A YANG Data Model for NTPHuaweiHuawei Bld., No.156 Beiqing Rd.Beijing100095Chinaeric.wu@huawei.comHuaweiDivyashree Techno Park, WhitefieldBangaloreKanataka560066Indiadhruv.ietf@gmail.comRtBrick Inc.BangaloreKanatakaIndiaankit.ietf@gmail.comRtBrick Inc.BangaloreKanatakaIndiaanil.ietf@gmail.comEricssonChina Digital Kingdom Bld., No.1 WangJing North Rd.Beijing100102Chinayi.z.zhao@ericsson.com
Internet
NTP Working GroupNTP, YANGThis document defines a YANG data model for Network Time Protocol (NTP)
implementations. The data model includes configuration data and state
data.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 when, and only when, they
appear in all capitals, as shown here.This document defines a YANG data model for
Network Time Protocol implementations.The data model covers configuration of system parameters of NTP,
such as access rules, authentication and VPN Routing and Forwarding (VRF) binding, and also
associations of NTP in different modes and per-interface parameters.
It also provides information about running state of NTP
implementations.NTP Operational State is included in the same tree as NTP configuration,
consistent with Network Management Datastore Architecture (NMDA) .
NTP current state and statistics are also maintained
in the operational state. The operational state also includes the NTP association state.The terminology used in this document is aligned to .A simplified graphical representation of the data model is used in
this document.
This document uses the graphical representation of data models
defined in .
In this document, names of data nodes and other data
model objects are often used without a prefix, as long as it is clear
from the context in which YANG module each name is defined.
Otherwise, names are prefixed using the standard prefix associated
with the corresponding YANG module, as shown in .PrefixYANG moduleReferenceyangietf-yang-typesinetietf-inet-typesifietf-interfacessysietf-systemkey-chainietf-key-chainaclietf-access-control-listrt-typesietf-routing-typesnacmietf-netconf-acmFollowing documents are referenced in the model defined in this
document -TitleReferenceNetwork Time Protocol Version 4: Protocol and Algorithms SpecificationCommon YANG Data TypesA YANG Data Model for System ManagementYANG Data Model for Key ChainsCommon YANG Data Types for the Routing AreaNetwork Configuration Access Control ModelA YANG Data Model for Interface ManagementYANG Data Model for Network Access Control Lists (ACLs)Message Authentication Code for the Network Time ProtocolThe AES-CMAC AlgorithmThis document defines the YANG module "ietf-ntp", which has the
following condensed structure: /acl:acls/acl/name
+--ro clock-state
| +--ro system-status
| +--ro clock-state identityref
| +--ro clock-stratum ntp-stratum
| +--ro clock-refid refid
| | ...
+--rw unicast-configuration* [address type]
| {unicast-configuration}?
| +--rw address inet:ip-address
| +--rw type identityref
| | ...
+--ro associations* [address local-mode isconfigured]
| +--ro address inet:ip-address
| +--ro local-mode identityref
| +--ro isconfigured boolean
| | ...
| +--ro ntp-statistics
| ...
| +--rw interface* [name]
| +--rw name if:interface-ref
| +--rw broadcast-server! {broadcast-server}?
| | ...
| +--rw broadcast-client! {broadcast-client}?
| +--rw multicast-server* [address] {multicast-server}?
| | +--rw address
| | | rt-types:ip-multicast-group-address
| | | ...
| +--rw multicast-client* [address] {multicast-client}?
| | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-server* [address] {manycast-server}?
| | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-client* [address] {manycast-client}?
| +--rw address
| | rt-types:ip-multicast-group-address
| | ...
+--ro ntp-statistics
+--...
]]>The full data model tree for the YANG module "ietf-ntp" is in .This data model defines one top-level container which includes both
the NTP configuration and the NTP running state including access rules,
authentication, associations, unicast configurations, interfaces, system status and associations.If the device implements the NTPv4-MIB , data
nodes from YANG module can be mapped
to table entries in NTPv4-MIB.The following tables list the YANG data nodes with corresponding
objects in the NTPv4-MIB.YANG NTP Configuration Data Nodes and Related NTPv4-MIB ObjectsYANG data nodes in /ntp/clock-state/system-statusNTPv4-MIB objectsclock-statentpEntStatusCurrentModeclock-stratumntpEntStatusStratumclock-refidntpEntStatusActiveRefSourceIdntpEntStatusActiveRefSourceNameclock-precisionntpEntTimePrecisionclock-offsetntpEntStatusActiveOffsetroot-dispersionntpEntStatusDispersionYANG data nodes in /ntp/associations/NTPv4-MIB objectsaddressntpAssocAddressTypentpAssocAddressstratumntpAssocStratumrefidntpAssocRefIdoffsetntpAssocOffsetdelayntpAssocStatusDelaydispersionntpAssocStatusDispersionntp-statistics/packet-sentntpAssocStatOutPktsntp-statistics/packet-receivedntpAssocStatInPktsntp-statistics/packet-droppedntpAssocStatProtocolErrorYANG NTP State Data Nodes and Related NTPv4-MIB ObjectsThis section describes the relationship with NTP definition in
Section 3.2 System Time Management of .
