Movatterモバイル変換
[0]ホーム
[RFC Home] [TEXT|PDF|HTML] [Tracker] [IPR] [Errata] [Info page]
PROPOSED STANDARD
Errata ExistInternet Engineering Task Force (IETF) H. GerstungRequest for Comments: 5907 MeinbergCategory: Standards Track C. ElliottISSN: 2070-1721 B. Haberman, Ed. JHU APL June 2010Definitions of Managed Objects forNetwork Time Protocol Version 4 (NTPv4)Abstract The Network Time Protocol (NTP) is used in networks of all types and sizes for time synchronization of servers, workstations, and other networked equipment. As time synchronization is more and more a mission-critical service, standardized means for monitoring and management of this subsystem of a networked host are required to allow operators of such a service to set up a monitoring system that is platform- and vendor-independent. This document provides a standardized collection of data objects for monitoring the NTP entity of such a network participant and it is part of the NTP version 4 standardization effort.5Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available inSection 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained athttp://www.rfc-editor.org/info/rfc5907.Gerstung, et al. Standards Track [Page 1]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject toBCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents1. Introduction ....................................................22. Conventions Used in This Document ...............................33. The Internet-Standard Management Framework ......................34. Technical Description ...........................................35. MIB Definition ..................................................46. IANA Considerations ............................................237. Security Considerations ........................................238. Acknowledgments ................................................249. References .....................................................249.1. Normative References ......................................249.2. Informative References ....................................21. Introduction The NTPv4 MIB module is designed to allow Simple Network Management Protocol (SNMP) to be used to monitor and manage local NTP [RFC5905] entities. It provides a collection of data objects that can be queried using the SNMP protocol and represent the current status of the NTP entity. This includes general information about the NTP entity itself (vendor, product, version) as well as connectivity to upstream NTP servers used as sources of reference time and to hardware reference clocks like radio clocks. The most important values are included in order to be able to detect failures before they can have an impact on the overall time synchronization status of the network. There are also a collection of notification objects to inform about state changes in the NTP entity. There are objects to control these notifications as well.Gerstung, et al. Standards Track [Page 2]
RFC 5907 Definitions of Managed Objects for NTPv4 June 20102. Conventions Used in This Document The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].3. The Internet-Standard Management Framework For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer tosection 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58,RFC 2578 [RFC2578], STD 58,RFC 2579 [RFC2579] and STD 58,RFC 2580 [RFC2580].4. Technical Description The NTPv4 MIB module is divided into sections for general server information, current NTP entity status, status information of all mobilized associations (e.g., unicast upstream time servers, multicast or broadcast, time references, and hardware clocks), NTP entity control objects, NTP objects used only for notifications, as well as SNMP notification definitions for core events. The general server information section contains static information and can be queried to identify which NTP implementation is running on a host. This includes the vendor and product name of the running NTP software as well as version information, hardware/os platform identity, and the time resolution of the underlying OS.Section 2 (current NTP status) includes data objects that represent the current operational status of the NTP entity. The third section contains data objects that represent the set of time references ("associations") with which the NTP entity is currently working. The fourth section contains objects that