Internet Engineering Task Force (IETF) H. Gerstung
Request for Comments: 5907 Meinberg
Category: Standards Track C. Elliott
ISSN: 2070-1721
B. Haberman, Ed.
JHU APL
June 2010
Definitions of Managed Objects for
Network Time Protocol Version 4 (NTPv4)
Abstract
The Network Time Protocol (NTP) is used in networks of all types and
sizes for time synchronization of servers, workstations, and other
networked equipment. As time synchronization is more and more a
mission-critical service, standardized means for monitoring and
management of this subsystem of a networked host are required to
allow operators of such a service to set up a monitoring system that
is platform- and vendor-independent. This document provides a
standardized collection of data objects for monitoring the NTP entity
of such a network participant and it is part of the NTP version 4
standardization effort.
5Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc5907.
Gerstung, et al. Standards Track [Page 1]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
The NTPv4 MIB module is designed to allow Simple Network Management
Protocol (SNMP) to be used to monitor and manage local NTP [RFC5905]
entities. It provides a collection of data objects that can be
queried using the SNMP protocol and represent the current status of
the NTP entity. This includes general information about the NTP
entity itself (vendor, product, version) as well as connectivity to
upstream NTP servers used as sources of reference time and to
hardware reference clocks like radio clocks. The most important
values are included in order to be able to detect failures before
they can have an impact on the overall time synchronization status of
the network. There are also a collection of notification objects to
inform about state changes in the NTP entity. There are objects to
control these notifications as well.
Gerstung, et al. Standards Track [Page 2]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
2. Conventions Used in This Document
The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
3. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in STD 58,
RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580
[RFC2580].
4. Technical Description
The NTPv4 MIB module is divided into sections for general server
information, current NTP entity status, status information of all
mobilized associations (e.g., unicast upstream time servers,
multicast or broadcast, time references, and hardware clocks), NTP
entity control objects, NTP objects used only for notifications, as
well as SNMP notification definitions for core events.
The general server information section contains static information
and can be queried to identify which NTP implementation is running on
a host. This includes the vendor and product name of the running NTP
software as well as version information, hardware/os platform
identity, and the time resolution of the underlying OS.
Section 2 (current NTP status) includes data objects that represent
the current operational status of the NTP entity.
The third section contains data objects that represent the set of
time references ("associations") with which the NTP entity is
currently working.
The fourth section contains objects that can be used to control the
NTP entity. The currently defined objects control how often the
heartbeat interval notification is sent out and which notifications
are enabled.
Gerstung, et al. Standards Track [Page 3]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
The fifth section contains objects that are only used as varbinds in
notifications. There is currently only one object in this section --
a message that adds a cleartext event message to notifications.
Certain important events can occur while the NTP entity is running.
The notification section defines SNMP notifications for a collection
of the most important ones ("core events") and additionally provides
a heartbeat notification as well as a test notification to allow
management systems to test the reception of NTP-related notifications
as well as enable heartbeat-based monitoring systems to assure that
the NTP entity is still up and running.
Some values are included both in numeric and in human-readable
(string) format. This has been done to simplify the representation
of a status information. If the two representations of a certain
value differ, the numeric representation takes precedence.
5. MIB Definition
-- *********************************************************************
--
-- The Network Time Protocol Version 4
-- Management Information Base (MIB)
--
-- Authors: Heiko Gerstung ([email protected])
-- Chris Elliott ([email protected])
--
-- for the Internet Engineering Task Force (IETF)
-- NTP Working Group (ntpwg)
--
--
-- *********************************************************************
-- Rev 1.00
-- Published as RFC 5907
--
-- *********************************************************************
NTPv4-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE , mib-2, Integer32, NOTIFICATION-TYPE,
Unsigned32, Counter32, TimeTicks
FROM SNMPv2-SMI -- RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF -- RFC 2580
DisplayString, TEXTUAL-CONVENTION
FROM SNMPv2-TC -- RFC 2579
Gerstung, et al. Standards Track [Page 4]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB -- RFC 4001
Utf8String
FROM SYSAPPL-MIB; -- RFC 2287
Brian Haberman
11100 Johns Hopkins Road
Laurel, MD 20723
USA
Phone: +1-443-778-1319
Email: [email protected]"
DESCRIPTION
"The Management Information Base for NTP time entities.
Copyright (c) 2010 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
Gerstung, et al. Standards Track [Page 5]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
NtpStratum ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"The NTP stratum, with 16 representing no stratum."