YANG data nodes in /ntp/ also support per-interface
configuration which is not supported in /system/ntp.
If the yang model defined in this document is implemented, then
/system/ntp SHOULD NOT be used and MUST be ignored.YANG data nodes in /ntp/ YANG data nodes in /system/ntpntp!enabledunicast-configurationserverserver/nameunicast-configuration/addressserver/transport/udp/addressunicast-configuration/portserver/transport/udp/portunicast-configuration/typeserver/association-typeunicast-configuration/iburstserver/iburstunicast-configuration/preferserver/preferYANG NTP Configuration Data Nodes and counterparts in RFC 7317 ObjectsAn Access Control List (ACL) is one of the basic elements used to
configure device-forwarding behavior. An ACL is a user-ordered set of rules that is used to filter traffic
on a networking device.As per and , NTP could
include an access-control feature that prevents unauthorized access and
controls which peers are allowed to update the local clock. Further it is useful to differentiate between the various kinds of access (such as peer or server; see access-mode) and attach a different acl-rule to each. For this, the YANG module allows such configuration via /ntp/access-rules. The access-rule itself is configured via .As per and , when authentication is enabled, NTP employs
a crypto-checksum, computed by the sender and checked by the receiver,
together with a set of predistributed algorithms, and
cryptographic keys indexed by a key identifier included in the NTP message. This key-id is a 32-bit unsigned integer that MUST be configured on the NTP peers before the authentication could be used.
For this reason, this YANG module allow such configuration via /ntp/authentication/authentication-keys/. Further at the time of configuration of NTP association (for example unicast-server), the key-id is specified. file "ietf-ntp@2021-02-11.yang"
module ietf-ntp {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-ntp";
prefix ntp;
import ietf-yang-types {
prefix yang;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-inet-types {
prefix inet;
reference
"RFC 6991: Common YANG Data Types";
}
import ietf-interfaces {
prefix if;
reference
"RFC 8343: A YANG Data Model for Interface Management";
}
import ietf-system {
prefix sys;
reference
"RFC 7317: A YANG Data Model for System Management";
}
import ietf-key-chain {
prefix key-chain;
reference
"RFC 8177: YANG Data Model for Key Chains";
}
import ietf-access-control-list {
prefix acl;
reference
"RFC 8519: YANG Data Model for Network Access Control
Lists (ACLs)";
}
import ietf-routing-types {
prefix rt-types;
reference
"RFC 8294: Common YANG Data Types for the Routing Area";
}
import ietf-netconf-acm {
prefix nacm;
reference
"RFC 8341: Network Configuration Protocol (NETCONF) Access
Control Model";
}
organization
"IETF NTP (Network Time Protocol) Working Group";
contact
"WG Web:
WG List:
Editor: Ankit Kumar Sinha
";
description
"This document defines a YANG data model for Network Time Protocol
(NTP) implementations. The data model includes configuration data
and state data.
Copyright (c) 2021 IETF Trust and the persons identified
as authors of the code. All rights reserved.
Redistribution and use in source and binary forms,
with or without modification, is permitted pursuant to,
and subject to the license terms contained in, the
Simplified BSD License set forth in Section 4.c of the
IETF Trust's Legal Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX;
see the RFC itself for full legal notices.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.";
revision 2021-02-11 {
description
"Initial revision.";
reference
"RFC XXXX: A YANG Data Model for NTP.";
}
/* Note: The RFC Editor will replace XXXX with the number assigned
to this document once it becomes an RFC.*/
/* Typedef Definitions */
typedef ntp-stratum {
type uint8 {
range "1..16";
}
description
"The level of each server in the hierarchy is defined by
a stratum. Primary servers are assigned with stratum
one; secondary servers at each lower level are assigned with
one stratum greater than the preceding level";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
typedef ntp-version {
type uint8;
default "4";
description
"The current NTP version supported by corresponding
association.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 1";
}
typedef refid {
type union {
type inet:ipv4-address;
type uint32;
type string {
length "4";
}
}
description
"A code identifying the particular server or reference
clock. The interpretation depends upon startum. It
could be an IPv4 address or first 32 bits of the MD5 hash of
the IPv6 address or a string for the Reference Identifier
and KISS codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6
-- sync with primary source will look like 'DCN', 'NIST',
'ATOM'
-- KISS codes will look like 'AUTH', 'DROP', 'RATE'";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
typedef ntp-date-and-time {
type union {
type yang:date-and-time;
type uint8;
}
description
"Follows the normal date-and-time format when valid value
exist, otherwise allows for seeting special value such as
zero.";
}
/* features */
feature ntp-port {
description
"Support for NTP port configuration";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2";
}
feature authentication {
description
"Support for NTP symmetric key authentication";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
feature access-rules {
description
"Support for NTP access control";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2";
}
feature unicast-configuration {
description
"Support for NTP client/server or active/passive
in unicast";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
feature broadcast-server {
description
"Support for broadcast server";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
feature broadcast-client {
description
"Support for broadcast client";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
feature multicast-server {
description
"Support for multicast server";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
feature multicast-client {
description
"Support for multicast client";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
feature manycast-server {
description
"Support for manycast server";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
feature manycast-client {
description
"Support for manycast client";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
/* Identity */
identity unicast-configuration-type {
if-feature "unicast-configuration";
description
"This defines NTP unicast mode of operation.";
}
identity server {
if-feature "unicast-configuration";
base unicast-configuration-type;
description
"Use client association mode. This device
will not provide synchronization to the
configured NTP server.";
}
identity peer {
if-feature "unicast-configuration";
base unicast-configuration-type;
description
"Use symmetric active association mode.