can be used to control the NTP entity. The currently defined objects control how often the heartbeat interval notification is sent out and which notifications are enabled.Gerstung, et al. Standards Track [Page 3]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 The fifth section contains objects that are only used as varbinds in notifications. There is currently only one object in this section -- a message that adds a cleartext event message to notifications. Certain important events can occur while the NTP entity is running. The notification section defines SNMP notifications for a collection of the most important ones ("core events") and additionally provides a heartbeat notification as well as a test notification to allow management systems to test the reception of NTP-related notifications as well as enable heartbeat-based monitoring systems to assure that the NTP entity is still up and running. Some values are included both in numeric and in human-readable (string) format. This has been done to simplify the representation of a status information. If the two representations of a certain value differ, the numeric representation takes precedence.5. MIB Definition-- *********************************************************************---- The Network Time Protocol Version 4-- Management Information Base (MIB)---- Authors: Heiko Gerstung (heiko.gerstung@meinberg.de)-- Chris Elliott (chelliot@pobox.com)---- for the Internet Engineering Task Force (IETF)-- NTP Working Group (ntpwg)------ *********************************************************************-- Rev 1.00-- Published asRFC 5907---- *********************************************************************NTPv4-MIB DEFINITIONS ::= BEGINIMPORTS MODULE-IDENTITY, OBJECT-TYPE , mib-2, Integer32, NOTIFICATION-TYPE, Unsigned32, Counter32, TimeTicks FROM SNMPv2-SMI --RFC 2578 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP FROM SNMPv2-CONF --RFC 2580 DisplayString, TEXTUAL-CONVENTION FROM SNMPv2-TC --RFC 2579Gerstung, et al. Standards Track [Page 4]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 InetAddressType, InetAddress FROM INET-ADDRESS-MIB --RFC 4001 Utf8String FROM SYSAPPL-MIB; --RFC 2287ntpSnmpMIB MODULE-IDENTITY LAST-UPDATED "201005170000Z" -- May 17, 2010 ORGANIZATION "The IETF NTP Working Group (ntpwg)" CONTACT-INFO " WG Email: ntpwg@lists.ntp.isc.org Subscribe:https://lists.ntp.isc.org/mailman/listinfo/ntpwg Heiko Gerstung Meinberg Funkuhren Gmbh & Co. KG Lange Wand 9 Bad Pyrmont 31812 Germany Phone: +49 5281 9309 25 Email: heiko.gerstung@meinberg.de Chris Elliott 1516 Kent St. Durham, NC 27707 USA Phone: +1-919-308-1216 Email: chelliot@pobox.com Brian Haberman 11100 Johns Hopkins Road Laurel, MD 20723 USA Phone: +1-443-778-1319 Email: brian@innovationslab.net" DESCRIPTION "The Management Information Base for NTP time entities. Copyright (c) 2010 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth inSection 4.c of the IETF Trust's Legal Provisions Relating to IETF DocumentsGerstung, et al. Standards Track [Page 5]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 (http://trustee.ietf.org/license-info)." REVISION "201005170000Z" DESCRIPTION "This revision of the MIB module is published asRFC 5907." ::= { mib-2 197 }ntpSnmpMIBObjects OBJECT IDENTIFIER ::= { ntpSnmpMIB 1 }-- MIB contains 6 groupsntpEntInfo OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 1 }ntpEntStatus OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 2 }ntpAssociation OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 3 }ntpEntControl OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 4 }ntpEntNotifObjects OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 5 }---- Textual Conventions--NtpStratum ::= TEXTUAL-CONVENTION DISPLAY-HINT "d" STATUS current DESCRIPTION "The NTP stratum, with 16 representing no stratum." SYNTAX Unsigned32 (1..16)NtpDateTime ::= TEXTUAL-CONVENTION DISPLAY-HINT "4d:4d:4d.4d" STATUS current DESCRIPTION "NTP date/time on the device, in 128-bit NTP date format. If time is not syncronized, this field shall be a zero-length string. This trusted certificate (TC) is not to be used for objects that are used to set the time of the node querying this object. NTP should be used for this -- or at least SNTP." REFERENCE "RFC 5905, section 6" SYNTAX OCTET STRING (SIZE (0 | 16))----Section 1: General NTP Entity information objects-- (relatively