draft-ietf-ntp-ntpv4-mib-06.txt   draft-ietf-ntp-ntpv4-mib-07.txt 
NTP H. Gerstung NTP H. Gerstung
Internet-Draft Meinberg Internet-Draft Meinberg
Intended status: Standards Track C. Elliott Intended status: Standards Track C. Elliott
Expires: April 11, 2010 October 8, 2009 Expires: September 6, 2010
B. Haberman, Ed.
JHU APL
March 5, 2010
Definitions of Managed Objects for Network Time Protocol Version 4 Definitions of Managed Objects for Network Time Protocol Version 4
(NTPv4) (NTPv4)
draft-ietf-ntp-ntpv4-mib-06 draft-ietf-ntp-ntpv4-mib-07
Abstract
RFC Ed. : This draft refers to itself with RFC YYYY. When this draft
is published as an RFC, the RFC Editor is asked to replace "YYYY" (in
the RFC, including the MIB module part) with the assigned RFC number
and to remove this note. This draft also refers to
draft-ietf-ntp-ntpv4-proto. When this draft is published as an RFC,
the RFC Editor is asked to replace "draft-ietf-ntp-ntpv4-proto" (in
the RFC, including the MIB module part) with "RFC ZZZZ" (where ZZZZ
is the assigned RFC number) and to remove this note.
The Network Time Protocol (NTP) is used in networks of all types and
sizes for time synchronization of servers, workstations and other
networked equipment. As time synchronization is more and more a
mission critical service, standardized means for monitoring and
management of this subsystem of a networked host are required to
allow operators of such a service to setup a monitoring system that
is platform- and vendor-independent. This document provides a
standardized collection of data objects for monitoring the NTP entity
of such a network participant and it is part of the NTP Version 4
standardization effort.
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79.
from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from
the person(s) controlling the copyright in such materials, this
document may not be modified outside the IETF Standards Process, and
derivative works of it may not be created outside the IETF Standards
Process, except to format it for publication as an RFC or to
translate it into languages other than English.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 11, 2010. This Internet-Draft will expire on September 6, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents
publication of this document (http://trustee.ietf.org/license-info). (http://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Abstract include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
RFC Ed. : This draft refers to itself with RFC YYYY. When this draft described in the BSD License.
is published as an RFC, the RFC Editor is asked to replace "YYYY" (in
the RFC, including the MIB module part) with the assigned RFC number
and to remove this note. This draft also refers to
draft-ietf-ntp-ntpv4-proto. When this draft is published as an RFC,
the RFC Editor is asked to replace "draft-ietf-ntp-ntpv4-proto" (in
the RFC, including the MIB module part) with "RFC ZZZZ" (where ZZZZ
is the assigned RFC number) and to remove this note.
The Network Time Protocol (NTP) is used in networks of all types and
sizes for time synchronization of servers, workstations and other
networked equipment. As time synchronization is more and more a
mission critical service, standardized means for monitoring and
management of this subsystem of a networked host are required to
allow operators of such a service to setup a monitoring system that
is platform- and vendor-independent. This document provides a
standardized collection of data objects for monitoring the NTP entity
of such a network participant and it is part of the NTP Version 4
standardization effort.
Table of Contents Table of Contents
1. The Internet-Standard Management Framework . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Conventions Used In This Document . . . . . . . . . . . . . . 4
3. Technical Description . . . . . . . . . . . . . . . . . . . . 4 3. The Internet-Standard Management Framework . . . . . . . . . . 4
4. MIB Definition . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Technical Description . . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25 5. MIB Definition . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 25 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26 7. Security Considerations . . . . . . . . . . . . . . . . . . . 24
7.1. Normative References . . . . . . . . . . . . . . . . . . . 26 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.2. Informative References . . . . . . . . . . . . . . . . . . 27 8.1. Normative References . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27 8.2. Informative References . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26
1. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in RFC2578
[RFC2578], RFC2579 [RFC2579] and RFC2580 [RFC2580].
2. Introduction 1. Introduction
The NTPv4 MIB Module is designed to allow SNMP to be used to monitor The NTPv4 MIB Module is designed to allow SNMP to be used to monitor
and manage local NTP [I-D.ietf-ntp-ntpv4-proto] entities. It and manage local NTP [I-D.ietf-ntp-ntpv4-proto] entities. It
provides a collection of data objects that can be queried using the provides a collection of data objects that can be queried using the
SNMP protocol and represent the current status of the NTP entity. SNMP protocol and represent the current status of the NTP entity.
This includes general information about the NTP entity itself This includes general information about the NTP entity itself
(vendor, product, version) as well as connectivity to upstream NTP (vendor, product, version) as well as connectivity to upstream NTP
servers used as sources of reference time and to hardware reference servers used as sources of reference time and to hardware reference
clocks like radio clocks. The most important values are included in clocks like radio clocks. The most important values are included in
order to be able to detect failures before they can have an impact on order to be able to detect failures before they can have an impact on
the overall time synchronization status of the network. There are the overall time synchronization status of the network. There are
also a collection of notification objects to inform about state also a collection of notification objects to inform about state
changes in the NTP entity. There are objects to control these changes in the NTP entity. There are objects to control these
notifications as well. notifications as well.