This device may provide synchronization
to the configured NTP server.";
}
identity access-mode {
if-feature "access-rules";
description
"This defines NTP access modes.";
}
identity peer-access-mode {
if-feature "access-rules";
base access-mode;
description
"Enables full access authority. Both time
request and control query can be performed
on the local NTP service, and the local clock
can be synchronized with the remote server.";
}
identity server-access-mode {
if-feature "access-rules";
base access-mode;
description
"Enables server access and control queries.
Both time requests and control query can be
performed on the local NTP service, but the
local clock cannot be synchronized with the
remote server.";
}
identity synchronization-access-mode {
if-feature "access-rules";
base access-mode;
description
"Enables basic server access.
Only time request can be performed on the
local NTP service.";
}
identity query-access-mode {
if-feature "access-rules";
base access-mode;
description
"Enables the maximum access limitation.
Control query can be performed only on the
local NTP service.";
}
identity association-mode {
description
"The NTP association modes.";
}
identity client {
base association-mode;
description
"Use client association mode(mode 3).
This device will not provide synchronization
to the configured NTP server.";
}
identity active {
base association-mode;
description
"Use symmetric active association mode(mode 1).
This device may synchronize with its NTP peer,
or provide synchronization to configured NTP peer.";
}
identity passive {
base association-mode;
description
"Use symmetric passive association mode(mode 2).
This device has learned this association dynamically.
This device may synchronize with its NTP peer.";
}
identity broadcast {
base association-mode;
description
"Use broadcast mode(mode 5).
This mode defines that its either working
as broadcast-server or multicast-server.";
}
identity broadcast-client {
base association-mode;
description
"This mode defines that its either working
as broadcast-client or multicast-client.";
}
identity clock-state {
description
"This defines NTP clock status.";
}
identity synchronized {
base clock-state;
description
"Indicates that the local clock has been synchronized with
an NTP server or the reference clock.";
}
identity unsynchronized {
base clock-state;
description
"Indicates that the local clock has not been synchronized
with any NTP server.";
}
identity ntp-sync-state {
description
"This defines NTP clock sync states.";
}
identity clock-not-set {
base ntp-sync-state;
description
"Indicates the clock is not updated.";
}
identity freq-set-by-cfg {
base ntp-sync-state;
description
"Indicates the clock frequency is set by
NTP configuration.";
}
identity clock-set {
base ntp-sync-state;
description
"Indicates the clock is set.";
}
identity freq-not-determined {
base ntp-sync-state;
description
"Indicates the clock is set but the frequency
is not determined.";
}
identity clock-synchronized {
base ntp-sync-state;
description
"Indicates that the clock is synchronized";
}
identity spike {
base ntp-sync-state;
description
"Indicates a time difference of more than 128
milliseconds is detected between NTP server
and client clock.";
}
identity aes-cmac {
base key-chain:crypto-algorithm;
description
"The AES-CMAC algorithm - required by
RFC 8573 for MAC for the NTP";
reference
"RFC 4493: The AES-CMAC Algorithm";
}
/* Groupings */
grouping key {
description
"The key.";
nacm:default-deny-all;
choice key-string-style {
description
"Key string styles";
case keystring {
leaf keystring {
type string;
description
"Key string in ASCII format.";
}
}
case hexadecimal {
if-feature "key-chain:hex-key-string";
leaf hexadecimal-string {
type yang:hex-string;
description
"Key in hexadecimal string format. When compared
to ASCII, specification in hexadecimal affords
greater key entropy with the same number of
internal key-string octets. Additionally, it
discourages usage of well-known words or
numbers.";
}
}
}
}
grouping authentication-key {
description
"To define an authentication key for a Network Time
Protocol (NTP) time source.";
nacm:default-deny-all;
leaf key-id {
type uint32 {
range "1..max";
}
description
"Authentication key identifier.";
}
leaf algorithm {
type identityref {
base key-chain:crypto-algorithm;
}
description
"Authentication algorithm. Note that RFC 8573
depricates the use of MD5-based authentication";
}
container key {
uses key;
description
"The key. Note that RFC 8573 depricates the use
of MD5-based authentication";
}
leaf istrusted {
type boolean;
description
"Key-id is trusted or not";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
grouping authentication {
description
"Authentication.";
choice authentication-type {
description
"Type of authentication.";
case symmetric-key {
leaf key-id {
type leafref {
path "/ntp:ntp/ntp:authentication/"
+ "ntp:authentication-keys/ntp:key-id";
}
description
"Authentication key id referenced in this