static information)--Gerstung, et al. Standards Track [Page 6]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpEntSoftwareName OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "The product name of the running NTP version, e.g., 'ntpd'." ::= { ntpEntInfo 1 }ntpEntSoftwareVersion OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "The software version of the installed NTP implementation as a full version string, e.g., 'ntpd-4.2.0b@1.1433 ...'" ::= { ntpEntInfo 2 }ntpEntSoftwareVendor OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "The vendor/author of the installed NTP version." ::= { ntpEntInfo 3 }ntpEntSystemType OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "General hardware/os platform information, e.g., 'Linux 2.6.12 / x86'." -- freely configurable, default is OS Version / Hardware platform ::= { ntpEntInfo 4 }ntpEntTimeResolution OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The time resolution in integer format, where the resolution is represented as divisions of a second, e.g., a value of 1000 translates to 1.0 ms." ::= { ntpEntInfo 5 }Gerstung, et al. Standards Track [Page 7]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpEntTimePrecision OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The entity's precision in integer format, shows the precision. A value of -5 would mean 2^-5 = 31.25 ms." ::= { ntpEntInfo 6 }ntpEntTimeDistance OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The distance from this NTP entity to the root time reference (stratum 0) source including the unit, e.g., '13.243 ms'." ::= { ntpEntInfo 7 }----Section 2: Current NTP status (dynamic information)--ntpEntStatusCurrentMode OBJECT-TYPE SYNTAX INTEGER { notRunning(1), notSynchronized(2), noneConfigured(3), syncToLocal(4), syncToRefclock(5), syncToRemoteServer(6), unknown(99) } MAX-ACCESS read-only STATUS current DESCRIPTION "The current mode of the NTP. The definition of each possible value is: notRunning(1) - NTP is not running. notSynchronized(2) - NTP is not synchronized to any time source (stratum = 16). noneConfigured(3) - NTP is not synchronized and does not have a reference configured (stratum = 16). syncToLocal(4) - NTP is distributing time based on its local clock (degraded accuracy and/or reliability). syncToRefclock(5) - NTP is synchronized to a local hardware refclock (e.g., GPS).Gerstung, et al. Standards Track [Page 8]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 syncToRemoteServer(6) - NTP is synchronized to a remote NTP server ('upstream' server). unknown(99) - The state of NTP is unknown." ::= { ntpEntStatus 1 }ntpEntStatusStratum OBJECT-TYPE SYNTAX NtpStratum MAX-ACCESS read-only STATUS current DESCRIPTION "The NTP entity's own stratum value. Should be a stratum of syspeer + 1 (or 16 if no syspeer)." ::= { ntpEntStatus 2 }ntpEntStatusActiveRefSourceId OBJECT-TYPE SYNTAX Unsigned32 ( 0..99999 ) MAX-ACCESS read-only STATUS current DESCRIPTION "The association ID of the current syspeer." ::= { ntpEntStatus 3 }ntpEntStatusActiveRefSourceName OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "The hostname/descriptive name of the current reference source selected as syspeer, e.g., 'ntp1.ptb.de' or 'GPS' or 'DCFi', ..." ::= { ntpEntStatus 4 }ntpEntStatusActiveOffset OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The time offset to the current selected reference time source as a string including unit, e.g., '0.032 ms' or '1.232 s'." ::= { ntpEntStatus 5 }ntpEntStatusNumberOfRefSources OBJECT-TYPE SYNTAX Unsigned32 (0..99) MAX-ACCESS read-only STATUS current DESCRIPTION "The number of reference sources configured for NTP." ::= { ntpEntStatus 6 }Gerstung, et al. Standards Track [Page 9]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpEntStatusDispersion OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The root dispersion of the running NTP entity, e.g., '6.927'." ::= { ntpEntStatus 7 }ntpEntStatusEntityUptime OBJECT-TYPE SYNTAX TimeTicks MAX-ACCESS read-only STATUS current DESCRIPTION "The uptime of the NTP entity, (i.e., the time since ntpd was (re-)initialized not sysUptime!). The time is represented in hundreds of seconds since Jan 1, 1970 (00:00:00.000) UTC." ::= { ntpEntStatus 8 }ntpEntStatusDateTime OBJECT-TYPE SYNTAX NtpDateTime MAX-ACCESS read-only STATUS current DESCRIPTION "The current NTP date/time on the device, in 128-bit NTP date