is used for communication."; "The interface that is used for communication";
} }
uses common-attributes { uses common-attributes {
description description
"Common attributes like port, version, min and "Common attributes like port, version, and min and
max poll."; max poll";
} }
leaf reach { leaf reach {
type uint8; type uint8;
description description
"It is an 8-bit shift register that tracks packet "An 8-bit shift register that tracks packet
generation and receipt. It is used to determine generation and receipt. It is used to determine
whether the server is reachable and the data are whether the server is reachable and the data are
fresh."; fresh.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2 and 13"; Algorithms Specification, Sections 9.2 and 13";
} }
leaf unreach { leaf unreach {
type uint8; type uint8;
units "seconds"; units "seconds";
description description
"It is a count of how long in second the server has been "A count of how long in second the server has been
unreachable i.e. the reach value has been zero."; unreachable, i.e., the reach value has been zero.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2 and 13"; Algorithms Specification, Sections 9.2 and 13";
} }
leaf poll { leaf poll {
type log2seconds; type log2seconds;
description description
"The polling interval for current association in signed "The polling interval for current association in signed
log2 seconds."; log2 seconds.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3"; Algorithms Specification, Section 7.3";
} }
skipping to change at line 1577 skipping to change at line 1718
"The time since the last NTP packet was "The time since the last NTP packet was
received or last synchronized."; received or last synchronized.";
} }
leaf offset { leaf offset {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"The signed offset between the local clock "The signed offset between the local clock
and the peer clock, e.g., '0.032ms' or '1.232ms'. The and the peer clock, e.g., '0.032ms' or '1.232ms'. The
negative value Indicates that the local clock is behind negative value indicates that the local clock is behind
the peer."; the peer.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8"; Algorithms Specification, Section 8";
} }
leaf delay { leaf delay {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"The network delay between the local clock "The network delay between the local clock
and the peer clock."; and the peer clock";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8"; Algorithms Specification, Section 8";
} }
leaf dispersion { leaf dispersion {
type decimal64 { type decimal64 {
fraction-digits 3; fraction-digits 3;
} }
units "milliseconds"; units "milliseconds";
description description
"The root dispersion between the local clock "The root dispersion between the local clock
and the peer clock."; and the peer clock.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 10"; Algorithms Specification, Section 10";
} }
leaf originate-time { leaf originate-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"This is the local time, in timestamp format, "This is the local time, in timestamp format,
when latest NTP packet was sent to peer (called T1)."; when the latest NTP packet was sent to the peer
(called T1).";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8"; Algorithms Specification, Section 8";
} }
leaf receive-time { leaf receive-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"This is the local time, in timestamp format, "This is the local time, in timestamp format,
when latest NTP packet arrived at peer (called T2). when the latest NTP packet arrived at the peer
If the peer becomes unreachable the value is set to zero."; (called T2). If the peer becomes unreachable,
the value is set to zero.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 8"; and Algorithms Specification, Section 8";
} }
leaf transmit-time { leaf transmit-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"This is the local time, in timestamp format, "This is the local time, in timestamp format,
at which the NTP packet departed the peer (called T3). at which the NTP packet departed the peer
If the peer becomes unreachable the value is set to zero."; (called T3). If the peer becomes unreachable,
the value is set to zero.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 8"; and Algorithms Specification, Section 8";
} }
leaf input-time { leaf input-time {
type ntp-date-and-time; type ntp-date-and-time;
description description
"This is the local time, in timestamp format, "This is the local time, in timestamp format,
when the latest NTP message from the peer arrived (called when the latest NTP message from the peer arrived
T4). If the peer becomes unreachable the value is set to (called T4). If the peer becomes unreachable,
zero."; value is set to zero.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 8"; and Algorithms Specification, Section 8";
} }
container ntp-statistics { container ntp-statistics {
description description
"Per Peer packet send and receive statistics."; "Per peer packet send and receive statistics";
uses statistics { uses statistics {
description description
"NTP send and receive packet statistics."; "NTP send and receive packet statistics";
} }
} }
} }
} }
container interfaces { container interfaces {
description description
"Configuration parameters for NTP interfaces."; "Configuration parameters for NTP interfaces";
list interface { list interface {
key "name"; key "name";
description description
"List of interfaces."; "List of interfaces";
leaf name { leaf name {
type if:interface-ref; type if:interface-ref;
description description
"The interface name."; "The interface name";
} }
container broadcast-server { container broadcast-server {
if-feature "broadcast-server"; if-feature "broadcast-server";
presence "NTP broadcast-server is configured on this presence "NTP broadcast-server is configured on this
interface"; interface.";
description description
"Configuration of broadcast server."; "Configuration of broadcast server";
leaf ttl { leaf ttl {
type uint8; type uint8;
description description
"Specifies the time to live (TTL) for a "Specifies the time to live (TTL) for a
broadcast packet."; broadcast packet";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
container authentication { container authentication {
if-feature "authentication"; if-feature "authentication";
description description
"Authentication used on this interface."; "Authentication used on this interface";
uses authentication; uses authentication;
} }
uses common-attributes { uses common-attributes {
description description
"Common attributes such as port, version, min and "Common attributes such as port, version, and min and
max poll."; max poll";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
container broadcast-client { container broadcast-client {
if-feature "broadcast-client"; if-feature "broadcast-client";
presence "NTP broadcast-client is configured on this presence "NTP broadcast-client is configured on this
interface."; interface.";
description description
"Configuration of broadcast-client."; "Configuration of broadcast client";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
list multicast-server { list multicast-server {
if-feature "multicast-server"; if-feature "multicast-server";
key "address"; key "address";
description description
"Configuration of multicast server."; "Configuration of multicast server";
leaf address { leaf address {
type rt-types:ip-multicast-group-address; type rt-types:ip-multicast-group-address;