association.";
}
}
}
}
grouping statistics {
description
"NTP packet statistic.";
leaf discontinuity-time {
type ntp-date-and-time;
description
"The time on the most recent occasion at which any one or
more of this NTP counters suffered a discontinuity. If
no such discontinuities have occurred, then this node
contains the time the NTP association was
(re-)initialized.";
}
leaf packet-sent {
type yang:counter32;
description
"The total number of NTP packets delivered to the
transport service by this NTP entity for this
association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times.";
}
leaf packet-sent-fail {
type yang:counter32;
description
"The number of times NTP packets sending failed.";
}
leaf packet-received {
type yang:counter32;
description
"The total number of NTP packets delivered to the
NTP entity from this association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times.";
}
leaf packet-dropped {
type yang:counter32;
description
"The total number of NTP packets that were delivered
to this NTP entity from this association and this entity
was not able to process due to an NTP protocol error.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times.";
}
}
grouping common-attributes {
description
"NTP common attributes for configuration.";
leaf minpoll {
type uint8;
default "6";
description
"The minimum poll interval used in this association.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2";
}
leaf maxpoll {
type uint8;
default "10";
description
"The maximum poll interval used in this association.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2";
}
leaf port {
if-feature "ntp-port";
type inet:port-number {
range "123 | 1025..max";
}
default "123";
description
"Specify the port used to send NTP packets.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2";
}
leaf version {
type ntp-version;
description
"NTP version.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification";
}
grouping association-ref {
description
"Reference to NTP association mode";
leaf associations-address {
type leafref {
path "/ntp:ntp/ntp:associations/ntp:address";
}
description
"Indicates the association's address
which result in clock synchronization.";
}
leaf associations-local-mode {
type leafref {
path "/ntp:ntp/ntp:associations/ntp:local-mode";
}
description
"Indicates the association's local-mode
which result in clock synchronization.";
}
leaf associations-isconfigured {
type leafref {
path "/ntp:ntp/ntp:associations/"
+ "ntp:isconfigured";
}
description
"The association was configured or dynamic
which result in clock synchronization.";
}
}
/* Configuration data nodes */
container ntp {
when 'false() = boolean(/sys:system/sys:ntp)' {
description
"Applicable when the system /sys/ntp/ is not used.";
}
presence "NTP is enabled and system should attempt to
synchronize the system clock with an NTP server
from the 'ntp/associations' list.";
description
"Configuration parameters for NTP.";
leaf port {
if-feature "ntp-port";
type inet:port-number {
range "123 | 1025..max";
}
default "123";
description
"Specify the port used to send and receive NTP packets.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.2";
}
container refclock-master {
presence "NTP master clock is enabled.";
description
"Configures the local clock of this device as NTP server.";
leaf master-stratum {
type ntp-stratum;
default "16";
description
"Stratum level from which NTP clients get their time
synchronized.";
}
}
container authentication {
if-feature "authentication";
description
"Configuration of authentication.";
leaf auth-enabled {
type boolean;
default "false";
description
"Controls whether NTP authentication is enabled
or disabled on this device.";
}
list authentication-keys {
key "key-id";
uses authentication-key;
description
"List of authentication keys.";
}
}
container access-rules {
if-feature "access-rules";
description
"Configuration to control access to NTP service
by using NTP access-group feature.
The access-mode identifies how the acl is
applied with NTP.";
list access-rule {
key "access-mode";
description
"List of access rules.";
leaf access-mode {
type identityref {
base access-mode;
}
description
"NTP access mode. The definition of each possible values:
peer: Both time request and control query can be
performed.
server: Enables the server access and query.
synchronization: Enables the server access only.
query: Enables control query only.";
}
leaf acl {
type leafref {
path "/acl:acls/acl:acl/acl:name";
}
description
"Control access configuration to be used.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2";
}
}
container clock-state {
config false;
description
"Clock operational state of the NTP.";
container system-status {
description
"System status of NTP.";
leaf clock-state {
type identityref {
base clock-state;
}
mandatory true;
description
"The state of system clock. The definition of each
possible value is:
synchronized: Indicates local clock is synchronized.