format. If time is not syncronized, this field shall be a zero-length string. This object can be used to timestamp events on this node and allow a management station to correlate different time objects. For example, a management station could query this object and sysUpTime in the same operation to be able to relate sysUpTime to NTP time. This object is not to be used to set the time of the node querying this object. NTP should be used for this -- or at least SNTP." REFERENCE "RFC 5905, section 6" ::= { ntpEntStatus 9 }ntpEntStatusLeapSecond OBJECT-TYPE SYNTAX NtpDateTime MAX-ACCESS read-only STATUS current DESCRIPTION "Date the next known leap second will occur. If there is no leap second announced, then this object should be 0." ::= { ntpEntStatus 10 }Gerstung, et al. Standards Track [Page 10]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpEntStatusLeapSecDirection OBJECT-TYPE SYNTAX Integer32 (-1..1) MAX-ACCESS read-only STATUS current DESCRIPTION "Direction of next known leap second. If there is no leap second announced, then this object should be 0." ::= { ntpEntStatus 11 }ntpEntStatusInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages delivered to the NTP entity from the transport service. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatus 12 }ntpEntStatusOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages delivered to the transport service by this NTP entity. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatus 13 }ntpEntStatusBadVersion OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages that were delivered to this NTP entity and were for an unsupported NTP version.Gerstung, et al. Standards Track [Page 11]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatus 14 }ntpEntStatusProtocolError OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages that were delivered to this NTP entity and this entity was not able to process due to an NTP protocol error. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatus 15 }ntpEntStatusNotifications OBJECT-TYPE SYNTAX Counter32 UNITS "notifications" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SNMP notifications that this NTP entity has generated. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatus 16 }ntpEntStatPktModeTable OBJECT-TYPE SYNTAX SEQUENCE OF NtpEntStatPktModeEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The number of packets sent and received by packet mode. One entry per packet mode." ::= { ntpEntStatus 17 }ntpEntStatPktModeEntry OBJECT-TYPE SYNTAX NtpEntStatPktModeEntry MAX-ACCESS not-accessible STATUS currentGerstung, et al. Standards Track [Page 12]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 DESCRIPTION "A statistical record of the number of packets sent and received for each packet mode." INDEX { ntpEntStatPktMode } ::= { ntpEntStatPktModeTable 1 }NtpEntStatPktModeEntry ::= SEQUENCE { ntpEntStatPktMode INTEGER, ntpEntStatPktSent Counter32, ntpEntStatPktReceived Counter32}ntpEntStatPktMode OBJECT-TYPE SYNTAX INTEGER { symetricactive(1), symetricpassive(2), client(3), server(4), broadcastserver(5), broadcastclient(6) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "The NTP packet mode." ::= { ntpEntStatPktModeEntry 1 }ntpEntStatPktSent OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of NTP packets sent with this packet mode. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatPktModeEntry 2 }ntpEntStatPktReceived OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of NTP packets received with this packet mode.Gerstung, et al. Standards Track [Page 13]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpEntStatPktModeEntry 3 }----Section 3: The status of all currently mobilized associations--ntpAssociationTable OBJECT-TYPE SYNTAX SEQUENCE OF NtpAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of currently mobilized associations." ::= { ntpAssociation 1 }ntpAssociationEntry OBJECT-TYPE SYNTAX NtpAssociationEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table entry of currently mobilized associations." INDEX { ntpAssocId } ::= { ntpAssociationTable 1 }NtpAssociationEntry ::= SEQUENCE { ntpAssocId Unsigned32, ntpAssocName Utf8String, ntpAssocRefId DisplayString, ntpAssocAddressType InetAddressType, ntpAssocAddress InetAddress, ntpAssocOffset DisplayString, ntpAssocStratum NtpStratum, ntpAssocStatusJitter DisplayString, ntpAssocStatusDelay DisplayString, ntpAssocStatusDispersion