RFC5907
Internet Engineering Task Force (IETF) H. Gerstung Request for Comments: 5907 Meinberg Category: Standards Track C. Elliott ISSN: 2070-1721
B. Haberman, Ed.
JHU APL
June 2010
Definitions of Managed Objects for
Network Time Protocol Version 4 (NTPv4)
Abstract
The Network Time Protocol (NTP) is used in networks of all types and sizes for time synchronization of servers, workstations, and other networked equipment. As time synchronization is more and more a mission-critical service, standardized means for monitoring and management of this subsystem of a networked host are required to allow operators of such a service to set up a monitoring system that is platform- and vendor-independent. This document provides a standardized collection of data objects for monitoring the NTP entity of such a network participant and it is part of the NTP version 4 standardization effort.
5Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5907.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Contents
Introduction
The NTPv4 MIB module is designed to allow Simple Network Management Protocol (SNMP) to be used to monitor and manage local NTP RFC5905 entities. It provides a collection of data objects that can be queried using the SNMP protocol and represent the current status of the NTP entity. This includes general information about the NTP entity itself (vendor, product, version) as well as connectivity to upstream NTP servers used as sources of reference time and to hardware reference clocks like radio clocks. The most important values are included in order to be able to detect failures before they can have an impact on the overall time synchronization status of the network. There are also a collection of notification objects to inform about state changes in the NTP entity. There are objects to control these notifications as well.
Conventions Used in This Document
The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.
The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 RFC3410.
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 RFC2578, STD 58, RFC 2579 RFC2579 and STD 58, RFC 2580 RFC2580.
Technical Description
The NTPv4 MIB module is divided into sections for general server information, current NTP entity status, status information of all mobilized associations (e.g., unicast upstream time servers, multicast or broadcast, time references, and hardware clocks), NTP entity control objects, NTP objects used only for notifications, as well as SNMP notification definitions for core events.
The general server information section contains static information and can be queried to identify which NTP implementation is running on a host. This includes the vendor and product name of the running NTP software as well as version information, hardware/os platform identity, and the time resolution of the underlying OS.
Section 2 (current NTP status) includes data objects that represent the current operational status of the NTP entity.
The third section contains data objects that represent the set of time references ("associations") with which the NTP entity is currently working.
The fourth section contains objects that can be used to control the NTP entity. The currently defined objects control how often the heartbeat interval notification is sent out and which notifications are enabled.
The fifth section contains objects that are only used as varbinds in notifications. There is currently only one object in this section -- a message that adds a cleartext event message to notifications.
Certain important events can occur while the NTP entity is running. The notification section defines SNMP notifications for a collection of the most important ones ("core events") and additionally provides a heartbeat notification as well as a test notification to allow management systems to test the reception of NTP-related notifications as well as enable heartbeat-based monitoring systems to assure that the NTP entity is still up and running.
Some values are included both in numeric and in human-readable (string) format. This has been done to simplify the representation of a status information. If the two representations of a certain value differ, the numeric representation takes precedence.
MIB Definition
-- ********************************************************************* -- -- The Network Time Protocol Version 4 -- Management Information Base (MIB) -- -- Authors: Heiko Gerstung ([email protected]) -- Chris Elliott ([email protected]) -- -- for the Internet Engineering Task Force (IETF) -- NTP Working Group (ntpwg) -- -- -- ********************************************************************* -- Rev 1.00 -- Published as RFC 5907 -- -- *********************************************************************
NTPv4-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE , mib-2, Integer32, NOTIFICATION-TYPE,
Unsigned32, Counter32, TimeTicks
FROM SNMPv2-SMI -- RFC 2578
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF -- RFC 2580
DisplayString, TEXTUAL-CONVENTION
FROM SNMPv2-TC -- RFC 2579
InetAddressType, InetAddress
FROM INET-ADDRESS-MIB -- RFC 4001
Utf8String
FROM SYSAPPL-MIB; -- RFC 2287
ntpSnmpMIB MODULE-IDENTITY
LAST-UPDATED "201005170000Z" -- May 17, 2010
ORGANIZATION "The IETF NTP Working Group (ntpwg)"
CONTACT-INFO
" WG Email: [email protected]
Subscribe:
https://lists.ntp.isc.org/mailman/listinfo/ntpwg
Heiko Gerstung
Meinberg Funkuhren Gmbh & Co. KG
Lange Wand 9
Bad Pyrmont 31812
Germany
Phone: +49 5281 9309 25
Email: [email protected]