unsynchronized: Indicates local clock is not
synchronized.";
}
leaf clock-stratum {
type ntp-stratum;
mandatory true;
description
"The NTP entity's own stratum value. Should be a stratum
of syspeer + 1 (or 16 if no syspeer).";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
leaf clock-refid {
type refid;
mandatory true;
description
"A code identifying the particular server or reference
clock. The interpretation depends upon startum. It
could be an IPv4 address or first 32 bits of the MD5 hash
of the IPv6 address or a string for the Reference
Identifier and KISS codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6
-- sync with primary source will look like 'DCN', 'NIST',
'ATOM'
-- KISS codes will look like 'AUTH', 'DROP', 'RATE'";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
uses association-ref {
description
"Reference to Association.";
}
leaf nominal-freq {
type decimal64 {
fraction-digits 4;
}
units "Hz";
mandatory true;
description
"The nominal frequency of the local clock. An ideal frequency
with zero uncertainty.";
}
leaf actual-freq {
type decimal64 {
fraction-digits 4;
}
units "Hz";
mandatory true;
description
"The actual frequency of the local clock.";
}
leaf clock-precision {
type uint8;
units "Hz";
mandatory true;
description
"Clock precision of this system in integer format
(prec=2^(-n)). A value of 5 would mean 2^-5 = 31.25 ms.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
leaf clock-offset {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"The time offset to the current selected reference time
source e.g., '0.032ms' or '1.232ms'.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.1";
}
leaf root-delay {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"Total delay along the path to root clock.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 4 and 7.3";
}
leaf root-dispersion {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"The dispersion between the local clock
and the root clock, e.g., '6.927ms'.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 4 and 7.3";
}
leaf reference-time {
type ntp-date-and-time;
description
"The reference timestamp. Time when the system clock was
last set or corrected";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
leaf sync-state {
type identityref {
base ntp-sync-state;
}
mandatory true;
description
"The synchronization status of the local clock. Refered to
as 'Clock state definitions' in RFC 5905";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Appendix A.1.1";
}
}
}
list unicast-configuration {
if-feature "unicast-configuration";
key "address type";
description
"List of NTP unicast-configurations.";
leaf address {
type inet:ip-address;
description
"Address of this association.";
}
leaf type {
type identityref {
base unicast-configuration-type;
}
description
"Use client association mode. This device
will not provide synchronization to the
configured NTP server.";
}
container authentication {
if-feature "authentication";
description
"Authentication used for this association.";
uses authentication;
}
leaf prefer {
type boolean;
default "false";
description
"Whether this association is preferred or not.";
}
leaf burst {
type boolean;
default "false";
description
"If set, a series of packets are sent instead of a single
packet within each synchronization interval to achieve
faster synchronization.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 13.1";
}
leaf iburst {
type boolean;
default "false";
description
"If set, a series of packets are sent instead of a single
packet within the initial synchronization interval to
achieve faster initial synchronization.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 13.1";
}
leaf source {
type if:interface-ref;
description
"The interface whose IP address is used by this association
as the source address.";
}
uses common-attributes {
description
"Common attributes like port, version, min and max
poll.";
}
}
list associations {
key "address local-mode isconfigured";
config false;
description
"List of NTP associations. Here address, local-mode
and isconfigured are required to uniquely identify
a particular association. Lets take following examples -
1) If RT1 acting as broadcast server,
and RT2 acting as broadcast client, then RT2
will form dynamic association with address as RT1,
local-mode as client and isconfigured as false.
2) When RT2 is configured
with unicast-server RT1, then RT2 will form
association with address as RT1, local-mode as client
and isconfigured as true.
Thus all 3 leaves are needed as key to unique identify
the association.";
leaf address {
type inet:ip-address;
description
"The address of this association. Represents the IP
address of a unicast/multicast/broadcast address.";
}
leaf local-mode {
type identityref {
base association-mode;
}
description
"Local mode of this NTP association.";
}
leaf isconfigured {
type boolean;
description
"Indicates if this association is configured or
dynamically learned.";
}
leaf stratum {
type ntp-stratum;
description
"The association stratum value.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3";
}
leaf refid {
type refid;
description
"A code identifying the particular server or reference
clock. The interpretation depends upon startum. It
could be an IPv4 address or first 32 bits of the MD5 hash of
the IPv6 address or a string for the Reference Identifier
and KISS codes. Some examples:
-- a refclock ID like '127.127.1.0' for local clock sync
-- uni/multi/broadcast associations for IPv4 will look like
'203.0.113.1' and '0x4321FEDC' for IPv6
-- sync with primary source will look like 'DCN', 'NIST',
'ATOM'
-- KISS codes will look like 'AUTH', 'DROP', 'RATE'";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
leaf authentication {
if-feature "authentication";
type leafref {
path "/ntp:ntp/ntp:authentication/"
+ "ntp:authentication-keys/ntp:key-id";
}
description
"Authentication Key used for this association.";
}
leaf prefer {
type boolean;
default "false";
description
"Indicates if this association is preferred.";
}
leaf peer-interface {
type if:interface-ref;
description
"The interface which is used for communication.";
}
uses common-attributes {
description
"Common attributes like port, version, min and
max poll.";
}
leaf reach {
type uint8;
description
"The reachability of the configured
server or peer.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2 and 13";
}
leaf unreach {
type uint8;
description
"The unreachability of the configured
server or peer.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 9.2 and 13";
}
leaf poll {
type uint8;
units "seconds";
description
"The polling interval for current association";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 7.3";
}
leaf now {
type uint32;
units "seconds";
description
"The time since the last NTP packet was
received or last synchronized.";
}
leaf offset {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"The offset between the local clock
and the peer clock, e.g., '0.032ms' or '1.232ms'";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
leaf delay {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"The network delay between the local clock
and the peer clock.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
leaf dispersion {
type decimal64 {
fraction-digits 3;
}
units "milliseconds";
description
"The root dispersion between the local clock
and the peer clock.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 10";
}
leaf originate-time {
type ntp-date-and-time;
description
"This is the local time, in timestamp format,
when latest NTP packet was sent to peer (called T1).";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
leaf receive-time {
type ntp-date-and-time;
description
"This is the local time, in timestamp format,
when latest NTP packet arrived at peer (called T2).