3. Technical Description 2. Conventions Used In This Document
The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
[RFC2119].
3. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
RFC3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally
accessed through the Simple Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in RFC2578
[RFC2578], RFC2579 [RFC2579] and RFC2580 [RFC2580].
4. Technical Description
The NTPv4 MIB Module is divided into sections for general server The NTPv4 MIB Module is divided into sections for general server
information, current NTP entity status, status information of all information, current NTP entity status, status information of all
mobilized associations (e.g. unicast upstream time servers, multicast mobilized associations (e.g. unicast upstream time servers, multicast
or broadcast time references and hardware clocks), NTP entity control or broadcast time references and hardware clocks), NTP entity control
objects, NTP objects used only for notifications, as well as SNMP objects, NTP objects used only for notifications, as well as SNMP
notification definitions for core events. notification definitions for core events.
The general server information section contains static information The general server information section contains static information
and can be queried to identify which NTP implementation is running on and can be queried to identify which NTP implementation is running on
skipping to change at page 5, line 32 skipping to change at page 5, line 40
a heartbeat notification as well as a test notification to allow a heartbeat notification as well as a test notification to allow
management systems to test the reception of NTP related notifications management systems to test the reception of NTP related notifications
as well as enable heartbeat-based monitoring systems to assure that as well as enable heartbeat-based monitoring systems to assure that
the NTP entity is still up and running. the NTP entity is still up and running.
Some values are included both in numeric and in human-readable Some values are included both in numeric and in human-readable
(string) format. This has been done to simplify the representation (string) format. This has been done to simplify the representation
of a status information. If the two representations of a certain of a status information. If the two representations of a certain
value differ, the numeric representation takes precedence. value differ, the numeric representation takes precedence.
4. MIB Definition 5. MIB Definition
-- ********************************************************************* -- *********************************************************************
-- --
-- The Network Time Protocol Version 4 -- The Network Time Protocol Version 4
-- Management Information Base (MIB) -- Management Information Base (MIB)
-- --
-- Authors: Heiko Gerstung (heiko.gerstung@meinberg.de) -- Authors: Heiko Gerstung (heiko.gerstung@meinberg.de)
-- Chris Elliott (chelliot@pobox.com) -- Chris Elliott (chelliot@pobox.com)
-- --
-- for the Internet Engineering Task Force (IETF) -- for the Internet Engineering Task Force (IETF)
-- NTP Working Group (ntpwg) -- NTP Working Group (ntpwg)
-- --
-- --
skipping to change at page 6, line 24 skipping to change at page 6, line 28
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF -- RFC2580 FROM SNMPv2-CONF -- RFC2580
DisplayString, TEXTUAL-CONVENTION DisplayString, TEXTUAL-CONVENTION
FROM SNMPv2-TC -- RFC2579 FROM SNMPv2-TC -- RFC2579
InetAddressType, InetAddress InetAddressType, InetAddress
FROM INET-ADDRESS-MIB -- RFC4001 FROM INET-ADDRESS-MIB -- RFC4001
Utf8String Utf8String
FROM SYSAPPL-MIB; -- RFC2287 FROM SYSAPPL-MIB; -- RFC2287
ntpSnmpMIB MODULE-IDENTITY ntpSnmpMIB MODULE-IDENTITY
LAST-UPDATED "200904080000Z" -- April 8, 2009 LAST-UPDATED "201003050000Z" -- March 5, 2010
ORGANIZATION "The IETF NTP Working Group (ntpwg)" ORGANIZATION "The IETF NTP Working Group (ntpwg)"
CONTACT-INFO CONTACT-INFO
" WG Email: ntpwg@lists.ntp.isc.org " WG Email: ntpwg@lists.ntp.isc.org
Subscribe: Subscribe:
https://lists.ntp.isc.org/mailman/listinfo/ntpwg https://lists.ntp.isc.org/mailman/listinfo/ntpwg
Heiko Gerstung Heiko Gerstung
Meinberg Funkuhren Gmbh & Co. KG Meinberg Funkuhren Gmbh & Co. KG
Lange Wand 9 Lange Wand 9
Bad Pyrmont 31812 Bad Pyrmont 31812
skipping to change at page 6, line 46 skipping to change at page 6, line 50
Phone: +49 5281 9309 25 Phone: +49 5281 9309 25
Email: heiko.gerstung@meinberg.de Email: heiko.gerstung@meinberg.de
Chris Elliott Chris Elliott
1516 Kent St. 1516 Kent St.
Durham, NC 27707 Durham, NC 27707
USA USA
Phone: +1-919-308-1216 Phone: +1-919-308-1216
Email: chelliot@pobox.com" Email: chelliot@pobox.com
Brian Haberman
11100 Johns Hopkins Road
Laurel, MD 20723
USA
Phone: +1-443-778-1319
Email: brian@innovationslab.net"
DESCRIPTION DESCRIPTION
"The Management Information Base for NTP time entities. "The Management Information Base for NTP time entities.
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with
to this document. " respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described
in Section 4.e of the Trust Legal Provisions and are provided
without warranty as described in the BSD License."