description description
"The IP address to send NTP multicast packets."; "The IP address to send NTP multicast packets";
} }
leaf ttl { leaf ttl {
type uint8; type uint8;
description description
"Specifies the time to live (TTL) for a "Specifies the TTL for a multicast packet";
multicast packet.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
container authentication { container authentication {
if-feature "authentication"; if-feature "authentication";
description description
"Authentication used on this interface."; "Authentication used on this interface";
uses authentication; uses authentication;
} }
uses common-attributes { uses common-attributes {
description description
"Common attributes such as port, version, min and "Common attributes such as port, version, and min and
max poll."; max poll";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
list multicast-client { list multicast-client {
if-feature "multicast-client"; if-feature "multicast-client";
key "address"; key "address";
description description
"Configuration of multicast-client."; "Configuration of a multicast client";
leaf address { leaf address {
type rt-types:ip-multicast-group-address; type rt-types:ip-multicast-group-address;
description description
"The IP address of the multicast group to "The IP address of the multicast group to
join."; join";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
list manycast-server { list manycast-server {
if-feature "manycast-server"; if-feature "manycast-server";
key "address"; key "address";
description description
"Configuration of manycast server."; "Configuration of a manycast server";
leaf address { leaf address {
type rt-types:ip-multicast-group-address; type rt-types:ip-multicast-group-address;
description description
"The multicast group IP address to receive "The multicast group IP address to receive
manycast client messages."; manycast client messages.";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
list manycast-client { list manycast-client {
if-feature "manycast-client"; if-feature "manycast-client";
key "address"; key "address";
description description
"Configuration of manycast-client."; "Configuration of manycast-client";
leaf address { leaf address {
type rt-types:ip-multicast-group-address; type rt-types:ip-multicast-group-address;
description description
"The group IP address that the manycast client "The group IP address that the manycast client
broadcasts the request message to."; broadcasts the request message to";
} }
container authentication { container authentication {
if-feature "authentication"; if-feature "authentication";
description description
"Authentication used on this interface."; "Authentication used on this interface";
uses authentication; uses authentication;
} }
leaf ttl { leaf ttl {
type uint8; type uint8;
description description
"Specifies the maximum time to live (TTL) for "Specifies the maximum TTL for the expanding
the expanding ring search."; ring search";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
leaf minclock { leaf minclock {
type uint8; type uint8;
description description
"The minimum manycast survivors in this "The minimum manycast survivors in this
association."; association";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 13.2"; and Algorithms Specification, Section 13.2";
} }
leaf maxclock { leaf maxclock {
type uint8; type uint8;
description description
"The maximum manycast candidates in this "The maximum manycast candidates in this
association."; association";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 13.2"; and Algorithms Specification, Section 13.2";
} }
leaf beacon { leaf beacon {
type log2seconds; type log2seconds;
description description
"The beacon is the upper limit of poll interval. When the "The beacon is the upper limit of the poll interval.
ttl reaches its limit without finding the minimum number When the TTL reaches its limit without finding the
of manycast servers, the poll interval increases until minimum number of manycast servers, the poll interval
reaching the beacon value, when it starts over from the increases until reaching the beacon value, when it
beginning."; starts over from the beginning.";
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 13.2"; and Algorithms Specification, Section 13.2";
} }
uses common-attributes { uses common-attributes {
description description
"Common attributes like port, version, min and "Common attributes like port, version, and min and
max poll."; max poll";
} }
reference reference
"RFC 5905: Network Time Protocol Version 4: Protocol and "RFC 5905: Network Time Protocol Version 4: Protocol
Algorithms Specification, Section 3.1"; and Algorithms Specification, Section 3.1";
} }
} }
} }
container ntp-statistics { container ntp-statistics {
config false; config false;
description description
"Total NTP packet statistics."; "Total NTP packet statistics";
uses statistics { uses statistics {
description description
"NTP send and receive packet statistics."; "NTP send and receive packet statistics";
} }
} }
} }
rpc statistics-reset { rpc statistics-reset {
description description
"Reset statistics collected."; "Reset statistics collected.";
input { input {
choice association-or-all { choice association-or-all {
description description
"Resets statistics for a particular association or "Resets statistics for a particular association or
all"; all.";
case association { case association {
uses association-ref; uses association-ref;
description description
"This resets all the statistics collected for "This resets all the statistics collected for
the association."; the association.";
} }
case all { case all {
description description
"This resets all the statistics collected."; "This resets all the statistics collected.";
} }
} }
} }
} }
} }
]]></sourcecode>
<CODE ENDS>]]></artwork>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<section title="Usage Example"> <name>Usage Example</name>
<t>This section include examples for illustration purposes.</t> <t>This section include examples for illustration purposes.</t>
<t>Note: '\' line wrapping per <xref target="RFC8792"/>.</t> <t>Note: '\' indicates line wrapping per <xref target="RFC8792" format="de
<section title="Unicast association"> fault"/>.</t>
<section numbered="true" toc="default">
<name>Unicast Association</name>
<t>This example describes how to configure a preferred unicast server pr esent at 192.0.2.1 running at port 1025 with authentication-key 10 and version 4 (default).</t> <t>This example describes how to configure a preferred unicast server pr esent at 192.0.2.1 running at port 1025 with authentication-key 10 and version 4 (default).</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<unicast-configuration> <unicast-configuration>
<address>192.0.2.1</address> <address>192.0.2.1</address>
<type>uc-server</type> <type>uc-server</type>
<prefer>true</prefer> <prefer>true</prefer>
<port>1025</port> <port>1025</port>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
</unicast-configuration> </unicast-configuration>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">An example with IPv6 would use an IPv6 address (s
<t>An example with IPv6 would use an IPv6 address (say 2001:db8::1) in t ay 2001:db8::1) in the "address" leaf with no change in any other data tree.</t>
he "address" leaf with no change in any other data tree.</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<unicast-configuration> <unicast-configuration>
<address>2001:db8::1</address> <address>2001:db8::1</address>
<type>uc-server</type> <type>uc-server</type>