If the peer becomes unreachable the value is set to zero.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
leaf transmit-time {
type ntp-date-and-time;
description
"This is the local time, in timestamp format,
at which the NTP packet departed the peer (called T3).
If the peer becomes unreachable the value is set to zero.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
leaf input-time {
type ntp-date-and-time;
description
"This is the local time, in timestamp format,
when the latest NTP message from the peer arrived (called
T4). If the peer becomes unreachable the value is set to
zero.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 8";
}
container ntp-statistics {
description
"Per Peer packet send and receive statistics.";
uses statistics {
description
"NTP send and receive packet statistics.";
}
}
}
container interfaces {
description
"Configuration parameters for NTP interfaces.";
list interface {
key "name";
description
"List of interfaces.";
leaf name {
type if:interface-ref;
description
"The interface name.";
}
container broadcast-server {
if-feature "broadcast-server";
presence "NTP broadcast-server is configured";
description
"Configuration of broadcast server.";
leaf ttl {
type uint8;
description
"Specifies the time to live (TTL) for a
broadcast packet.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
container authentication {
if-feature "authentication";
description
"Authentication used for this association.";
uses authentication;
}
uses common-attributes {
description
"Common attributes such as port, version, min and
max poll.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
container broadcast-client {
if-feature "broadcast-client";
presence "NTP broadcast-client is configured.";
description
"Configuration of broadcast-client.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
list multicast-server {
if-feature "multicast-server";
key "address";
description
"Configuration of multicast server.";
leaf address {
type rt-types:ip-multicast-group-address;
description
"The IP address to send NTP multicast packets.";
}
leaf ttl {
type uint8;
description
"Specifies the time to live (TTL) for a
multicast packet.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
container authentication {
if-feature "authentication";
description
"Authentication used for this association.";
uses authentication;
}
uses common-attributes {
description
"Common attributes such as port, version, min and
max poll.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
list multicast-client {
if-feature "multicast-client";
key "address";
description
"Configuration of multicast-client.";
leaf address {
type rt-types:ip-multicast-group-address;
description
"The IP address of the multicast group to
join.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
list manycast-server {
if-feature "manycast-server";
key "address";
description
"Configuration of manycast server.";
leaf address {
type rt-types:ip-multicast-group-address;
description
"The multicast group IP address to receive
manycast client messages.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
list manycast-client {
if-feature "manycast-client";
key "address";
description
"Configuration of manycast-client.";
leaf address {
type rt-types:ip-multicast-group-address;
description
"The group IP address that the manycast client
broadcasts the request message to.";
}
container authentication {
if-feature "authentication";
description
"Authentication used for this association.";
uses authentication;
}
leaf ttl {
type uint8;
description
"Specifies the maximum time to live (TTL) for
the expanding ring search.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
leaf minclock {
type uint8;
description
"The minimum manycast survivors in this
association.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Appendix A.1.1";
}
leaf maxclock {
type uint8;
description
"The maximum manycast candidates in this
association.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Appendix A.1.1";
}
leaf beacon {
type uint8;
units "seconds";
description
"The beacon is the upper limit of poll interval.";
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 13.2";
}
uses common-attributes {
description
"Common attributes like port, version, min and
max poll.";
}
reference
"RFC 5905: Network Time Protocol Version 4: Protocol and
Algorithms Specification, Section 3.1";
}
}
}
container ntp-statistics {
config false;
description
"Total NTP packet statistics.";
uses statistics {
description
"NTP send and receive packet statistics.";
}
}
}
}
]]>This section include examples for illustration purporses.This example describes how to configure a preferred unicast server present at 192.0.2.1 running at port 1025 with authentication-key 10 and version 4 (default).
192.0.2.1
servertrue102510
]]>An example with IPv6 would used the an IPv6 address (say 2001:db8::1) in the "address" leaf with no change in any other data tree.