Chris Elliott
1516 Kent St.
Durham, NC 27707
USA
Phone: +1-919-308-1216
Email: [email protected]
Brian Haberman
11100 Johns Hopkins Road
Laurel, MD 20723
USA
Phone: +1-443-778-1319
Email: [email protected]"
DESCRIPTION
"The Management Information Base for NTP time entities.
Copyright (c) 2010 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info)."
REVISION "201005170000Z"
DESCRIPTION
"This revision of the MIB module is published as RFC 5907."
::= { mib-2 197 }
ntpSnmpMIBObjects OBJECT IDENTIFIER ::= { ntpSnmpMIB 1 }
-- MIB contains 6 groups
ntpEntInfo OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 1 } ntpEntStatus OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 2 } ntpAssociation OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 3 } ntpEntControl OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 4 } ntpEntNotifObjects OBJECT IDENTIFIER ::= { ntpSnmpMIBObjects 5 }
-- -- Textual Conventions --
NtpStratum ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"The NTP stratum, with 16 representing no stratum."
SYNTAX Unsigned32 (1..16)
NtpDateTime ::= TEXTUAL-CONVENTION
DISPLAY-HINT "4d:4d:4d.4d"
STATUS current
DESCRIPTION
"NTP date/time on the device, in 128-bit
NTP date format. If time is not syncronized, this
field shall be a zero-length string.
This trusted certificate (TC) is not to be used for objects
that are used to set the time of the node querying this
object. NTP should be used for this -- or at least SNTP."
REFERENCE "RFC 5905, section 6"
SYNTAX OCTET STRING (SIZE (0 | 16))
-- -- Section 1: General NTP Entity information objects -- (relatively static information) --
ntpEntSoftwareName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The product name of the running NTP version, e.g., 'ntpd'."
::= { ntpEntInfo 1 }
ntpEntSoftwareVersion OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The software version of the installed NTP implementation
as a full version string, e.g., '[email protected] ...'"
::= { ntpEntInfo 2 }
ntpEntSoftwareVendor OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The vendor/author of the installed NTP version."
::= { ntpEntInfo 3 }
ntpEntSystemType OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"General hardware/os platform information,
e.g., 'Linux 2.6.12 / x86'."
-- freely configurable, default is OS Version / Hardware platform
::= { ntpEntInfo 4 }
ntpEntTimeResolution OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time resolution in integer format, where the resolution
is represented as divisions of a second, e.g., a value of 1000
translates to 1.0 ms."
::= { ntpEntInfo 5 }
ntpEntTimePrecision OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The entity's precision in integer format, shows the precision.
A value of -5 would mean 2^-5 = 31.25 ms."
::= { ntpEntInfo 6 }
ntpEntTimeDistance OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The distance from this NTP entity to the root time reference
(stratum 0) source including the unit, e.g., '13.243 ms'."
::= { ntpEntInfo 7 }
-- -- Section 2: Current NTP status (dynamic information) --
ntpEntStatusCurrentMode OBJECT-TYPE
SYNTAX INTEGER {
notRunning(1),
notSynchronized(2),
noneConfigured(3),
syncToLocal(4),
syncToRefclock(5),
syncToRemoteServer(6),
unknown(99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current mode of the NTP. The definition of each possible
value is:
notRunning(1) - NTP is not running.
notSynchronized(2) - NTP is not synchronized to any time
source (stratum = 16).
noneConfigured(3) - NTP is not synchronized and does not
have a reference configured
(stratum = 16).
syncToLocal(4) - NTP is distributing time based on its
local clock (degraded accuracy and/or
reliability).
syncToRefclock(5) - NTP is synchronized to a local
hardware refclock (e.g., GPS).
syncToRemoteServer(6) - NTP is synchronized to a remote
NTP server ('upstream' server).
unknown(99) - The state of NTP is unknown."