<prefer>true</prefer> <prefer>true</prefer>
<port>1025</port> <port>1025</port>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
</unicast-configuration> </unicast-configuration>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t>This example is for retrieving unicast configurations: </t>
<sourcecode type="xml"><![CDATA[
<t>This example is for retrieving unicast configurations - </t>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<unicast-configuration> <unicast-configuration>
</unicast-configuration> </unicast-configuration>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<unicast-configuration> <unicast-configuration>
<address>192.0.2.1</address> <address>192.0.2.1</address>
<type>uc-server</type> <type>uc-server</type>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
<prefer>true</prefer> <prefer>true</prefer>
<burst>false</burst> <burst>false</burst>
<iburst>true</iburst> <iburst>true</iburst>
<source/> <source/>
<minpoll>6</minpoll> <minpoll>6</minpoll>
<maxpoll>10</maxpoll> <maxpoll>10</maxpoll>
<port>1025</port> <port>1025</port>
<stratum>9</stratum> <stratum>9</stratum>
skipping to change at line 1989 skipping to change at line 2126
</input-time> </input-time>
<ntp-statistics> <ntp-statistics>
<packet-sent>20</packet-sent> <packet-sent>20</packet-sent>
<packet-sent-fail>0</packet-sent-fail> <packet-sent-fail>0</packet-sent-fail>
<packet-received>20</packet-received> <packet-received>20</packet-received>
<packet-dropped>0</packet-dropped> <packet-dropped>0</packet-dropped>
</ntp-statistics> </ntp-statistics>
</unicast-configuration> </unicast-configuration>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<section title="Refclock master"> <name>Refclock Master</name>
<t>This example describes how to configure reference clock with stratum <t>This example describes how to configure reference clock with stratum
8 - </t> 8:</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<refclock-master> <refclock-master>
<master-stratum>8</master-stratum> <master-stratum>8</master-stratum>
</refclock-master> </refclock-master>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">This example describes how to get reference clock configu
ration: </t>
<t>This example describes how to get reference clock configuration - </t <sourcecode type="xml"><![CDATA[
>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<refclock-master> <refclock-master>
</refclock-master> </refclock-master>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<refclock-master> <refclock-master>
<master-stratum>8</master-stratum> <master-stratum>8</master-stratum>
</refclock-master> </refclock-master>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<name>Authentication Configuration</name>
<t>This example describes how to enable authentication and configure tru
sted authentication key 10 with mode as AES-CMAC and a hexadecimal string key:</
t>
<section title="Authentication configuration"> <sourcecode type="xml"><![CDATA[
<t>This example describes how to enable authentication and configure tru
sted authentication key 10 with mode as AES-CMAC and an hexadecimal string key -
</t>
<t><figure align="center">
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<authentication> <authentication>
<auth-enabled>true</auth-enabled> <auth-enabled>true</auth-enabled>
<authentication-keys> <authentication-keys>
<key-id>10</key-id> <keyid>10</keyid>
<algorithm>aes-cmac</algorithm> <algorithm>aes-cmac</algorithm>
<key> <key>
<hexadecimal-string> <hexadecimal-string>
bb1d6929e95937287fa37d129b756746 bb1d6929e95937287fa37d129b756746
</hexadecimal-string> </hexadecimal-string>
</key> </key>
<istrusted>true</istrusted> <istrusted>true</istrusted>
</authentication-keys> </authentication-keys>
</authentication> </authentication>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t>
<!--
<t>This example describes how to get authentication related configuratio
n - </t>
<t><figure align="center">
<artwork><![CDATA[
<get>
<filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<authentication>
</authentication>
</ntp>
</filter>
</get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<authentication>
<auth-enabled>false</auth-enabled>
<trusted-keys/>
<authentication-keys>
<key-id>10</key-id>
<algorithm>aes-cmac</algorithm>
<key>
<hexadecimal-string>
bb1d6929e95937287fa37d129b756746
</hexadecimal-string>
</key>
<istrusted>true</istrusted>
</authentication-keys>
</authentication>
</ntp>
</data>
]]></artwork>
</figure></t>
-->
</section> </section>
<section numbered="true" toc="default">
<name>Access Configuration</name>
<t>This example describes how to configure "peer-access-mode" associated
with ACL 2000:</t>
<section title="Access configuration"> <sourcecode type="xml"><![CDATA[
<t>This example describes how to configure access mode "peer" associated
with ACL 2000 - </t>
<t><figure align="center">
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<access-rules> <access-rules>
<access-rule> <access-rule>
<access-mode>peer-access-mode</access-mode> <access-mode>peer-access-mode</access-mode>
<acl>2000</acl> <acl>2000</acl>
</access-rule> </access-rule>
</access-rules> </access-rules>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t>This example describes how to get access-related configuration:</t>
<t>This example describes how to get access related configuration - </t> <sourcecode type="xml"><![CDATA[
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<access-rules> <access-rules>
</access-rules> </access-rules>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<access-rules> <access-rules>
<access-rule> <access-rule>
<access-mode>peer-access-mode</access-mode> <access-mode>peer-access-mode</access-mode>
<acl>2000</acl> <acl>2000</acl>
</access-rule> </access-rule>
</access-rules> </access-rules>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<section title="Multicast configuration"> <name>Multicast Configuration</name>
<t>This example describes how to configure multicast-server with address <t>This example describes how to configure a multicast server with an ad
as "224.0.1.1", port as 1025, and version as 3 and authentication keyid as 10 - dress of "224.0.1.1", port of 1025, version of 3, and authentication keyid of 10
</t> .</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<multicast-server> <multicast-server>
<address>224.0.1.1</address> <address>224.0.1.1</address>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
<port>1025</port> <port>1025</port>
<version>3</version> <version>3</version>
</multicast-server> </multicast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">This example describes how to get multicast-serve
r-related configuration:</t>
<t>This example describes how to get multicast-server related configurat <sourcecode type="xml"><![CDATA[
ion - </t>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<multicast-server> <multicast-server>
</multicast-server> </multicast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
skipping to change at line 2204 skipping to change at line 2294
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<multicast-server> <multicast-server>
<address>224.0.1.1</address> <address>224.0.1.1</address>
<ttl>8</ttl> <ttl>8</ttl>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
<minpoll>6</minpoll> <minpoll>6</minpoll>
<maxpoll>10</maxpoll> <maxpoll>10</maxpoll>
<port>1025</port> <port>1025</port>
<version>3</version> <version>3</version>
</multicast-server> </multicast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">This example describes how to configure a multicas