DisplayString}ntpAssocId OBJECT-TYPE SYNTAX Unsigned32 ( 1..99999 ) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The association ID. This is an internal, unique ID." ::= { ntpAssociationEntry 1 }Gerstung, et al. Standards Track [Page 14]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpAssocName OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS read-only STATUS current DESCRIPTION "The hostname or other descriptive name for the association." ::= { ntpAssociationEntry 2 }ntpAssocRefId OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The refclock driver ID, if available." -- a refclock driver ID like "127.127.1.0" for non -- uni/multi/broadcast associations ::= { ntpAssociationEntry 3 }ntpAssocAddressType OBJECT-TYPE SYNTAX InetAddressType { ipv4(1), ipv6(2), ipv4z(3), ipv6z(4) } MAX-ACCESS read-only STATUS current DESCRIPTION "The type of address of the association. Can be either IPv4 or IPv6 (both with or without zone index) and contains the type of address for unicast, multicast, and broadcast associations." ::= { ntpAssociationEntry 4 }ntpAssocAddress OBJECT-TYPE SYNTAX InetAddress (SIZE (4|8|16|20)) MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address (IPv4 or IPv6, with or without zone index) of the association. The type and size depends on the ntpAssocAddressType object. Represents the IP address of a uni/multi/broadcast association." ::= { ntpAssociationEntry 5 }ntpAssocOffset OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The time offset to the association as a string." -- including unit, e.g., "0.032 ms" or "1.232 s" ::= { ntpAssociationEntry 6 }Gerstung, et al. Standards Track [Page 15]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpAssocStratum OBJECT-TYPE SYNTAX NtpStratum MAX-ACCESS read-only STATUS current DESCRIPTION "The association stratum value." ::= { ntpAssociationEntry 7 }ntpAssocStatusJitter OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The jitter in milliseconds as a string." ::= { ntpAssociationEntry 8 }ntpAssocStatusDelay OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The network delay in milliseconds as a string." ::= { ntpAssociationEntry 9 }ntpAssocStatusDispersion OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The root dispersion of the association." -- e.g., "6.927" ::= { ntpAssociationEntry 10 }ntpAssociationStatisticsTable OBJECT-TYPE SYNTAX SEQUENCE OF NtpAssociationStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table of statistics for current associations." ::= { ntpAssociation 2 }ntpAssociationStatisticsEntry OBJECT-TYPE SYNTAX NtpAssociationStatisticsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The table entry of statistics for current associations." INDEX { ntpAssocId }Gerstung, et al. Standards Track [Page 16]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 ::= { ntpAssociationStatisticsTable 1 }NtpAssociationStatisticsEntry ::= SEQUENCE { ntpAssocStatInPkts Counter32, ntpAssocStatOutPkts Counter32, ntpAssocStatProtocolError Counter32}ntpAssocStatInPkts OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages delivered to the NTP entity from this association. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpAssociationStatisticsEntry 1 }ntpAssocStatOutPkts OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages delivered to the transport service by this NTP entity for this association. Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpAssociationStatisticsEntry 2 }ntpAssocStatProtocolError OBJECT-TYPE SYNTAX Counter32 UNITS "packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of NTP messages that were delivered to this NTP entity from this association and this entity was not able to process due to an NTP protocol error.Gerstung, et al. Standards Track [Page 17]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 Discountinuities in the value of this counter can occur upon cold start or reinitialization of the NTP entity, the management system and at other times as indicated by discontinuities in the value of sysUpTime." ::= { ntpAssociationStatisticsEntry 3 }----Section 4: Control objects--ntpEntHeartbeatInterval OBJECT-TYPE SYNTAX Unsigned32 UNITS "seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "The interval at which the ntpEntNotifHeartbeat notification should be sent, in seconds. If set to 0 and the entNotifHeartbeat bit in ntpEntNotifBits is 1, then