SYNTAX Unsigned32 (1..16)
NtpDateTime ::= TEXTUAL-CONVENTION
DISPLAY-HINT "4d:4d:4d.4d"
STATUS current
DESCRIPTION
"NTP date/time on the device, in 128-bit
NTP date format. If time is not syncronized, this
field shall be a zero-length string.
This trusted certificate (TC) is not to be used for objects
that are used to set the time of the node querying this
object. NTP should be used for this -- or at least SNTP."
REFERENCE "RFC 5905, section 6"
SYNTAX OCTET STRING (SIZE (0 | 16))
--
-- Section 1: General NTP Entity information objects
-- (relatively static information)
--
Gerstung, et al. Standards Track [Page 6]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntSoftwareName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The product name of the running NTP version, e.g., 'ntpd'."
::= { ntpEntInfo 1 }
ntpEntSoftwareVersion OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The software version of the installed NTP implementation
as a full version string, e.g., '[email protected] ...'"
::= { ntpEntInfo 2 }
ntpEntSoftwareVendor OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The vendor/author of the installed NTP version."
::= { ntpEntInfo 3 }
ntpEntSystemType OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"General hardware/os platform information,
e.g., 'Linux 2.6.12 / x86'."
-- freely configurable, default is OS Version / Hardware platform
::= { ntpEntInfo 4 }
ntpEntTimeResolution OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time resolution in integer format, where the resolution
is represented as divisions of a second, e.g., a value of 1000
translates to 1.0 ms."
::= { ntpEntInfo 5 }
Gerstung, et al. Standards Track [Page 7]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntTimePrecision OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The entity's precision in integer format, shows the precision.
A value of -5 would mean 2^-5 = 31.25 ms."
::= { ntpEntInfo 6 }
ntpEntTimeDistance OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The distance from this NTP entity to the root time reference
(stratum 0) source including the unit, e.g., '13.243 ms'."
::= { ntpEntInfo 7 }
--
-- Section 2: Current NTP status (dynamic information)
--
ntpEntStatusCurrentMode OBJECT-TYPE
SYNTAX INTEGER {
notRunning(1),
notSynchronized(2),
noneConfigured(3),
syncToLocal(4),
syncToRefclock(5),
syncToRemoteServer(6),
unknown(99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current mode of the NTP. The definition of each possible
value is:
notRunning(1) - NTP is not running.
notSynchronized(2) - NTP is not synchronized to any time
source (stratum = 16).
noneConfigured(3) - NTP is not synchronized and does not
have a reference configured
(stratum = 16).
syncToLocal(4) - NTP is distributing time based on its
local clock (degraded accuracy and/or
reliability).
syncToRefclock(5) - NTP is synchronized to a local
hardware refclock (e.g., GPS).
Gerstung, et al. Standards Track [Page 8]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
syncToRemoteServer(6) - NTP is synchronized to a remote
NTP server ('upstream' server).
unknown(99) - The state of NTP is unknown."
::= { ntpEntStatus 1 }
ntpEntStatusStratum OBJECT-TYPE
SYNTAX NtpStratum
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NTP entity's own stratum value. Should be a stratum of
syspeer + 1 (or 16 if no syspeer)."
::= { ntpEntStatus 2 }
ntpEntStatusActiveRefSourceId OBJECT-TYPE
SYNTAX Unsigned32 ( 0..99999 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The association ID of the current syspeer."
::= { ntpEntStatus 3 }
ntpEntStatusActiveRefSourceName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hostname/descriptive name of the current reference source
selected as syspeer, e.g., 'ntp1.ptb.de' or 'GPS' or
'DCFi', ..."
::= { ntpEntStatus 4 }
ntpEntStatusActiveOffset OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time offset to the current selected reference time source
as a string including unit, e.g., '0.032 ms' or '1.232 s'."
::= { ntpEntStatus 5 }
ntpEntStatusNumberOfRefSources OBJECT-TYPE
SYNTAX Unsigned32 (0..99)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of reference sources configured for NTP."
::= { ntpEntStatus 6 }
Gerstung, et al. Standards Track [Page 9]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntStatusDispersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The root dispersion of the running NTP entity, e.g., '6.927'."
::= { ntpEntStatus 7 }
ntpEntStatusEntityUptime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The uptime of the NTP entity, (i.e., the time since ntpd was
(re-)initialized not sysUptime!). The time is represented in
hundreds of seconds since Jan 1, 1970 (00:00:00.000) UTC."