t client with an address of "224.0.1.1":</t>
<t>This example describes how to configure multicast-client with address <sourcecode type="xml"><![CDATA[
as "224.0.1.1" - </t>
<t><figure align="center">
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<multicast-client> <multicast-client>
<address>224.0.1.1</address> <address>224.0.1.1</address>
</multicast-client> </multicast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t>This example describes how to get multicast-client-related configurati
on:</t>
<t>This example describes how to get multicast-client related configurat <sourcecode type="xml"><![CDATA[
ion - </t>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<multicast-client> <multicast-client>
</multicast-client> </multicast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
skipping to change at line 2270 skipping to change at line 2354
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<multicast-client> <multicast-client>
<address>224.0.1.1</address> <address>224.0.1.1</address>
</multicast-client> </multicast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<name>Manycast Configuration</name>
<t>This example describes how to configure a manycast-client with an add
ress of "224.0.1.1", port of 1025, and authentication keyid of 10:</t>
<section title="Manycast configuration"> <sourcecode type="xml"><![CDATA[
<t>This example describes how to configure manycast-client with address
as "224.0.1.1", port as 1025 and authentication keyid as 10 - </t>
<t><figure align="center">
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<manycast-client> <manycast-client>
<address>224.0.1.1</address> <address>224.0.1.1</address>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
<port>1025</port> <port>1025</port>
</manycast-client> </manycast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">This example describes how to get manycast-client
-related configuration:</t>
<t>This example describes how to get manycast-client related configurati <sourcecode type="xml"><![CDATA[
on - </t>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<manycast-client> <manycast-client>
</manycast-client> </manycast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
skipping to change at line 2329 skipping to change at line 2410
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<manycast-client> <manycast-client>
<address>224.0.1.1</address> <address>224.0.1.1</address>
<authentication> <authentication>
<symmetric-key> <symmetric-key>
<key-id>10</key-id> <keyid>10</keyid>
</symmetric-key> </symmetric-key>
</authentication> </authentication>
<ttl>8</ttl> <ttl>8</ttl>
<minclock>3</minclock> <minclock>3</minclock>
<maxclock>10</maxclock> <maxclock>10</maxclock>
<beacon>6</beacon> <beacon>6</beacon>
<minpoll>6</minpoll> <minpoll>6</minpoll>
<maxpoll>10</maxpoll> <maxpoll>10</maxpoll>
<port>1025</port> <port>1025</port>
</manycast-client> </manycast-client>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t> <t keepWithNext="true">This example describes how to configure a manycas
t-server with an address of "224.0.1.1":</t>
<t>This example describes how to configure manycast-server with address <sourcecode type="xml"><![CDATA[
as "224.0.1.1" - </t>
<t><figure align="center">
<artwork><![CDATA[
<edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <edit-config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<target> <target>
<running/> <running/>
</target> </target>
<config> <config>
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<manycast-server> <manycast-server>
<address>224.0.1.1</address> <address>224.0.1.1</address>
</manycast-server> </manycast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</config> </config>
</edit-config> </edit-config>
]]></artwork> ]]></sourcecode>
</figure></t> <t>This example describes how to get manycast-server-related configurati
on:</t>
<t>This example describes how to get manycast-server related configurati <sourcecode type="xml"><![CDATA[
on - </t>
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<interfaces> <interfaces>
<interface> <interface>
<manycast-server> <manycast-server>
</manycast-server> </manycast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
skipping to change at line 2398 skipping to change at line 2473
<interfaces> <interfaces>
<interface> <interface>
<name>Ethernet3/0/0</name> <name>Ethernet3/0/0</name>
<manycast-server> <manycast-server>
<address>224.0.1.1</address> <address>224.0.1.1</address>
</manycast-server> </manycast-server>
</interface> </interface>
</interfaces> </interfaces>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<name>Clock State</name>
<section title="Clock state"> <t>This example describes how to get current clock state:</t>
<t>This example describes how to get clock current state - </t> <sourcecode type="xml"><![CDATA[
<t><figure align="center">
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<clock-state> <clock-state>
</clock-state> </clock-state>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
skipping to change at line 2441 skipping to change at line 2515
<clock-offset>0.025</clock-offset> <clock-offset>0.025</clock-offset>
<root-delay>0.5</root-delay> <root-delay>0.5</root-delay>
<root-dispersion>0.8</root-dispersion> <root-dispersion>0.8</root-dispersion>
<reference-time>10-10-2017 07:33:55.258 Z+05:30\ <reference-time>10-10-2017 07:33:55.258 Z+05:30\
</reference-time> </reference-time>
<sync-state>clock-synchronized</sync-state> <sync-state>clock-synchronized</sync-state>
</system-status> </system-status>
</clock-state> </clock-state>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<section title="Get all association"> <name>Get All Association</name>
<t>This example describes how to get all association present in the syst <t>This example describes how to get all associations present in the sys
em - </t> tem:</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<associations> <associations>
</associations> </associations>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
skipping to change at line 2499 skipping to change at line 2571
<ntp-statistics> <ntp-statistics>
<packet-sent>20</packet-sent> <packet-sent>20</packet-sent>
<packet-sent-fail>0</packet-sent-fail> <packet-sent-fail>0</packet-sent-fail>
<packet-received>20</packet-received> <packet-received>20</packet-received>
<packet-dropped>0</packet-dropped> <packet-dropped>0</packet-dropped>
</ntp-statistics> </ntp-statistics>
</association> </association>
</associations> </associations>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
<section numbered="true" toc="default">
<section title="Global statistic"> <name>Global Statistic</name>
<t>This example describes how to get global statistics - </t> <t>This example describes how to get global statistics:</t>
<t><figure align="center"> <sourcecode type="xml"><![CDATA[
<artwork><![CDATA[
<get> <get>
<filter type="subtree"> <filter type="subtree">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<ntp-statistics> <ntp-statistics>
</ntp-statistics> </ntp-statistics>
</ntp> </ntp>
</filter> </filter>
</get> </get>
<data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"> <data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp"> <ntp xmlns="urn:ietf:params:xml:ns:yang:ietf-ntp">
<ntp-statistics> <ntp-statistics>
<packet-sent>30</packet-sent> <packet-sent>30</packet-sent>
<packet-sent-fail>5</packet-sent-fail> <packet-sent-fail>5</packet-sent-fail>
<packet-received>20</packet-received> <packet-received>20</packet-received>
<packet-dropped>2</packet-dropped> <packet-dropped>2</packet-dropped>