REVISION "200904080000Z" REVISION "201003050000Z"
DESCRIPTION DESCRIPTION
"This revision of the MIB module is published as RFC YYYY." "This revision of the MIB module is published as RFC YYYY."
::= { mib-2 XXXXX } ::= { mib-2 XXXXX }
ntpSnmpMIBObjects OBJECT IDENTIFIER ::= { ntpSnmpMIB 1 } ntpSnmpMIBObjects OBJECT IDENTIFIER ::= { ntpSnmpMIB 1 }
-- MIB contains 6 groups -- MIB contains 6 groups
ntpEntInfo OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 1 } ntpEntInfo OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 1 }
skipping to change at page 8, line 30 skipping to change at page 8, line 43
ntpEntSoftwareVersion OBJECT-TYPE ntpEntSoftwareVersion OBJECT-TYPE
SYNTAX Utf8String SYNTAX Utf8String
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The software version of the installed NTP implementation "The software version of the installed NTP implementation
as a full version string, e.g. 'ntpd-4.2.0b@1.1433 ...'" as a full version string, e.g. 'ntpd-4.2.0b@1.1433 ...'"
::= { ntpEntInfo 2 } ::= { ntpEntInfo 2 }
ntpEntSoftwareVersionVal OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Software version of installed NTP as an unsigned integer
value, e.g. if version string is '4.2.0b' this could be translated into
4202. This could be useful to find out if version of entity on a
is newer or older than version of the entity on b (without too
much string parsing trouble)"
::= { ntpEntInfo 3 }
ntpEntSoftwareVendor OBJECT-TYPE ntpEntSoftwareVendor OBJECT-TYPE
SYNTAX Utf8String SYNTAX Utf8String
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The vendor/author of the installed NTP version." "The vendor/author of the installed NTP version."
::= { ntpEntInfo 4 } ::= { ntpEntInfo 3 }
ntpEntSystemType OBJECT-TYPE ntpEntSystemType OBJECT-TYPE
SYNTAX Utf8String SYNTAX Utf8String
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"General hardware/os platform information, "General hardware/os platform information,
e.g. 'Linux 2.6.12 / x86'" e.g. 'Linux 2.6.12 / x86'"
-- freely configurable, default is OS Version / Hardware platform -- freely configurable, default is OS Version / Hardware platform
::= { ntpEntInfo 5 } ::= { ntpEntInfo 4 }
ntpEntTimeResolution OBJECT-TYPE ntpEntTimeResolution OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A string describing the time resolution of the running NTP
implementation, e.g. '100 ns'. This depends on the NTP
implementation and the underlying OS. The achievable resolution
should be used, so if the OS only supports 10ms and ntpd is
capable of 1ns, the 10ms should be advertised."
::= { ntpEntInfo 6 }
ntpEntTimeResolutionVal OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The time resolution in integer format, where the resolution "The time resolution in integer format, where the resolution
is represented as divisions of a second, e.g. a value of 1000 is represented as divisions of a second, e.g. a value of 1000
translates to 1.0 ms." translates to 1.0 ms."
::= { ntpEntInfo 7 } ::= { ntpEntInfo 5 }
ntpEntTimePrecision OBJECT-TYPE ntpEntTimePrecision OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A string describing the precision with which the NTP entity
implementation/OS manages its time base.
Examples: '-18' means 2^-18 = 0.000003814697265625 seconds
'-5' means 2^-5 = 0.03125 seconds
This depends on the NTP implementation and the underlying OS."
::= { ntpEntInfo 8 }
ntpEntTimePrecisionVal OBJECT-TYPE
SYNTAX Integer32 SYNTAX Integer32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The entity's precision in integer format, shows the precision. "The entity's precision in integer format, shows the precision.
A value of -5 would mean 2^-5 = 31.25 ms" A value of -5 would mean 2^-5 = 31.25 ms"
::= { ntpEntInfo 6 }
::= { ntpEntInfo 9 }
ntpEntTimeDistance OBJECT-TYPE ntpEntTimeDistance OBJECT-TYPE
SYNTAX DisplayString SYNTAX DisplayString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The distance from this NTP entity to the root time reference "The distance from this NTP entity to the root time reference
(stratum 0) source including the unit, e.g. '13.243 ms'" (stratum 0) source including the unit, e.g. '13.243 ms'"
::= { ntpEntInfo 10 } ::= { ntpEntInfo 7 }
-- --
-- Section 2: Current NTP status (dynamic information) -- Section 2: Current NTP status (dynamic information)
-- --
ntpEntStatusCurrentMode OBJECT-TYPE ntpEntStatusCurrentMode OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The actual mode of NTP as a string.
Possible strings are
'not running' - NTP is not running
'not synchronized' - NTP is not synchronized to any time source (stratum = 16)
'none configured' - NTP is not synchronized and does not have a reference configured (stratum = 16)
'sync to local' - NTP is distributing time based on own free running local clock (degraded accuracy/reliability)
'sync to refclock' - NTP is synchronized to a local hardware refclock (e.g. GPS)
'sync to remote server' - NTP is synchronized to a remote NTP server ('upstream' server)
'unknown' - The state of NTP is unknown."