::= { ntpEntStatus 8 }
ntpEntStatusDateTime OBJECT-TYPE
SYNTAX NtpDateTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current NTP date/time on the device, in 128-bit
NTP date format. If time is not syncronized, this
field shall be a zero-length string.
This object can be used to timestamp events on this
node and allow a management station to correlate
different time objects. For example, a management
station could query this object and sysUpTime in
the same operation to be able to relate sysUpTime
to NTP time.
This object is not to be used to set the time of
the node querying this object. NTP should be used
for this -- or at least SNTP."
REFERENCE "RFC 5905, section 6"
::= { ntpEntStatus 9 }
ntpEntStatusLeapSecond OBJECT-TYPE
SYNTAX NtpDateTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Date the next known leap second will occur. If there is
no leap second announced, then this object should be 0."
::= { ntpEntStatus 10 }
Gerstung, et al. Standards Track [Page 10]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntStatusLeapSecDirection OBJECT-TYPE
SYNTAX Integer32 (-1..1)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Direction of next known leap second. If there is no
leap second announced, then this object should be 0."
::= { ntpEntStatus 11 }
ntpEntStatusInPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
NTP entity from the transport service.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 12 }
ntpEntStatusOutPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
transport service by this NTP entity.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 13 }
ntpEntStatusBadVersion OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity and were for an unsupported NTP
version.
Gerstung, et al. Standards Track [Page 11]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 14 }
ntpEntStatusProtocolError OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity and this entity was not able to
process due to an NTP protocol error.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 15 }
ntpEntStatusNotifications OBJECT-TYPE
SYNTAX Counter32
UNITS "notifications"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of SNMP notifications that this NTP
entity has generated.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 16 }
ntpEntStatPktModeTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpEntStatPktModeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The number of packets sent and received by packet mode.
One entry per packet mode."
::= { ntpEntStatus 17 }
ntpEntStatPktModeEntry OBJECT-TYPE
SYNTAX NtpEntStatPktModeEntry
MAX-ACCESS not-accessible
STATUS current
Gerstung, et al. Standards Track [Page 12]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
DESCRIPTION
"A statistical record of the number of packets sent and
received for each packet mode."
INDEX { ntpEntStatPktMode }
::= { ntpEntStatPktModeTable 1 }
ntpEntStatPktMode OBJECT-TYPE
SYNTAX INTEGER {
symetricactive(1),
symetricpassive(2),
client(3),
server(4),
broadcastserver(5),
broadcastclient(6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The NTP packet mode."
::= { ntpEntStatPktModeEntry 1 }
ntpEntStatPktSent OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of NTP packets sent with this packet mode.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatPktModeEntry 2 }
ntpEntStatPktReceived OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of NTP packets received with this packet mode.
Gerstung, et al. Standards Track [Page 13]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatPktModeEntry 3 }
--
-- Section 3: The status of all currently mobilized associations
--
ntpAssociationTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of currently mobilized associations."
::= { ntpAssociation 1 }
ntpAssociationEntry OBJECT-TYPE
SYNTAX NtpAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table entry of currently mobilized associations."
INDEX { ntpAssocId }
::= { ntpAssociationTable 1 }
ntpAssocId OBJECT-TYPE
SYNTAX Unsigned32 ( 1..99999 )
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The association ID. This is an internal, unique ID."
::= { ntpAssociationEntry 1 }
Gerstung, et al. Standards Track [Page 14]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpAssocName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hostname or other descriptive name for the association."
::= { ntpAssociationEntry 2 }
ntpAssocRefId OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The refclock driver ID, if available."
-- a refclock driver ID like "127.127.1.0" for non
-- uni/multi/broadcast associations
::= { ntpAssociationEntry 3 }
ntpAssocAddressType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2), ipv4z(3), ipv6z(4) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address of the association. Can be either IPv4 or
IPv6 (both with or without zone index) and contains the type of
address for unicast, multicast, and broadcast associations."
::= { ntpAssociationEntry 4 }
ntpAssocAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|8|16|20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address (IPv4 or IPv6, with or without zone index) of
the association. The type and size depends on the
ntpAssocAddressType object. Represents the IP address of a
uni/multi/broadcast association."
::= { ntpAssociationEntry 5 }
ntpAssocOffset OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time offset to the association as a string."