::= { ntpEntStatus 1 }
ntpEntStatusStratum OBJECT-TYPE
SYNTAX NtpStratum
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The NTP entity's own stratum value. Should be a stratum of
syspeer + 1 (or 16 if no syspeer)."
::= { ntpEntStatus 2 }
ntpEntStatusActiveRefSourceId OBJECT-TYPE
SYNTAX Unsigned32 ( 0..99999 )
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The association ID of the current syspeer."
::= { ntpEntStatus 3 }
ntpEntStatusActiveRefSourceName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hostname/descriptive name of the current reference source
selected as syspeer, e.g., 'ntp1.ptb.de' or 'GPS' or
'DCFi', ..."
::= { ntpEntStatus 4 }
ntpEntStatusActiveOffset OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time offset to the current selected reference time source
as a string including unit, e.g., '0.032 ms' or '1.232 s'."
::= { ntpEntStatus 5 }
ntpEntStatusNumberOfRefSources OBJECT-TYPE
SYNTAX Unsigned32 (0..99)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of reference sources configured for NTP."
::= { ntpEntStatus 6 }
ntpEntStatusDispersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The root dispersion of the running NTP entity, e.g., '6.927'."
::= { ntpEntStatus 7 }
ntpEntStatusEntityUptime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The uptime of the NTP entity, (i.e., the time since ntpd was
(re-)initialized not sysUptime!). The time is represented in
hundreds of seconds since Jan 1, 1970 (00:00:00.000) UTC."
::= { ntpEntStatus 8 }
ntpEntStatusDateTime OBJECT-TYPE
SYNTAX NtpDateTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current NTP date/time on the device, in 128-bit
NTP date format. If time is not syncronized, this
field shall be a zero-length string.
This object can be used to timestamp events on this
node and allow a management station to correlate
different time objects. For example, a management
station could query this object and sysUpTime in
the same operation to be able to relate sysUpTime
to NTP time.
This object is not to be used to set the time of
the node querying this object. NTP should be used
for this -- or at least SNTP."
REFERENCE "RFC 5905, section 6"
::= { ntpEntStatus 9 }
ntpEntStatusLeapSecond OBJECT-TYPE
SYNTAX NtpDateTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Date the next known leap second will occur. If there is
no leap second announced, then this object should be 0."
::= { ntpEntStatus 10 }
ntpEntStatusLeapSecDirection OBJECT-TYPE
SYNTAX Integer32 (-1..1)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Direction of next known leap second. If there is no
leap second announced, then this object should be 0."
::= { ntpEntStatus 11 }
ntpEntStatusInPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
NTP entity from the transport service.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 12 }
ntpEntStatusOutPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
transport service by this NTP entity.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 13 }
ntpEntStatusBadVersion OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity and were for an unsupported NTP
version.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 14 }
ntpEntStatusProtocolError OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity and this entity was not able to
process due to an NTP protocol error.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 15 }
ntpEntStatusNotifications OBJECT-TYPE
SYNTAX Counter32
UNITS "notifications"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of SNMP notifications that this NTP
entity has generated.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatus 16 }
ntpEntStatPktModeTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpEntStatPktModeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The number of packets sent and received by packet mode.
One entry per packet mode."
::= { ntpEntStatus 17 }
ntpEntStatPktModeEntry OBJECT-TYPE
SYNTAX NtpEntStatPktModeEntry MAX-ACCESS not-accessible STATUS current
DESCRIPTION
"A statistical record of the number of packets sent and
received for each packet mode."
INDEX { ntpEntStatPktMode }
::= { ntpEntStatPktModeTable 1 }
NtpEntStatPktModeEntry ::= SEQUENCE {
ntpEntStatPktMode INTEGER,
ntpEntStatPktSent Counter32,
ntpEntStatPktReceived Counter32
}
ntpEntStatPktMode OBJECT-TYPE
SYNTAX INTEGER {
symetricactive(1),
symetricpassive(2),
client(3),
server(4),
broadcastserver(5),
broadcastclient(6)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The NTP packet mode."