::= { ntpEntStatus 1 }
ntpEntStatusCurrentModeVal OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
notRunning(1), notRunning(1),
notSynchronized(2), notSynchronized(2),
noneConfigured(3), noneConfigured(3),
syncToLocal(4), syncToLocal(4),
syncToRefclock(5), syncToRefclock(5),
syncToRemoteServer(6), syncToRemoteServer(6),
unknown(99) unknown(99)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current mode of the NTP as integer value." "The current mode of the NTP. The definition of each possible
-- see ntpEntStatusCurrentMode value is:
::= { ntpEntStatus 2 } notRunning(1) - NTP is not running
notSynchronized(2) - NTP is not synchronized to any time
source (stratum = 16)
noneConfigured(3) - NTP is not synchronized and does not
have a reference configured
(stratum = 16)
syncToLocal(4) - NTP is distributing time based on its
local clock (degraded accuracy and/or
reliability)
syncToRefclock(5) - NTP is synchronized to a local
hardware refclock (e.g. GPS)
syncToRemoteServer(6) - NTP is synchronized to a remote
NTP server ('upstream' server)
unknown(99) - The state of NTP is unknown."
::= { ntpEntStatus 1 }
ntpEntStatusStratum OBJECT-TYPE ntpEntStatusStratum OBJECT-TYPE
SYNTAX NtpStratum SYNTAX NtpStratum
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The NTP entity's own stratum value. Should be stratum of syspeer + 1 (or 16 if no syspeer)" "The NTP entity's own stratum value. Should be stratum of
::= { ntpEntStatus 3 } syspeer + 1 (or 16 if no syspeer)"
::= { ntpEntStatus 2 }
ntpEntStatusActiveRefSourceId OBJECT-TYPE ntpEntStatusActiveRefSourceId OBJECT-TYPE
SYNTAX Unsigned32 ( 0..99999 ) SYNTAX Unsigned32 ( 0..99999 )
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The association ID of the current syspeer." "The association ID of the current syspeer."
::= { ntpEntStatus 4 } ::= { ntpEntStatus 3 }
ntpEntStatusActiveRefSourceName OBJECT-TYPE ntpEntStatusActiveRefSourceName OBJECT-TYPE
SYNTAX Utf8String SYNTAX Utf8String
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The hostname/descriptive name of the current reference source "The hostname/descriptive name of the current reference source
selected as syspeer, e.g. 'ntp1.ptb.de' or 'GPS' or 'DCFi' ..." selected as syspeer, e.g. 'ntp1.ptb.de' or 'GPS' or 'DCFi' ..."
-- Maybe something more detailed like "RefClk(8)"="hardware clock using driver 8"
-- would be useful ::= { ntpEntStatus 4 }
::= { ntpEntStatus 5 }
ntpEntStatusActiveOffset OBJECT-TYPE ntpEntStatusActiveOffset OBJECT-TYPE
SYNTAX DisplayString SYNTAX DisplayString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The Time offset to the current selected reference time source "The Time offset to the current selected reference time source
as a string including unit, e.g. '0.032 ms' or '1.232 s'" as a string including unit, e.g. '0.032 ms' or '1.232 s'"
::= { ntpEntStatus 6 } ::= { ntpEntStatus 5 }
ntpEntStatusNumberOfRefSources OBJECT-TYPE ntpEntStatusNumberOfRefSources OBJECT-TYPE
SYNTAX Unsigned32 (0..99) SYNTAX Unsigned32 (0..99)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of reference sources configured for NTP." "The number of reference sources configured for NTP."
::= { ntpEntStatus 7 } ::= { ntpEntStatus 6 }
ntpEntStatusDispersion OBJECT-TYPE ntpEntStatusDispersion OBJECT-TYPE
SYNTAX DisplayString SYNTAX DisplayString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The root dispersion of the running NTP entity, e.g. '6.927'" "The root dispersion of the running NTP entity, e.g. '6.927'"
::= { ntpEntStatus 8 } ::= { ntpEntStatus 7 }
ntpEntStatusEntityUptime OBJECT-TYPE ntpEntStatusEntityUptime OBJECT-TYPE
SYNTAX TimeTicks SYNTAX TimeTicks
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The uptime of the NTP entity, i.e. the time since ntpd was (re-)initialized "The uptime of the NTP entity, (i.e. the time since ntpd was
not sysUptime!). The time is represented in hundreds of seconds since (re-)initialized not sysUptime!). The time is represented in
Jan 1, 1970 (00:00:00.000) UTC" hundreds of seconds since Jan 1, 1970 (00:00:00.000) UTC"
::= { ntpEntStatus 9 } ::= { ntpEntStatus 8 }
ntpEntStatusDateTime OBJECT-TYPE ntpEntStatusDateTime OBJECT-TYPE
SYNTAX NtpDateTime SYNTAX NtpDateTime
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current NTP date/time on the device, in 128-bit "The current NTP date/time on the device, in 128-bit
NTP date format. If time is not syncronized this NTP date format. If time is not syncronized this
field shall be a zero-length string. field shall be a zero-length string.
skipping to change at page 12, line 38 skipping to change at page 12, line 13
node and allow a management station to coorelate node and allow a management station to coorelate
different time objects. For example, a management different time objects. For example, a management
station could query this object and sysUpTime in station could query this object and sysUpTime in
the same operation to be able to relate sysUpTime the same operation to be able to relate sysUpTime
to NTP time. to NTP time.