</ntp-statistics> </ntp-statistics>
</ntp> </ntp>
</data> </data>
]]></artwork> ]]></sourcecode>
</figure></t>
</section> </section>
</section> </section>
<section anchor="IANA" numbered="true" toc="default">
<section anchor="IANA" title="IANA Considerations"> <name>IANA Considerations</name>
<section title="IETF XML Registry"> <section numbered="true" toc="default">
<t>This document registers a URI in the "IETF XML Registry" <xref target=" <name>IETF XML Registry</name>
RFC3688"/>. Following the format in RFC 3688, the following <t>This document registers a URI in the "IETF XML Registry" <xref target
registration has been made.</t> ="RFC3688" format="default"/>. Following the format in RFC 3688, the following
registration has been made.</t>
<t>URI: urn:ietf:params:xml:ns:yang:ietf-ntp</t> <dl spacing="normal">
<dt>URI:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd>
<t>Registrant Contact: The IESG.</t> <dt>Registrant Contact:</dt><dd>The IESG.</dd>
<dt>XML:</dt><dd>N/A; the requested URI is an XML namespace.</dd>
<t>XML: N/A; the requested URI is an XML namespace.</t> </dl>
</section> </section>
<section title="YANG Module Names"> <section numbered="true" toc="default">
<t>This document registers a YANG module in the "YANG Module Names" <name>YANG Module Names</name>
registry <xref target="RFC6020"/>.</t> <t>This document registers a YANG module in the "YANG Module Names"
registry <xref target="RFC6020" format="default"/>.</t>
<t>Name: ietf-ntp</t> <dl spacing="normal">
<dt>Name:</dt><dd>ietf-ntp</dd>
<t>Namespace: urn:ietf:params:xml:ns:yang:ietf-ntp</t> <dt>Namespace:</dt><dd>urn:ietf:params:xml:ns:yang:ietf-ntp</dd>
<dt>Prefix:</dt><dd>ntp</dd>
<t>Prefix: ntp</t> <dt>Reference:</dt><dd>RFC 9249</dd>
</dl>
<t>Reference: RFC XXXX</t> </section>
<t>Note: The RFC Editor will replace XXXX with the number assigned
to this document once it becomes an RFC.</t>
</section>
</section>
<section anchor="Security" title="Security Considerations">
<t>The YANG module specified in this document defines a schema for data that is
designed to be accessed via network management protocols such as NETCONF <xref t
arget="RFC6241"/> or RESTCONF <xref target="RFC8040"/>. The lowest NETCONF layer
is the secure transport layer, and the mandatory-to-implement secure transport
is Secure Shell (SSH) <xref target="RFC6242"/>. The lowest RESTCONF layer is HTT
PS, and the mandatory-to-implement secure transport is TLS <xref target="RFC8446
"/>.</t>
<t>The NETCONF Access Control Model (NACM) <xref target="RFC8341"/> provides the
means to restrict access for particular NETCONF or RESTCONF users to a preconfi
gured subset of all available NETCONF or RESTCONF protocol operations and conten
t. The 'nacm:default-deny-all' is used to prevent retrieval of the key informati
on. </t>
<t>There are a number of data nodes defined in this YANG module that are writabl
e/creatable/deletable (i.e., config true, which is the default). These data node
s may be considered sensitive or vulnerable in some network environments. Write
operations (e.g., edit-config) to these data nodes without proper protection can
have a negative effect on network operations. These are the subtrees and data n
odes and their sensitivity/vulnerability:
<list>
<t>/ntp/port - This data node specify the port number to be used to send NTP pac
kets. Unexpected changes could lead to disruption and/or network misbehavior.</t
>
<t>/ntp/authentication and /ntp/access-rules - The entries in the list include t
he authentication and access control configurations. Care should be taken while
setting these parameters.</t>
<t>/ntp/unicast-configuration - The entries in the list include all unicast conf
igurations (server or peer mode), and indirectly creates or modify the NTP
associations. Unexpected changes could lead to disruption and/or network misbeha
vior.</t>
<t>/ntp/interfaces/interface - The entries in the list include all per-interface
configurations related to broadcast, multicast and manycast mode, and indirectl
y creates or modify the NTP
associations. Unexpected changes could lead to disruption and/or network misbeha
vior. It could also lead to syncronization over untrusted source over trusted on
es.</t>
</list></t>
<t>Some of the readable data nodes in this YANG module may be considered sensiti
ve or vulnerable in some network environments. It is thus important to control r
ead access (e.g., via get, get-config, or notification) to these data nodes. The
se are the subtrees and data nodes and their sensitivity/vulnerability:
<list>
<t>/ntp/authentication/authentication-keys - The entries in the list includes
all the NTP authentication keys. Unauthorized access to the keys can be easily e
xploited to permit unauthorized access to the NTP service. This information is s
ensitive and thus unauthorized access to this needs to be curtailed. </t>
<t>/ntp/associations/association/ - The entries in the list includes all activ
e NTP associations of all modes. Exposure of these nodes
could reveal network topology or trust relationship. Unauthorized access to this
also needs to be curtailed. </t>
<t>/ntp/authentication and /ntp/access-rules - The entries in the list include t
he authentication and access control configurations. Exposure of these nodes
could reveal network topology or trust relationship.</t>
</list>
</t>
<t>Some of the RPC operations in this YANG module may be considered sensitive or
vulnerable in some network environments. It is thus important to control access
to these operations. These are the operations and their sensitivity/vulnerabili
ty:
<list>
<t>statistics-reset - The RPC is used to reset statistics. Unauthorized rese
t could impact monitoring.</t>
</list>
</t>
<t>The leaf /ntp/authentication/authentication-keys/algorithm can be set to cryp
tographic algorithms that are no longer considered to be secure. As per <xref ta
rget="RFC8573"/>, AES-CMAC is the recommended algorithm. </t>
</section> </section>
<section anchor="Security" numbered="true" toc="default">
<section title="Acknowledgments"> <name>Security Considerations</name>
<t>The authors would like to express their thanks to Sladjana Zoric, <t>The YANG module specified in this document defines a schema for data th
Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice Angerma at is designed to be accessed via network management protocols such as NETCONF <
nn, Watson Ladd, and Rich Salz for their xref target="RFC6241" format="default"/> or RESTCONF <xref target="RFC8040" form
review and suggestions.</t> at="default"/>. The lowest NETCONF layer is the secure transport layer, and the
<t>Thanks to Andy Bierman for the YANG doctor review.</t> mandatory-to-implement secure transport is Secure Shell (SSH) <xref target="RFC6
<t>Thanks to Dieter Sibold for being the document shepherd and Erik Kline 242" format="default"/>. The lowest RESTCONF layer is HTTPS, and the mandatory-t
for being the responsible AD.</t> o-implement secure transport is TLS <xref target="RFC8446" format="default"/>.</
<t>Thanks to Takeshi Takahashi for SECDIR review. Thanks to Tim Evens for t>
GENART review.</t> <t>The Network Configuration Access Control Model (NACM) <xref target="RFC
<t>A special thanks to Tom Petch for a very detailed YANG review and provi 8341" format="default"/> provides the means to restrict access for particular NE
ding great suggestions for improvements.</t> TCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RE
<t>Thanks for the IESG review from Benjamin Kaduk, Francesca Palombini, Er STCONF protocol operations and content.