::= { ntpEntStatPktModeEntry 1 }
ntpEntStatPktSent OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of NTP packets sent with this packet mode.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatPktModeEntry 2 }
ntpEntStatPktReceived OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of NTP packets received with this packet mode.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpEntStatPktModeEntry 3 }
-- -- Section 3: The status of all currently mobilized associations --
ntpAssociationTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of currently mobilized associations."
::= { ntpAssociation 1 }
ntpAssociationEntry OBJECT-TYPE
SYNTAX NtpAssociationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table entry of currently mobilized associations."
INDEX { ntpAssocId }
::= { ntpAssociationTable 1 }
NtpAssociationEntry ::= SEQUENCE {
ntpAssocId Unsigned32,
ntpAssocName Utf8String,
ntpAssocRefId DisplayString,
ntpAssocAddressType InetAddressType,
ntpAssocAddress InetAddress,
ntpAssocOffset DisplayString,
ntpAssocStratum NtpStratum,
ntpAssocStatusJitter DisplayString,
ntpAssocStatusDelay DisplayString,
ntpAssocStatusDispersion DisplayString
}
ntpAssocId OBJECT-TYPE
SYNTAX Unsigned32 ( 1..99999 )
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The association ID. This is an internal, unique ID."
::= { ntpAssociationEntry 1 }
ntpAssocName OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The hostname or other descriptive name for the association."
::= { ntpAssociationEntry 2 }
ntpAssocRefId OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The refclock driver ID, if available."
-- a refclock driver ID like "127.127.1.0" for non
-- uni/multi/broadcast associations
::= { ntpAssociationEntry 3 }
ntpAssocAddressType OBJECT-TYPE
SYNTAX InetAddressType { ipv4(1), ipv6(2), ipv4z(3), ipv6z(4) }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The type of address of the association. Can be either IPv4 or
IPv6 (both with or without zone index) and contains the type of
address for unicast, multicast, and broadcast associations."
::= { ntpAssociationEntry 4 }
ntpAssocAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|8|16|20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The IP address (IPv4 or IPv6, with or without zone index) of
the association. The type and size depends on the
ntpAssocAddressType object. Represents the IP address of a
uni/multi/broadcast association."
::= { ntpAssociationEntry 5 }
ntpAssocOffset OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time offset to the association as a string."
-- including unit, e.g., "0.032 ms" or "1.232 s"
::= { ntpAssociationEntry 6 }
ntpAssocStratum OBJECT-TYPE
SYNTAX NtpStratum
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The association stratum value."
::= { ntpAssociationEntry 7 }
ntpAssocStatusJitter OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The jitter in milliseconds as a string."
::= { ntpAssociationEntry 8 }
ntpAssocStatusDelay OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The network delay in milliseconds as a string."
::= { ntpAssociationEntry 9 }
ntpAssocStatusDispersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The root dispersion of the association."
-- e.g., "6.927"
::= { ntpAssociationEntry 10 }
ntpAssociationStatisticsTable OBJECT-TYPE
SYNTAX SEQUENCE OF NtpAssociationStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table of statistics for current associations."
::= { ntpAssociation 2 }
ntpAssociationStatisticsEntry OBJECT-TYPE
SYNTAX NtpAssociationStatisticsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table entry of statistics for current associations."
INDEX { ntpAssocId }
::= { ntpAssociationStatisticsTable 1 }
NtpAssociationStatisticsEntry ::= SEQUENCE {
ntpAssocStatInPkts Counter32,
ntpAssocStatOutPkts Counter32,
ntpAssocStatProtocolError Counter32
}
ntpAssocStatInPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
NTP entity from this association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 1 }
ntpAssocStatOutPkts OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages delivered to the
transport service by this NTP entity for this
association.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 2 }
ntpAssocStatProtocolError OBJECT-TYPE
SYNTAX Counter32
UNITS "packets"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The total number of NTP messages that were delivered
to this NTP entity from this association and this entity
was not able to process due to an NTP protocol error.
Discountinuities in the value of this counter can occur
upon cold start or reinitialization of the NTP entity, the
management system and at other times as indicated by
discontinuities in the value of sysUpTime."