This object is not to be used to set the time of This object is not to be used to set the time of
the node querying this object. NTP should be used the node querying this object. NTP should be used
for this--or at least SNTP." for this--or at least SNTP."
REFERENCE "draft-ietf-ntp-ntpv4-proto, section 6" REFERENCE "draft-ietf-ntp-ntpv4-proto, section 6"
::= { ntpEntStatus 10 } ::= { ntpEntStatus 9 }
ntpEntStatusLeapSecond OBJECT-TYPE ntpEntStatusLeapSecond OBJECT-TYPE
SYNTAX NtpDateTime SYNTAX NtpDateTime
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Date the next known leap second will occur. If there is "Date the next known leap second will occur. If there is
no leap second announced then this object should be 0." no leap second announced then this object should be 0."
::= { ntpEntStatus 11 } ::= { ntpEntStatus 10 }
ntpEntStatusLeapSecDirection OBJECT-TYPE ntpEntStatusLeapSecDirection OBJECT-TYPE
SYNTAX Integer32 (-1..1) SYNTAX Integer32 (-1..1)
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Direction of next known leap second. If there is no "Direction of next known leap second. If there is no
leap second announced then this object should be 0." leap second announced then this object should be 0."
::= { ntpEntStatus 12 } ::= { ntpEntStatus 11 }
ntpEntStatusInPkts OBJECT-TYPE ntpEntStatusInPkts OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "packets" UNITS "packets"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of NTP messages delivered to the "The total number of NTP messages delivered to the
NTP entity from the transport service. NTP entity from the transport service.
Discountinuities in the value of this counter can occur Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by management system and at other times as indicated by
discontinuities in the value of sysUpTime." discontinuities in the value of sysUpTime."
::= { ntpEntStatus 13 } ::= { ntpEntStatus 12 }
ntpEntStatusOutPkts OBJECT-TYPE ntpEntStatusOutPkts OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "packets" UNITS "packets"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of NTP messages delivered to the "The total number of NTP messages delivered to the
transport service by this NTP entity. transport service by this NTP entity.
Discountinuities in the value of this counter can occur Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by management system and at other times as indicated by
discontinuities in the value of sysUpTime." discontinuities in the value of sysUpTime."
::= { ntpEntStatus 14 } ::= { ntpEntStatus 13 }
ntpEntStatusBadVersion OBJECT-TYPE ntpEntStatusBadVersion OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "packets" UNITS "packets"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of NTP messages which were delivered "The total number of NTP messages which were delivered
to this NTP entity and were for an unsupported NTP to this NTP entity and were for an unsupported NTP
version. version.
Discountinuities in the value of this counter can occur Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by management system and at other times as indicated by
discontinuities in the value of sysUpTime." discontinuities in the value of sysUpTime."
::= { ntpEntStatus 14 }
::= { ntpEntStatus 15 }
ntpEntStatusProtocolError OBJECT-TYPE ntpEntStatusProtocolError OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "packets" UNITS "packets"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of NTP messages which were delivered "The total number of NTP messages which were delivered
to this NTP entity and this entity was not able to to this NTP entity and this entity was not able to
process due to an NTP protocol error. process due to an NTP protocol error.
Discountinuities in the value of this counter can occur Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by management system and at other times as indicated by
discontinuities in the value of sysUpTime." discontinuities in the value of sysUpTime."
::= { ntpEntStatus 16 } ::= { ntpEntStatus 15 }
ntpEntStatusNotifications OBJECT-TYPE ntpEntStatusNotifications OBJECT-TYPE
SYNTAX Counter32 SYNTAX Counter32
UNITS "notifications" UNITS "notifications"
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The total number of SNMP notifications which this NTP "The total number of SNMP notifications which this NTP
entity has generated. entity has generated.
Discountinuities in the value of this counter can occur Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by management system and at other times as indicated by
discontinuities in the value of sysUpTime." discontinuities in the value of sysUpTime."
::= { ntpEntStatus 17 } ::= { ntpEntStatus 16 }
ntpEntStatPktModeTable OBJECT-TYPE ntpEntStatPktModeTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpEntStatPktModeEntry SYNTAX SEQUENCE OF NtpEntStatPktModeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets sent and received by packet mode. One entry per packet mode." "The number of packets sent and received by packet mode.
::= { ntpEntStatus 18 } One entry per packet mode."
::= { ntpEntStatus 17 }
ntpEntStatPktModeEntry OBJECT-TYPE ntpEntStatPktModeEntry OBJECT-TYPE
SYNTAX NtpEntStatPktModeEntry SYNTAX NtpEntStatPktModeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A statistical record of the number of packets sent and received for each packet mode." "A statistical record of the number of packets sent and
received for each packet mode."