ic Vyncke, Murray Kucherawy, Robert Wilton, Roman Danyliw, and Zaheduzzaman Sark The 'nacm:default-deny-all' is used to prevent retrieval of the key inform
er.</t> ation. </t>
<t>There are a number of data nodes defined in this YANG module that are w
ritable/creatable/deletable (i.e., config true, which is the default). These dat
a nodes may be considered sensitive or vulnerable in some network environments.
Write operations (e.g., edit-config) to these data nodes without proper protecti
on can have a negative effect on network operations. These are the subtrees and
data nodes and their sensitivity/vulnerability:
</t>
<dl spacing="normal">
<dt>/ntp/port:</dt><dd>This data node specifies the port number to be us
ed to send NTP packets. Unexpected changes could lead to disruption and/or netwo
rk misbehavior.</dd>
<dt>/ntp/authentication and /ntp/access-rules:</dt><dd>The entries in th
e list include the authentication and access control configurations. Care should
be taken while setting these parameters.</dd>
<dt>/ntp/unicast-configuration:</dt><dd>The entries in the list include
all unicast configurations (server or peer mode) and indirectly creates or modif
ies the NTP
associations. Unexpected changes could lead to disruption and/or network misbeha
vior.</dd>
<dt>/ntp/interfaces/interface:</dt><dd>The entries in the list include a
ll per-interface configurations related to broadcast, multicast, and manycast mo
de, and indirectly creates or modifies the NTP
associations. Unexpected changes could lead to disruption and/or network misbeha
vior. It could also lead to synchronization over an untrusted source over truste
d ones.</dd>
</dl>
<t>Some of the readable data nodes in this YANG module may be considered s
ensitive or vulnerable in some network environments. It is thus important to con
trol read access (e.g., via get, get-config, or notification) to these data node
s. These are the subtrees and data nodes and their sensitivity/vulnerability:
</t>
<dl spacing="normal">
<dt>/ntp/authentication/authentication-keys:</dt><dd>The entries in the
list include all the NTP authentication keys. Unauthorized access to the keys ca
n be easily exploited to permit unauthorized access to the NTP service. This inf
ormation is sensitive; thus, unauthorized access to this needs to be curtailed.
</dd>
<dt>/ntp/associations/association/:</dt><dd>The entries in the list incl
ude all active NTP associations of all modes. Exposure of these nodes
could reveal network topology or trust relationships. Unauthorized access to thi
s also needs to be curtailed. </dd>
<dt>/ntp/authentication and /ntp/access-rules:</dt><dd>The entries in th
e list include the authentication and access control configurations. Exposure of
these nodes
could reveal network topology or trust relationships.</dd>
</dl>
<t>Some of the RPC operations in this YANG module may be considered sensitive o
r vulnerable in some network environments. It is thus important to control acces
s to these operations. These are the operations and their sensitivity/vulnerabil
ity:
</t>
<dl spacing="normal">
<dt>statistics-reset:</dt><dd>The RPC is used to reset statistics. Unaut
horized reset could impact monitoring.</dd>
</dl>
<t>The leaf /ntp/authentication/authentication-keys/algorithm can be set t
o cryptographic algorithms that are no longer considered to be secure. As per <x
ref target="RFC8573" format="default"/>, AES-CMAC is the recommended algorithm.