2001:db8::1
servertrue102510
]]>This example is for retriving unicast configurations -
192.0.2.1
server10truefalsetrue61010259203.0.113.12550128100.0250.50.610-10-2017 07:33:55.253 Z+05:30\
10-10-2017 07:33:55.258 Z+05:30\
10-10-2017 07:33:55.300 Z+05:30\
10-10-2017 07:33:55.305 Z+05:30\
200200
]]>This example describes how to configure reference clock with stratum 8 - 8
]]>This example describes how to get reference clock configuration - 8
]]>This example describes how to enable authentication and configure trusted authentication key 10 with mode as md5 and key as 'abcd' - true10md5abcdtrue
]]>This example describes how to get authentication related configuration - false10md5abcdtrue
]]>This example describes how to configure access mode "peer" associated with acl 2000 - peer-access-mode2000
]]>This example describes how to get access related configuration - peer-access-mode2000
]]>This example describes how to configure multicast-server with address as "224.0.1.1", port as 1025 and authentication keyid as 10 - Ethernet3/0/0
224.0.1.1
1010253
]]>This example describes how to get multicast-server related configuration - Ethernet3/0/0
224.0.1.1
2551061010253
]]>This example describes how to configure multicast-client with address as "224.0.1.1" - Ethernet3/0/0
224.0.1.1
]]>This example describes how to get multicast-client related configuration - Ethernet3/0/0
224.0.1.1
]]>This example describes how to configure manycast-client with address as "224.0.1.1", port as 1025 and authentication keyid as 10 - Ethernet3/0/0
224.0.1.1
101025
]]>This example describes how to get manycast-client related configuration - Ethernet3/0/0
224.0.1.1
1025531066101025
]]>This example describes how to configure manycast-server with address as "224.0.1.1" - Ethernet3/0/0
224.0.1.1
]]>This example describes how to get manycast-server related configuration - Ethernet3/0/0
224.0.1.1
]]>This example describes how to get clock current state - synchronized7192.0.2.1192.0.2.1\
client\
yes\
100.0100.0180.0250.50.810-10-2017 07:33:55.258 Z+05:30\
clock-synchronized
]]>This example describes how to get all association present in the system -
192.0.2.1
9203.0.113.1clienttrue10trueEthernet3/0/0610102542550128100.0250.50.610-10-2017 07:33:55.253 Z+05:30\
10-10-2017 07:33:55.258 Z+05:30\
10-10-2017 07:33:55.300 Z+05:30\
10-10-2017 07:33:55.305 Z+05:30\
200200
]]>This example describes how to get clock current state - 305202
]]>This document registers a URI in the "IETF XML Registry" . Following the format in RFC 3688, the following
registration has been made.URI: urn:ietf:params:xml:ns:yang:ietf-ntpRegistrant Contact: The IESG.XML: N/A; the requested URI is an XML namespace.This document registers a YANG module in the "YANG Module Names"
registry .Name: ietf-ntpNamespace: urn:ietf:params:xml:ns:yang:ietf-ntpPrefix: ntpReference: RFC XXXXNote: The RFC Editor will replace XXXX with the number assigned
to this document once it becomes an RFC.The YANG module specified in this document defines a schema for data that is designed to be accessed via network management protocols such as NETCONF or RESTCONF . The lowest NETCONF layer is the secure transport layer, and the mandatory-to-implement secure transport is Secure Shell (SSH) . The lowest RESTCONF layer is HTTPS, and the mandatory-to-implement secure transport is TLS .The NETCONF Access Control Model (NACM) provides the means to restrict access for particular NETCONF or RESTCONF users to a preconfigured subset of all available NETCONF or RESTCONF protocol operations and content.There are a number of data nodes defined in this YANG module that are writable/creatable/deletable (i.e., config true, which is the default). These data nodes may be considered sensitive or vulnerable in some network environments. Write operations (e.g., edit-config) to these data nodes without proper protection can have a negative effect on network operations. These are the subtrees and data nodes and their sensitivity/vulnerability:
/ntp/port - This data node specify the port number to be used to send NTP packets. Unexpected changes could lead to disruption and/or network misbehavior./ntp/authentication and /ntp/access-rules - The entries in the list include the authentication and access control configurations. Care should be taken while setting these parameters./ntp/unicast-configuration - The entries in the list include all unicast configurations (server or peer mode), and indirectly creates or modify the NTP
associations. Unexpected changes could lead to disruption and/or network misbehavior./ntp/interfaces/interface - The entries in the list include all per-interface configurations related to broadcast, multicast and manycast mode, and indirectly creates or modify the NTP
associations. Unexpected changes could lead to disruption and/or network misbehavior.Some of the readable data nodes in this YANG module may be considered sensitive or vulnerable in some network environments. It is thus important to control read access (e.g., via get, get-config, or notification) to these data nodes. These are the subtrees and data nodes and their sensitivity/vulnerability:
/ntp/authentication/authentication-keys - The entries in the list includes all the NTP authentication keys. This information is sensitive and can be exploited and thus unauthorized access to this needs to be curtailed. /ntp/associations - The entries in the list includes all active NTP associations of all modes. Unauthorized access to this also needs to be curtailed. The leaf /ntp/authentication/authentication-keys/algorithm can be set to cryptographic algorithms that are no longer considered to be secure. As per , AES-CMAC is the recommended algorithm. The authors would like to express their thanks to Sladjana Zoric,
Danny Mayer, Harlan Stenn, Ulrich Windl, Miroslav Lichvar, Maurice Angermann, Watson Ladd, and Rich Salz for their
review and suggestions.Thanks to Andy Bierman for the YANG doctor review.Thanks to Dieter Sibold for being the document shepherd and Erik Kline for being the responsible AD.Thanks to Takeshi Takahashi for SECDIR review.A special thanks to Tom Petch for a very detailed YANG review and providing great suggestions for improvements.The full tree for ietf-ntp YANG model is - /acl:acls/acl/name
+--ro clock-state
| +--ro system-status
| +--ro clock-state identityref
| +--ro clock-stratum ntp-stratum
| +--ro clock-refid refid
| +--ro associations-address?