INDEX { ntpEntStatPktMode } INDEX { ntpEntStatPktMode }
::= { ntpEntStatPktModeTable 1 } ::= { ntpEntStatPktModeTable 1 }
NtpEntStatPktModeEntry ::= SEQUENCE { NtpEntStatPktModeEntry ::= SEQUENCE {
ntpEntStatPktMode INTEGER, ntpEntStatPktMode INTEGER,
ntpEntStatPktSent Counter32, ntpEntStatPktSent Counter32,
ntpEntStatPktReceived Counter32 ntpEntStatPktReceived Counter32
} }
ntpEntStatPktMode OBJECT-TYPE ntpEntStatPktMode OBJECT-TYPE
skipping to change at page 17, line 18 skipping to change at page 16, line 43
SYNTAX DisplayString SYNTAX DisplayString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The refclock driver ID, if available." "The refclock driver ID, if available."
-- a refclock driver ID like "127.127.1.0" for non -- a refclock driver ID like "127.127.1.0" for non
-- uni/multi/broadcast associations -- uni/multi/broadcast associations
::= { ntpAssociationEntry 3 } ::= { ntpAssociationEntry 3 }
ntpAssocAddressType OBJECT-TYPE ntpAssocAddressType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2), ipv4z(3), ipv6z(4) } SYNTAX InetAddressType { ipv4(1), ipv6(2), ipv4z(3), ipv6z(4) }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The type of address of the association. Can be either IPv4 or IPv6 "The type of address of the association. Can be either IPv4 or
(both with or without zone index) and contains the type of address IPv6 (both with or without zone index) and contains the type of
for unicast, multicast and broadcast associations." address for unicast, multicast and broadcast associations."
::= { ntpAssociationEntry 4 } ::= { ntpAssociationEntry 4 }
ntpAssocAddress OBJECT-TYPE ntpAssocAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|8|16|20)) SYNTAX InetAddress (SIZE (4|8|16|20))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IP address (IPv4 or IPv6, with or without zone index) of the association. The type and size "The IP address (IPv4 or IPv6, with or without zone index) of
depends on the ntpAssocAddressType object. Represents the IP address of a uni/multi/broadcast association." the association. The type and size depends on the
ntpAssocAddressType object. Represents the IP address of a
uni/multi/broadcast association."
::= { ntpAssociationEntry 5 } ::= { ntpAssociationEntry 5 }
ntpAssocOffset OBJECT-TYPE ntpAssocOffset OBJECT-TYPE
SYNTAX DisplayString SYNTAX DisplayString
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The time offset to the association as a string." "The time offset to the association as a string."
-- including unit, e.g. "0.032 ms" or "1.232 s" -- including unit, e.g. "0.032 ms" or "1.232 s"
::= { ntpAssociationEntry 6 } ::= { ntpAssociationEntry 6 }
skipping to change at page 21, line 17 skipping to change at page 20, line 45
DEFVAL { "no event" } DEFVAL { "no event" }
::= { ntpEntNotifObjects 1 } ::= { ntpEntNotifObjects 1 }
-- --
-- SNMP notification definitions -- SNMP notification definitions
-- --
ntpEntNotifications OBJECT IDENTIFIER ::= { ntpSnmpMIB 0 } ntpEntNotifications OBJECT IDENTIFIER ::= { ntpSnmpMIB 0 }
ntpEntNotifModeChange NOTIFICATION-TYPE ntpEntNotifModeChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusCurrentModeVal } OBJECTS { ntpEntStatusCurrentMode }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent when the NTP entity changes mode, "The notification to be sent when the NTP entity changes mode,
including starting and stopping (if possible)" including starting and stopping (if possible)"
::= { ntpEntNotifications 1 } ::= { ntpEntNotifications 1 }
ntpEntNotifStratumChange NOTIFICATION-TYPE ntpEntNotifStratumChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusStratum, OBJECTS { ntpEntStatusDateTime, ntpEntStatusStratum,
ntpEntNotifMessage } ntpEntNotifMessage }
STATUS current STATUS current
skipping to change at page 21, line 42 skipping to change at page 21, line 23
ntpEntNotifSyspeerChanged NOTIFICATION-TYPE ntpEntNotifSyspeerChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusActiveRefSourceId, OBJECTS { ntpEntStatusDateTime, ntpEntStatusActiveRefSourceId,
ntpEntNotifMessage } ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent when a (new) syspeer has been "The notification to be sent when a (new) syspeer has been
selected." selected."
::= { ntpEntNotifications 3 } ::= { ntpEntNotifications 3 }
ntpEntNotifAddAssociation NOTIFICATION-TYPE ntpEntNotifAddAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage } OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent when a new association is "The notification to be sent when a new association is
mobilized." mobilized."
::= { ntpEntNotifications 4 } ::= { ntpEntNotifications 4 }
ntpEntNotifRemoveAssociation NOTIFICATION-TYPE ntpEntNotifRemoveAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage } OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent when an association is "The notification to be sent when an association is
demobilized." demobilized."
::= { ntpEntNotifications 5 } ::= { ntpEntNotifications 5 }
ntpEntNotifConfigChanged NOTIFICATION-TYPE ntpEntNotifConfigChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage } OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
skipping to change at page 22, line 24 skipping to change at page 22, line 4
changed, e.g. when the system connected to the internet and was changed, e.g. when the system connected to the internet and was
assigned a new IP address by the ISPs DHCP server" assigned a new IP address by the ISPs DHCP server"
::= { ntpEntNotifications 6 } ::= { ntpEntNotifications 6 }
ntpEntNotifLeapSecondAnnounced NOTIFICATION-TYPE ntpEntNotifLeapSecondAnnounced NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage } OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent when a leap second has been "The notification to be sent when a leap second has been
announced." announced."