-- including unit, e.g., "0.032 ms" or "1.232 s"
::= { ntpAssociationEntry 6 }
Gerstung, et al. Standards Track [Page 15]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpAssocStratum OBJECT-TYPE
SYNTAX NtpStratum
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The association stratum value."
::= { ntpAssociationEntry 7 }
ntpAssocStatusJitter OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The jitter in milliseconds as a string."
::= { ntpAssociationEntry 8 }
ntpAssocStatusDelay OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The network delay in milliseconds as a string."
::= { ntpAssociationEntry 9 }
ntpAssocStatusDispersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The root dispersion of the association."
-- e.g., "6.927"
::= { ntpAssociationEntry 10 }
ntpAssociationStatisticsTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpAssociationStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of statistics for current associations."
::= { ntpAssociation 2 }
ntpAssociationStatisticsEntry OBJECT-TYPE
SYNTAX NtpAssociationStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table entry of statistics for current associations."
INDEX { ntpAssocId }
Gerstung, et al. Standards Track [Page 16]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpAssocStatInPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
NTP entity from this association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 1 }
ntpAssocStatOutPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
transport service by this NTP entity for this
association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 2 }
ntpAssocStatProtocolError OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity from this association and this entity
was not able to process due to an NTP protocol error.
Gerstung, et al. Standards Track [Page 17]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 3 }
--
-- Section 4: Control objects
--
ntpEntHeartbeatInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The interval at which the ntpEntNotifHeartbeat notification
should be sent, in seconds. If set to 0 and the
entNotifHeartbeat bit in ntpEntNotifBits is 1, then
ntpEntNotifHeartbeat is sent once.
This value is stored persistently and will be restored to its
last set value upon cold start or restart."
DEFVAL { 60 }
::= { ntpEntControl 1 }
ntpEntNotifBits OBJECT-TYPE
SYNTAX BITS {
notUsed(0), -- Used to sync up bit and notification
-- indices
entNotifModeChange(1),
entNotifStratumChange(2),
entNotifSyspeerChanged(3),
entNotifAddAssociation(4),
entNotifRemoveAssociation(5),
entNotifConfigChanged(6),
entNotifLeapSecondAnnounced(7),
entNotifHeartbeat(8)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A bit for each notification. A 1 for a particular bit enables
that particular notification, a 0 disables it.
This value is stored persistently and will be restored to its
last set value upon cold start or restart."
::= { ntpEntControl 2 }
Gerstung, et al. Standards Track [Page 18]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
--
-- Section 5: Notification objects
--
ntpEntNotifMessage OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used as a payload object for all notifications. Holds a
cleartext event message."
DEFVAL { "no event" }
::= { ntpEntNotifObjects 1 }
ntpEntNotifModeChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusCurrentMode }
STATUS current
DESCRIPTION
"The notification to be sent when the NTP entity changes mode,
including starting and stopping (if possible)."
::= { ntpEntNotifications 1 }
ntpEntNotifStratumChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusStratum,
ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when stratum level of NTP changes."
::= { ntpEntNotifications 2 }
ntpEntNotifSyspeerChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusActiveRefSourceId,
ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when a (new) syspeer has been
selected."
::= { ntpEntNotifications 3 }
ntpEntNotifAddAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current
Gerstung, et al. Standards Track [Page 19]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
DESCRIPTION
"The notification to be sent when a new association is
mobilized."
::= { ntpEntNotifications 4 }
ntpEntNotifRemoveAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when an association is
demobilized."
::= { ntpEntNotifications 5 }
ntpEntNotifConfigChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when the NTP configuration has
changed, e.g., when the system connected to the Internet and
was assigned a new IP address by the ISPs DHCP server."
::= { ntpEntNotifications 6 }
ntpEntNotifLeapSecondAnnounced NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when a leap second has been
announced."
::= { ntpEntNotifications 7 }
ntpEntNotifHeartbeat NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusCurrentMode,
ntpEntHeartbeatInterval, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent periodically (as defined by
ntpEntHeartbeatInterval) to indicate that the NTP entity is
still alive."
::= { ntpEntNotifications 8 }
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntNTPCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities that use NTP and
implement the NTP MIB."
MODULE -- this module
MANDATORY-GROUPS {
ntpEntObjectsGroup1
}
::= { ntpEntCompliances 1 }
ntpEntSNTPCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities that use SNTP and
implement the NTP MIB."