</t>
</section> </section>
</middle> </middle>
<back> <back>
<references title="Normative References"> <references>
<name>References</name>
<?rfc include="reference.RFC.2119"?> <references>
<?rfc include="reference.RFC.3688"?> <name>Normative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.5905"?> FC.2119.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.6020"?> FC.3688.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.6991"?> FC.5905.xml"/>
<?rfc include="reference.RFC.7317"?> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.7950"?> FC.6020.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RF
<?rfc include="reference.RFC.8174"?> C.6241.xml"/>
<!--<?rfc include="reference.RFC.8177"?>--> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.8294"?> FC.6242.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.8340"?> FC.6991.xml"/>
<?rfc include="reference.RFC.8341"?> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.8343"?> FC.7317.xml"/>
<?rfc include="reference.RFC.8446"?> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
<?rfc include="reference.RFC.8519"?> FC.7950.xml"/>
<?rfc include="reference.RFC.8573"?> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8040.xml"/>
</references> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8174.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8294.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8340.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8341.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8343.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8446.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8519.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8573.xml"/>
</references>
<references>
<name>Informative References</name>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.1305.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.1321.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.3174.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.4493.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.5907.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8342.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.R
FC.8792.xml"/>
<references title="Informative References"> <reference anchor="SHS" target="https://doi.org/10.6028/NIST.FIPS.180-4"
<?rfc include="reference.RFC.1305"?> >
<?rfc include="reference.RFC.1321"?> <front>
<?rfc include="reference.RFC.3174"?>
<?rfc include="reference.RFC.4493"?>
<?rfc include="reference.RFC.5907"?>
<?rfc include="reference.RFC.6241"?>
<?rfc include="reference.RFC.6242"?>
<?rfc include="reference.RFC.8040"?>
<?rfc include="reference.RFC.8342"?>
<?rfc include="reference.RFC.8792"?>
<reference anchor="SHS" target="https://nvlpubs.nist.gov/nistpubs/fips/nis
t.fips.180-4.pdf">
<front>
<title>Secure Hash Standard (SHS)</title> <title>Secure Hash Standard (SHS)</title>
<author initials="" surname="" fullname=""> <author initials="" surname="" fullname="">
<organization>NIST</organization> <organization>National Institute of Standards and Technology (NIST )</organization>
</author> </author>
<date month="March" year="2012" /> <date month="August" year="2015"/>
</front> </front>
<seriesInfo name="FIPS PUB" value="180-4" /> <seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>
</reference> <seriesInfo name="FIPS PUB" value="180-4"/>
</reference>
</references>
</references> </references>
<section title="Full YANG Tree" anchor="full"> <section anchor="full" numbered="true" toc="default">
<t>The full tree for ietf-ntp YANG model is - </t> <name>Full YANG Tree</name>
<t><figure align="center"> <t>The full tree for the ietf-ntp YANG data model is as follows. </t>
<artwork><![CDATA[ <sourcecode type="yangtree"><![CDATA[
module: ietf-ntp module: ietf-ntp
+--rw ntp! +--rw ntp!
+--rw port? inet:port-number {ntp-port}? +--rw port? inet:port-number {ntp-port}?
+--rw refclock-master! +--rw refclock-master!
| +--rw master-stratum? ntp-stratum | +--rw master-stratum? ntp-stratum
+--rw authentication {authentication}? +--rw authentication {authentication}?
| +--rw auth-enabled? boolean | +--rw auth-enabled? boolean
| +--rw authentication-keys* [key-id] | +--rw authentication-keys* [keyid]
| +--rw key-id uint32 | +--rw keyid uint32
| +--rw algorithm? identityref | +--rw algorithm? identityref
| +--rw key | +--rw key
| | +--rw (key-string-style)? | | +--rw (key-string-style)?
| | +--:(keystring) | | +--:(keystring)
| | | +--rw keystring? string {deprecated}? | | | +--rw keystring? string {deprecated}?
| | +--:(hexadecimal) {hex-key-string}? | | +--:(hexadecimal) {hex-key-string}?
| | +--rw hexadecimal-string? yang:hex-string | | +--rw hexadecimal-string? yang:hex-string
| +--rw istrusted? boolean | +--rw istrusted? boolean
+--rw access-rules {access-rules}? +--rw access-rules {access-rules}?
| +--rw access-rule* [access-mode] | +--rw access-rule* [access-mode]
skipping to change at line 2706 skipping to change at line 2753
| +--ro root-dispersion? decimal64 | +--ro root-dispersion? decimal64
| +--ro reference-time? ntp-date-and-time | +--ro reference-time? ntp-date-and-time
| +--ro sync-state identityref | +--ro sync-state identityref
+--rw unicast-configuration* [address type] +--rw unicast-configuration* [address type]
| {unicast-configuration}? | {unicast-configuration}?
| +--rw address inet:ip-address | +--rw address inet:ip-address
| +--rw type identityref | +--rw type identityref
| +--rw authentication {authentication}? | +--rw authentication {authentication}?
| | +--rw (authentication-type)? | | +--rw (authentication-type)?
| | +--:(symmetric-key) | | +--:(symmetric-key)
| | +--rw key-id? leafref | | +--rw keyid? leafref
| +--rw prefer? boolean | +--rw prefer? boolean
| +--rw burst? boolean | +--rw burst? boolean
| +--rw iburst? boolean | +--rw iburst? boolean
| +--rw source? if:interface-ref | +--rw source? if:interface-ref
| +--rw minpoll? log2seconds | +--rw minpoll? log2seconds
| +--rw maxpoll? log2seconds | +--rw maxpoll? log2seconds
| +--rw port? inet:port-number {ntp-port}? | +--rw port? inet:port-number {ntp-port}?
| +--rw version? ntp-version | +--rw version? ntp-version
+--rw associations +--rw associations
| +--ro association* [address local-mode isconfigured] | +--ro association* [address local-mode isconfigured]
| +--ro address inet:ip-address | +--ro address inet:ip-address
| +--ro local-mode identityref | +--ro local-mode identityref
| +--ro isconfigured boolean | +--ro isconfigured boolean
| +--ro stratum? ntp-stratum | +--ro stratum? ntp-stratum
| +--ro refid? refid | +--ro refid? refid
| +--ro authentication? | +--ro authentication?
| | -> /ntp/authentication/authentication-keys/key-id | | -> /ntp/authentication/authentication-keys/keyid
| | {authentication}? | | {authentication}?
| +--ro prefer? boolean | +--ro prefer? boolean
| +--ro peer-interface? if:interface-ref | +--ro peer-interface? if:interface-ref
| +--ro minpoll? log2seconds | +--ro minpoll? log2seconds
| +--ro maxpoll? log2seconds | +--ro maxpoll? log2seconds
| +--ro port? inet:port-number {ntp-port}? | +--ro port? inet:port-number {ntp-port}?
| +--ro version? ntp-version | +--ro version? ntp-version
| +--ro reach? uint8 | +--ro reach? uint8
| +--ro unreach? uint8 | +--ro unreach? uint8
| +--ro poll? log2seconds | +--ro poll? log2seconds
skipping to change at line 2756 skipping to change at line 2803
| +--ro packet-received? yang:counter32 | +--ro packet-received? yang:counter32
| +--ro packet-dropped? yang:counter32 | +--ro packet-dropped? yang:counter32
+--rw interfaces +--rw interfaces
| +--rw interface* [name] | +--rw interface* [name]
| +--rw name if:interface-ref | +--rw name if:interface-ref
| +--rw broadcast-server! {broadcast-server}? | +--rw broadcast-server! {broadcast-server}?