::= { ntpEntNotifications 7 } ::= { ntpEntNotifications 7 }
ntpEntNotifHeartbeat NOTIFICATION-TYPE ntpEntNotifHeartbeat NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusCurrentModeVal, OBJECTS { ntpEntStatusDateTime, ntpEntStatusCurrentMode,
ntpEntHeartbeatInterval, ntpEntNotifMessage } ntpEntHeartbeatInterval, ntpEntNotifMessage }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The notification to be sent periodically (as defined by "The notification to be sent periodically (as defined by
ntpEntHeartbeatInterval) to indicate that the NTP entity is ntpEntHeartbeatInterval) to indicate that the NTP entity is
still alive." still alive."
::= { ntpEntNotifications 8 } ::= { ntpEntNotifications 8 }
-- --
-- Conformance/Compliance statements -- Conformance/Compliance statements
skipping to change at page 23, line 29 skipping to change at page 23, line 9
"optional object group" "optional object group"
GROUP ntpEntNotifGroup GROUP ntpEntNotifGroup
DESCRIPTION DESCRIPTION
"optional notifications for this MIB" "optional notifications for this MIB"
::= { ntpEntCompliances 2 } ::= { ntpEntCompliances 2 }
ntpEntObjectsGroup1 OBJECT-GROUP ntpEntObjectsGroup1 OBJECT-GROUP
OBJECTS { OBJECTS {
ntpEntSoftwareName, ntpEntSoftwareName,
ntpEntSoftwareVersion, ntpEntSoftwareVersion,
ntpEntSoftwareVersionVal,
ntpEntSoftwareVendor, ntpEntSoftwareVendor,
ntpEntSystemType, ntpEntSystemType,
ntpEntStatusEntityUptime, ntpEntStatusEntityUptime,
ntpEntStatusDateTime, ntpEntStatusDateTime,
ntpAssocName, ntpAssocName,
ntpAssocRefId, ntpAssocRefId,
ntpAssocAddressType, ntpAssocAddressType,
ntpAssocAddress ntpAssocAddress
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects for the NTP MIB." "A collection of objects for the NTP MIB."
::= { ntpEntGroups 1 } ::= { ntpEntGroups 1 }
ntpEntObjectsGroup2 OBJECT-GROUP ntpEntObjectsGroup2 OBJECT-GROUP
OBJECTS { OBJECTS {
ntpEntTimeResolution, ntpEntTimeResolution,
ntpEntTimeResolutionVal,
ntpEntTimePrecision, ntpEntTimePrecision,
ntpEntTimePrecisionVal,
ntpEntTimeDistance, ntpEntTimeDistance,
ntpEntStatusCurrentMode, ntpEntStatusCurrentMode,
ntpEntStatusCurrentModeVal,
ntpEntStatusStratum, ntpEntStatusStratum,
ntpEntStatusActiveRefSourceId, ntpEntStatusActiveRefSourceId,
ntpEntStatusActiveRefSourceName, ntpEntStatusActiveRefSourceName,
ntpEntStatusActiveOffset, ntpEntStatusActiveOffset,
ntpEntStatusNumberOfRefSources, ntpEntStatusNumberOfRefSources,
ntpEntStatusDispersion, ntpEntStatusDispersion,
ntpEntStatusLeapSecond, ntpEntStatusLeapSecond,
ntpEntStatusLeapSecDirection, ntpEntStatusLeapSecDirection,
ntpEntStatusInPkts, ntpEntStatusInPkts,
ntpEntStatusOutPkts, ntpEntStatusOutPkts,
skipping to change at page 25, line 7 skipping to change at page 24, line 30
ntpEntNotifLeapSecondAnnounced, ntpEntNotifLeapSecondAnnounced,
ntpEntNotifHeartbeat ntpEntNotifHeartbeat
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of notifications for the NTP MIB" "A collection of notifications for the NTP MIB"
::= { ntpEntGroups 3 } ::= { ntpEntGroups 3 }
END END
5. IANA Considerations 6. IANA Considerations
The MIB module in this document uses the following IANA-assigned The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry: OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value Descriptor OBJECT IDENTIFIER value
---------- ----------------------- ---------- -----------------------
ntpSnmp { mib-2 XXX } ntpSnmp { mib-2 XXX }
RFC Ed. : the IANA is requested to assign a value for "XXX" under the RFC Ed. : the IANA is requested to assign a value for "XXX" under the
'mib-2' subtree and to record the assignment in the SMI Numbers 'mib-2' subtree and to record the assignment in the SMI Numbers
registry. When the assignment has been made, the RFC Editor is asked registry. When the assignment has been made, the RFC Editor is asked
to replace "XXX" (here and in the MIB module) with the assigned value to replace "XXX" (here and in the MIB module) with the assigned value
and to remove this note. and to remove this note.