MODULE -- this module
MANDATORY-GROUPS {
ntpEntObjectsGroup1
}
GROUP ntpEntObjectsGroup2
DESCRIPTION
"Optional object group."
GROUP ntpEntNotifGroup
DESCRIPTION
"Optional notifications for this MIB."
::= { ntpEntCompliances 2 }
ntpEntObjectsGroup1 OBJECT-GROUP
OBJECTS {
ntpEntSoftwareName,
ntpEntSoftwareVersion,
ntpEntSoftwareVendor,
ntpEntSystemType,
ntpEntStatusEntityUptime,
ntpEntStatusDateTime,
ntpAssocName,
ntpAssocRefId,
ntpAssocAddressType,
ntpAssocAddress
}
STATUS current
DESCRIPTION
"A collection of objects for the NTP MIB."
::= { ntpEntGroups 1 }
ntpEntObjectsGroup2 OBJECT-GROUP
OBJECTS {
Gerstung, et al. Standards Track [Page 21]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntTimeResolution,
ntpEntTimePrecision,
ntpEntTimeDistance,
ntpEntStatusCurrentMode,
ntpEntStatusStratum,
ntpEntStatusActiveRefSourceId,
ntpEntStatusActiveRefSourceName,
ntpEntStatusActiveOffset,
ntpEntStatusNumberOfRefSources,
ntpEntStatusDispersion,
ntpEntStatusLeapSecond,
ntpEntStatusLeapSecDirection,
ntpEntStatusInPkts,
ntpEntStatusOutPkts,
ntpEntStatusBadVersion,
ntpEntStatusProtocolError,
ntpEntStatusNotifications,
ntpEntStatPktSent,
ntpEntStatPktReceived,
ntpAssocOffset,
ntpAssocStratum,
ntpAssocStatusJitter,
ntpAssocStatusDelay,
ntpAssocStatusDispersion,
ntpAssocStatInPkts,
ntpAssocStatOutPkts,
ntpAssocStatProtocolError,
ntpEntHeartbeatInterval,
ntpEntNotifBits,
ntpEntNotifMessage
}
STATUS current
DESCRIPTION
"A collection of objects for the NTP MIB."
::= { ntpEntGroups 2 }
ntpEntNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
ntpEntNotifModeChange,
ntpEntNotifStratumChange,
ntpEntNotifSyspeerChanged,
ntpEntNotifAddAssociation,
ntpEntNotifRemoveAssociation,
ntpEntNotifConfigChanged,
ntpEntNotifLeapSecondAnnounced,
ntpEntNotifHeartbeat
}
STATUS current
Gerstung, et al. Standards Track [Page 22]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
DESCRIPTION
"A collection of notifications for the NTP MIB"
::= { ntpEntGroups 3 }
END
6. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
ntpSnmp { mib-2 197 }
7. Security Considerations
There are currently two management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations. These are the objects and their sensitivity/
vulnerability:
ntpEntHeartbeatInterval controls the interval of heartbeat
notifications. If set to 1, this will cause the NTP entity to send
one notification each second. This is the maximum rate (1/s) that
can be generated automatically. If it is set to 0, then one single
hearbeat notification will be created and no further automatically
generated notification is sent. This functionality can be used to
create notifications at a higher rate (as high as the object can be
written).
ntpEntNotifBits enables/disables notifications. Could be used to
switch off notifications in order to delay or eliminate the
notification for critical and important events.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability:
Gerstung, et al. Standards Track [Page 23]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVendor, and
ntpEntSystemType all can be used to identify software and its version
as well as the operating system and hardware platform. This might
help a potential attacker to find security problems and therefore can
be used in the preparation of an attack.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. It is RECOMMENDED that implementers consider the
security features as provided by the SNMPv3 framework (see RFC 3410
[RFC3410], section 8), including full support for the SNMPv3
cryptographic mechanisms (for authentication and privacy). Further,
deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED.
Instead, it is RECOMMENDED to deploy SNMPv3 and to enable
cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
8. Acknowledgments
Bert Wijnen provided valuable feedback as the MIB Doctor for this
document.
9. References
9.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010.
[RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level
Managed Objects for Applications", RFC 2287,
February 1998.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
Gerstung, et al. Standards Track [Page 24]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
9.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
Gerstung, et al. Standards Track [Page 25]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010
Authors' Addresses
Heiko Gerstung
Meinberg Funkuhren Gmbh & Co. KG
Lange Wand 9
Bad Pyrmont 31812
Germany