| | +--rw ttl? uint8 | | +--rw ttl? uint8
| | +--rw authentication {authentication}? | | +--rw authentication {authentication}?
| | | +--rw (authentication-type)? | | | +--rw (authentication-type)?
| | | +--:(symmetric-key) | | | +--:(symmetric-key)
| | | +--rw key-id? leafref | | | +--rw keyid? leafref
| | +--rw minpoll? log2seconds | | +--rw minpoll? log2seconds
| | +--rw maxpoll? log2seconds | | +--rw maxpoll? log2seconds
| | +--rw port? inet:port-number {ntp-port}? | | +--rw port? inet:port-number {ntp-port}?
| | +--rw version? ntp-version | | +--rw version? ntp-version
| +--rw broadcast-client! {broadcast-client}? | +--rw broadcast-client! {broadcast-client}?
| +--rw multicast-server* [address] {multicast-server}? | +--rw multicast-server* [address] {multicast-server}?
| | +--rw address | | +--rw address
| | | rt-types:ip-multicast-group-address | | | rt-types:ip-multicast-group-address
| | +--rw ttl? uint8 | | +--rw ttl? uint8
| | +--rw authentication {authentication}? | | +--rw authentication {authentication}?
| | | +--rw (authentication-type)? | | | +--rw (authentication-type)?
| | | +--:(symmetric-key) | | | +--:(symmetric-key)
| | | +--rw key-id? leafref | | | +--rw keyid? leafref
| | +--rw minpoll? log2seconds | | +--rw minpoll? log2seconds
| | +--rw maxpoll? log2seconds | | +--rw maxpoll? log2seconds
| | +--rw port? inet:port-number {ntp-port}? | | +--rw port? inet:port-number {ntp-port}?
| | +--rw version? ntp-version | | +--rw version? ntp-version
| +--rw multicast-client* [address] {multicast-client}? | +--rw multicast-client* [address] {multicast-client}?
| | +--rw address rt-types:ip-multicast-group-address | | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-server* [address] {manycast-server}? | +--rw manycast-server* [address] {manycast-server}?
| | +--rw address rt-types:ip-multicast-group-address | | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-client* [address] {manycast-client}? | +--rw manycast-client* [address] {manycast-client}?
| +--rw address | +--rw address
| | rt-types:ip-multicast-group-address | | rt-types:ip-multicast-group-address
| +--rw authentication {authentication}? | +--rw authentication {authentication}?
| | +--rw (authentication-type)? | | +--rw (authentication-type)?
| | +--:(symmetric-key) | | +--:(symmetric-key)
| | +--rw key-id? leafref | | +--rw keyid? leafref
| +--rw ttl? uint8 | +--rw ttl? uint8
| +--rw minclock? uint8 | +--rw minclock? uint8
| +--rw maxclock? uint8 | +--rw maxclock? uint8
| +--rw beacon? log2seconds | +--rw beacon? log2seconds
| +--rw minpoll? log2seconds | +--rw minpoll? log2seconds
| +--rw maxpoll? log2seconds | +--rw maxpoll? log2seconds
| +--rw port? inet:port-number {ntp-port}? | +--rw port? inet:port-number {ntp-port}?
| +--rw version? ntp-version | +--rw version? ntp-version
+--ro ntp-statistics +--ro ntp-statistics
+--ro discontinuity-time? ntp-date-and-time +--ro discontinuity-time? ntp-date-and-time
skipping to change at line 2812 skipping to change at line 2859
+---w input +---w input
+---w (association-or-all)? +---w (association-or-all)?
+--:(association) +--:(association)
| +---w associations-address? | +---w associations-address?
| | -> /ntp/associations/association/address | | -> /ntp/associations/association/address
| +---w associations-local-mode? | +---w associations-local-mode?
| | -> /ntp/associations/association/local-mode | | -> /ntp/associations/association/local-mode
| +---w associations-isconfigured? | +---w associations-isconfigured?
| -> /ntp/associations/association/isconfigured | -> /ntp/associations/association/isconfigured
+--:(all) +--:(all)
]]></sourcecode>
</section>
]]></artwork> <section numbered="false" toc="default">
</figure></t> <name>Acknowledgments</name>
<t>The authors would like to express their thanks to <contact fullname=" S
ladjana Zoric"/>,
<contact fullname="Danny Mayer"/>, <contact fullname="Harlan Stenn"/>, <
contact fullname="Ulrich Windl"/>, <contact fullname="Miroslav Lichvar"/>, <co
ntact fullname="Maurice Angermann"/>, <contact fullname="Watson Ladd"/>, and <
contact fullname="Rich Salz"/> for their
review and suggestions.</t>
<t>Thanks to <contact fullname="Andy Bierman"/> for the YANG doctor revie
w.</t>
<t>Thanks to <contact fullname="Dieter Sibold"/> for being the Document S
hepherd and <contact fullname="Erik Kline"/> for being the Responsible AD.</t>
<t>Thanks to <contact fullname="Takeshi Takahashi"/> for SECDIR review. T
hanks to <contact fullname="Tim Evens"/> for GENART review.</t>
<t>A special thanks to <contact fullname="Tom Petch"/> for a very detaile
d YANG review and providing great suggestions for improvements.</t>
<t>Thanks for the IESG review from <contact fullname="Benjamin Kaduk"/>,
<contact fullname="Francesca Palombini"/>, <contact fullname="Eric Vyncke"/>,
<contact fullname="Murray Kucherawy"/>, <contact fullname="Robert Wilton"/>,
<contact fullname="Roman Danyliw"/>, and <contact fullname="Zaheduzzaman Sarker
"/>.</t>
</section> </section>
</back> </back>
</rfc> </rfc>
 End of changes. 294 change blocks. 
910 lines changed or deleted 1000 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/