6. Security Considerations 7. Security Considerations
There are currently two management objects defined in this MIB module There are currently two management objects defined in this MIB module
with a MAX-ACCESS clause of read-write and/or read-create. Such with a MAX-ACCESS clause of read-write and/or read-create. Such
objects may be considered sensitive or vulnerable in some network objects may be considered sensitive or vulnerable in some network
environments. The support for SET operations in a non-secure environments. The support for SET operations in a non-secure
environment without proper protection can have a negative effect on environment without proper protection can have a negative effect on
network operations. These are the objects and their sensitivity/ network operations. These are the objects and their sensitivity/
vulnerability: vulnerability:
ntpEntHeartbeatInterval controls the interval of heartbeat ntpEntHeartbeatInterval controls the interval of heartbeat
skipping to change at page 26, line 7 skipping to change at page 25, line 31
notification for critical and important events. notification for critical and important events.
Some of the readable objects in this MIB module (i.e., objects with a Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to vulnerable in some network environments. It is thus important to
control even GET and/or NOTIFY access to these objects and possibly control even GET and/or NOTIFY access to these objects and possibly
to even encrypt the values of these objects when sending them over to even encrypt the values of these objects when sending them over
the network via SNMP. These are the tables and objects and their the network via SNMP. These are the tables and objects and their
sensitivity/vulnerability: sensitivity/vulnerability:
ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVersionVal, ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVendor and
ntpEntSoftwareVendor and ntpEntSystemType all can be used to identify ntpEntSystemType all can be used to identify software and its version
software and its version as well as the operating system and hardware as well as the operating system and hardware platform. This might
platform. This might help a potential attacker to find security help a potential attacker to find security problems and therefore can
problems and therefore can be used in the preparation of an attack. be used in the preparation of an attack.
SNMP versions prior to SNMPv3 did not include adequate security. SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPsec), Even if the network itself is secure (for example by using IPsec),
even then, there is no control as to who on the secure network is even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module. It is RECOMMENDED that implementers consider the in this MIB module. It is RECOMMENDED that implementers consider the
security features as provided by the SNMPv3 framework (see RFC3410 security features as provided by the SNMPv3 framework (see RFC3410
[RFC3410], section 8), including full support for the SNMPv3 [RFC3410], section 8), including full support for the SNMPv3
cryptographic mechanisms (for authentication and privacy). Further, cryptographic mechanisms (for authentication and privacy). Further,
deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED.
Instead, it is RECOMMENDED to deploy SNMPv3 and to enable Instead, it is RECOMMENDED to deploy SNMPv3 and to enable
cryptographic security. It is then a customer/operator cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them. rights to indeed GET or SET (change/create/delete) them.
7. References 8. References
7.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[I-D.ietf-ntp-ntpv4-proto] [I-D.ietf-ntp-ntpv4-proto]
Burbank, J., "Network Time Protocol Version 4 Protocol And Kasch, W., Mills, D., and J. Burbank, "Network Time
Algorithms Specification", draft-ietf-ntp-ntpv4-proto-11 Protocol Version 4 Protocol And Algorithms Specification",
(work in progress), September 2008. draft-ietf-ntp-ntpv4-proto-13 (work in progress),
October 2009.
[RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2", Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999. STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, "Conformance Statements for SMIv2", STD 58, RFC 2580,
April 1999. April 1999.
[RFC4001] Daniele, M., Ed., Haberman, B., Ed., Routhier, S., Ed., [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
and J. Schoenwaelder, Ed., "Textual Conventions for Schoenwaelder, "Textual Conventions for Internet Network
Internet Network Addresses", STD 58, RFC 4001, April 1999. Addresses", RFC 4001, February 2005.
7.2. Informative References 8.2. Informative References
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet- "Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002. Standard Management Framework", RFC 3410, December 2002.
Authors' Addresses Authors' Addresses
Heiko Gerstung Heiko Gerstung
Meinberg Funkuhren Gmbh & Co. KG Meinberg Funkuhren Gmbh & Co. KG
Lange Wand 9 Lange Wand 9
skipping to change at page 27, line 23 skipping to change at page 27, line 4
Authors' Addresses Authors' Addresses
Heiko Gerstung Heiko Gerstung
Meinberg Funkuhren Gmbh & Co. KG Meinberg Funkuhren Gmbh & Co. KG
Lange Wand 9 Lange Wand 9
Bad Pyrmont 31812 Bad Pyrmont 31812
Germany Germany
Phone: +49 5281 9309 25 Phone: +49 5281 9309 25
Email: heiko.gerstung@meinberg.de Email: heiko.gerstung@meinberg.de
Chris Elliott Chris Elliott
1516 Kent St. 1516 Kent St.
Durham, NC 27707 Durham, NC 27707
USA USA
Phone: +1-919-308-1216 Phone: +1-919-308-1216
Email: chelliot@pobox.com Email: chelliot@pobox.com
Brian Haberman (editor)
Johns Hopkins University Applied Physics Lab
11100 Johns Hopkins Road
Laurel, MD 20723-6099
US
Phone: +1 443 778 1319
Email: brian@innovationslab.net
 End of changes. 65 change blocks. 
191 lines changed or deleted 171 lines changed or added

This html diff was produced by rfcdiff 1.38. The latest version is available from http://tools.ietf.org/tools/rfcdiff/