| | -> /ntp/associations/address
| +--ro associations-local-mode?
| | -> /ntp/associations/local-mode
| +--ro associations-isconfigured?
| | -> /ntp/associations/isconfigured
| +--ro nominal-freq decimal64
| +--ro actual-freq decimal64
| +--ro clock-precision uint8
| +--ro clock-offset? decimal64
| +--ro root-delay? decimal64
| +--ro root-dispersion? decimal64
| +--ro reference-time? ntp-date-and-time
| +--ro sync-state identityref
+--rw unicast-configuration* [address type]
| {unicast-configuration}?
| +--rw address inet:ip-address
| +--rw type identityref
| +--rw authentication {authentication}?
| | +--rw (authentication-type)?
| | +--:(symmetric-key)
| | +--rw key-id? leafref
| +--rw prefer? boolean
| +--rw burst? boolean
| +--rw iburst? boolean
| +--rw source? if:interface-ref
| +--rw minpoll? uint8
| +--rw maxpoll? uint8
| +--rw port? inet:port-number {ntp-port}?
| +--rw version? ntp-version
+--ro associations* [address local-mode isconfigured]
| +--ro address inet:ip-address
| +--ro local-mode identityref
| +--ro isconfigured boolean
| +--ro stratum? ntp-stratum
| +--ro refid? refid
| +--ro authentication?
| | -> /ntp/authentication/authentication-keys/key-id
| | {authentication}?
| +--ro prefer? boolean
| +--ro peer-interface? if:interface-ref
| +--ro minpoll? uint8
| +--ro maxpoll? uint8
| +--ro port? inet:port-number {ntp-port}?
| +--ro version? ntp-version
| +--ro reach? uint8
| +--ro unreach? uint8
| +--ro poll? uint8
| +--ro now? uint32
| +--ro offset? decimal64
| +--ro delay? decimal64
| +--ro dispersion? decimal64
| +--ro originate-time? ntp-date-and-time
| +--ro receive-time? ntp-date-and-time
| +--ro transmit-time? ntp-date-and-time
| +--ro input-time? ntp-date-and-time
| +--ro ntp-statistics
| +--ro discontinuity-time? ntp-date-and-time
| +--ro packet-sent? yang:counter32
| +--ro packet-sent-fail? yang:counter32
| +--ro packet-received? yang:counter32
| +--ro packet-dropped? yang:counter32
+--rw interfaces
| +--rw interface* [name]
| +--rw name if:interface-ref
| +--rw broadcast-server! {broadcast-server}?
| | +--rw ttl? uint8
| | +--rw authentication {authentication}?
| | | +--rw (authentication-type)?
| | | +--:(symmetric-key)
| | | +--rw key-id? leafref
| | +--rw minpoll? uint8
| | +--rw maxpoll? uint8
| | +--rw port? inet:port-number {ntp-port}?
| | +--rw version? ntp-version
| +--rw broadcast-client! {broadcast-client}?
| +--rw multicast-server* [address] {multicast-server}?
| | +--rw address
| | | rt-types:ip-multicast-group-address
| | +--rw ttl? uint8
| | +--rw authentication {authentication}?
| | | +--rw (authentication-type)?
| | | +--:(symmetric-key)
| | | +--rw key-id? leafref
| | +--rw minpoll? uint8
| | +--rw maxpoll? uint8
| | +--rw port? inet:port-number {ntp-port}?
| | +--rw version? ntp-version
| +--rw multicast-client* [address] {multicast-client}?
| | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-server* [address] {manycast-server}?
| | +--rw address rt-types:ip-multicast-group-address
| +--rw manycast-client* [address] {manycast-client}?
| +--rw address
| | rt-types:ip-multicast-group-address
| +--rw authentication {authentication}?
| | +--rw (authentication-type)?
| | +--:(symmetric-key)
| | +--rw key-id? leafref
| +--rw ttl? uint8
| +--rw minclock? uint8
| +--rw maxclock? uint8
| +--rw beacon? uint8
| +--rw minpoll? uint8
| +--rw maxpoll? uint8
| +--rw port? inet:port-number {ntp-port}?
| +--rw version? ntp-version
+--ro ntp-statistics
+--ro discontinuity-time? ntp-date-and-time
+--ro packet-sent? yang:counter32
+--ro packet-sent-fail? yang:counter32
+--ro packet-received? yang:counter32
+--ro packet-dropped? yang:counter32
]]>