ntpEntNotifHeartbeat is sent once. This value is stored persistently and will be restored to its last set value upon cold start or restart." DEFVAL { 60 } ::= { ntpEntControl 1 }ntpEntNotifBits OBJECT-TYPE SYNTAX BITS { notUsed(0), -- Used to sync up bit and notification -- indices entNotifModeChange(1), entNotifStratumChange(2), entNotifSyspeerChanged(3), entNotifAddAssociation(4), entNotifRemoveAssociation(5), entNotifConfigChanged(6), entNotifLeapSecondAnnounced(7), entNotifHeartbeat(8) } MAX-ACCESS read-write STATUS current DESCRIPTION "A bit for each notification. A 1 for a particular bit enables that particular notification, a 0 disables it. This value is stored persistently and will be restored to its last set value upon cold start or restart." ::= { ntpEntControl 2 }Gerstung, et al. Standards Track [Page 18]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010----Section 5: Notification objects--ntpEntNotifMessage OBJECT-TYPE SYNTAX Utf8String MAX-ACCESS accessible-for-notify STATUS current DESCRIPTION "Used as a payload object for all notifications. Holds a cleartext event message." DEFVAL { "no event" } ::= { ntpEntNotifObjects 1 }---- SNMP notification definitions--ntpEntNotifications OBJECT IDENTIFIER ::= { ntpSnmpMIB 0 }ntpEntNotifModeChange NOTIFICATION-TYPE OBJECTS { ntpEntStatusCurrentMode } STATUS current DESCRIPTION "The notification to be sent when the NTP entity changes mode, including starting and stopping (if possible)." ::= { ntpEntNotifications 1 }ntpEntNotifStratumChange NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpEntStatusStratum, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent when stratum level of NTP changes." ::= { ntpEntNotifications 2 }ntpEntNotifSyspeerChanged NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpEntStatusActiveRefSourceId, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent when a (new) syspeer has been selected." ::= { ntpEntNotifications 3 }ntpEntNotifAddAssociation NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage } STATUS currentGerstung, et al. Standards Track [Page 19]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 DESCRIPTION "The notification to be sent when a new association is mobilized." ::= { ntpEntNotifications 4 }ntpEntNotifRemoveAssociation NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent when an association is demobilized." ::= { ntpEntNotifications 5 }ntpEntNotifConfigChanged NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent when the NTP configuration has changed, e.g., when the system connected to the Internet and was assigned a new IP address by the ISPs DHCP server." ::= { ntpEntNotifications 6 }ntpEntNotifLeapSecondAnnounced NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent when a leap second has been announced." ::= { ntpEntNotifications 7 }ntpEntNotifHeartbeat NOTIFICATION-TYPE OBJECTS { ntpEntStatusDateTime, ntpEntStatusCurrentMode, ntpEntHeartbeatInterval, ntpEntNotifMessage } STATUS current DESCRIPTION "The notification to be sent periodically (as defined by ntpEntHeartbeatInterval) to indicate that the NTP entity is still alive." ::= { ntpEntNotifications 8 }---- Conformance/Compliance statements--ntpEntConformance OBJECT IDENTIFIER ::= { ntpSnmpMIB 2 }ntpEntCompliances OBJECT IDENTIFIER ::= { ntpEntConformance 1 }ntpEntGroups OBJECT IDENTIFIER ::= { ntpEntConformance 2 }Gerstung, et al. Standards Track [Page 20]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010ntpEntNTPCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that use NTP and implement the NTP MIB." MODULE -- this module MANDATORY-GROUPS { ntpEntObjectsGroup1 } ::= { ntpEntCompliances 1 }ntpEntSNTPCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that use SNTP and implement the NTP MIB." MODULE -- this module MANDATORY-GROUPS { ntpEntObjectsGroup1 } GROUP ntpEntObjectsGroup2 DESCRIPTION "Optional object group." GROUP ntpEntNotifGroup DESCRIPTION "Optional notifications for this MIB." ::= { ntpEntCompliances 2 }ntpEntObjectsGroup1 OBJECT-GROUP OBJECTS { ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVendor, ntpEntSystemType, ntpEntStatusEntityUptime, ntpEntStatusDateTime, ntpAssocName, ntpAssocRefId, ntpAssocAddressType, ntpAssocAddress } STATUS current DESCRIPTION "A collection of objects for the NTP MIB." ::= { ntpEntGroups 1 }ntpEntObjectsGroup2 OBJECT-GROUP OBJECTS {Gerstung, et al. Standards Track [Page 21]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 ntpEntTimeResolution, ntpEntTimePrecision, ntpEntTimeDistance, ntpEntStatusCurrentMode, ntpEntStatusStratum, ntpEntStatusActiveRefSourceId, ntpEntStatusActiveRefSourceName, ntpEntStatusActiveOffset, ntpEntStatusNumberOfRefSources, ntpEntStatusDispersion, ntpEntStatusLeapSecond, ntpEntStatusLeapSecDirection, ntpEntStatusInPkts, ntpEntStatusOutPkts, ntpEntStatusBadVersion, ntpEntStatusProtocolError, ntpEntStatusNotifications, ntpEntStatPktSent, ntpEntStatPktReceived, ntpAssocOffset, ntpAssocStratum, ntpAssocStatusJitter, ntpAssocStatusDelay, ntpAssocStatusDispersion, ntpAssocStatInPkts, ntpAssocStatOutPkts, ntpAssocStatProtocolError, ntpEntHeartbeatInterval, ntpEntNotifBits, ntpEntNotifMessage } STATUS current DESCRIPTION "A collection of objects for the NTP MIB." ::= { ntpEntGroups 2 }ntpEntNotifGroup NOTIFICATION-GROUP NOTIFICATIONS { ntpEntNotifModeChange, ntpEntNotifStratumChange, ntpEntNotifSyspeerChanged, ntpEntNotifAddAssociation, ntpEntNotifRemoveAssociation, ntpEntNotifConfigChanged, ntpEntNotifLeapSecondAnnounced, ntpEntNotifHeartbeat } STATUS currentGerstung, et al. Standards Track [Page 22]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 DESCRIPTION "A collection of notifications for the NTP MIB" ::= { ntpEntGroups 3 }END6. IANA Considerations The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry: Descriptor OBJECT IDENTIFIER value ---------- ----------------------- ntpSnmp { mib-2 197 }7. Security Considerations There are currently two management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the objects and their sensitivity/ vulnerability: ntpEntHeartbeatInterval controls the interval of heartbeat notifications. If set to 1, this will cause the NTP entity to send one notification each second. This is the maximum rate (1/s) that can be generated automatically. If it is set to 0, then one single hearbeat notification will be created and no further automatically generated notification is sent. This functionality can be used to create notifications at a higher rate (as high as the object can be written). ntpEntNotifBits enables/disables notifications. Could be used to switch off notifications in order to delay or eliminate the notification for critical and important events. Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:Gerstung, et al. Standards Track [Page 23]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVendor, and ntpEntSystemType all can be used to identify software and its version as well as the operating system and hardware platform. This might help a potential attacker to find security problems and therefore can be used in the preparation of an attack. SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (seeRFC 3410[RFC3410], section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.8. Acknowledgments Bert Wijnen provided valuable feedback as the MIB Doctor for this document.9. References9.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels",BCP 14,RFC 2119, March 1997. [RFC5905] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification",RFC 5905, June 2010. [RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level Managed Objects for Applications",RFC 2287, February 1998. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Structure of Management Information Version 2 (SMIv2)", STD 58,RFC 2578, April 1999.Gerstung, et al. Standards Track [Page 24]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 58,RFC 2579, April 1999. [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58,RFC 2580, April 1999. [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses",RFC 4001, February 2005.9.2. Informative References [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet- Standard Management Framework",RFC 3410, December 2002.Gerstung, et al. Standards Track [Page 25]
RFC 5907 Definitions of Managed Objects for NTPv4 June 2010Authors' Addresses Heiko Gerstung Meinberg Funkuhren Gmbh & Co. KG Lange Wand 9 Bad Pyrmont 31812 Germany Phone: +49 5281 9309 25 EMail: heiko.gerstung@meinberg.de Chris Elliott 1516 Kent St. Durham, NC 27707 USA Phone: +1-919-308-1216 EMail: chelliot@pobox.com Brian Haberman (editor) Johns Hopkins University Applied Physics Lab 11100 Johns Hopkins Road Laurel, MD 20723-6099 US Phone: +1 443 778 1319 EMail: brian@innovationslab.netGerstung, et al. Standards Track [Page 26]
[8]ページ先頭