::= { ntpAssociationStatisticsEntry 3 }
-- -- Section 4: Control objects --
ntpEntHeartbeatInterval OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The interval at which the ntpEntNotifHeartbeat notification
should be sent, in seconds. If set to 0 and the
entNotifHeartbeat bit in ntpEntNotifBits is 1, then
ntpEntNotifHeartbeat is sent once.
This value is stored persistently and will be restored to its
last set value upon cold start or restart."
DEFVAL { 60 }
::= { ntpEntControl 1 }
ntpEntNotifBits OBJECT-TYPE
SYNTAX BITS {
notUsed(0), -- Used to sync up bit and notification
-- indices
entNotifModeChange(1),
entNotifStratumChange(2),
entNotifSyspeerChanged(3),
entNotifAddAssociation(4),
entNotifRemoveAssociation(5),
entNotifConfigChanged(6),
entNotifLeapSecondAnnounced(7),
entNotifHeartbeat(8)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A bit for each notification. A 1 for a particular bit enables
that particular notification, a 0 disables it.
This value is stored persistently and will be restored to its
last set value upon cold start or restart."
::= { ntpEntControl 2 }
-- -- Section 5: Notification objects --
ntpEntNotifMessage OBJECT-TYPE
SYNTAX Utf8String
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Used as a payload object for all notifications. Holds a
cleartext event message."
DEFVAL { "no event" }
::= { ntpEntNotifObjects 1 }
-- -- SNMP notification definitions --
ntpEntNotifications OBJECT IDENTIFIER ::= { ntpSnmpMIB 0 }
ntpEntNotifModeChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusCurrentMode }
STATUS current
DESCRIPTION
"The notification to be sent when the NTP entity changes mode,
including starting and stopping (if possible)."
::= { ntpEntNotifications 1 }
ntpEntNotifStratumChange NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusStratum,
ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when stratum level of NTP changes."
::= { ntpEntNotifications 2 }
ntpEntNotifSyspeerChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusActiveRefSourceId,
ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when a (new) syspeer has been
selected."
::= { ntpEntNotifications 3 }
ntpEntNotifAddAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when a new association is
mobilized."
::= { ntpEntNotifications 4 }
ntpEntNotifRemoveAssociation NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpAssocName, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when an association is
demobilized."
::= { ntpEntNotifications 5 }
ntpEntNotifConfigChanged NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when the NTP configuration has
changed, e.g., when the system connected to the Internet and
was assigned a new IP address by the ISPs DHCP server."
::= { ntpEntNotifications 6 }
ntpEntNotifLeapSecondAnnounced NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent when a leap second has been
announced."
::= { ntpEntNotifications 7 }
ntpEntNotifHeartbeat NOTIFICATION-TYPE
OBJECTS { ntpEntStatusDateTime, ntpEntStatusCurrentMode,
ntpEntHeartbeatInterval, ntpEntNotifMessage }
STATUS current
DESCRIPTION
"The notification to be sent periodically (as defined by
ntpEntHeartbeatInterval) to indicate that the NTP entity is
still alive."
::= { ntpEntNotifications 8 }
-- -- Conformance/Compliance statements --
ntpEntConformance OBJECT IDENTIFIER ::= { ntpSnmpMIB 2 }
ntpEntCompliances OBJECT IDENTIFIER ::= { ntpEntConformance 1 } ntpEntGroups OBJECT IDENTIFIER ::= { ntpEntConformance 2 }
ntpEntNTPCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities that use NTP and
implement the NTP MIB."
MODULE -- this module
MANDATORY-GROUPS {
ntpEntObjectsGroup1
}
::= { ntpEntCompliances 1 }
ntpEntSNTPCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for SNMP entities that use SNTP and
implement the NTP MIB."
MODULE -- this module
MANDATORY-GROUPS {
ntpEntObjectsGroup1
}
GROUP ntpEntObjectsGroup2
DESCRIPTION
"Optional object group."
GROUP ntpEntNotifGroup
DESCRIPTION
"Optional notifications for this MIB."
::= { ntpEntCompliances 2 }
ntpEntObjectsGroup1 OBJECT-GROUP
OBJECTS {
ntpEntSoftwareName,
ntpEntSoftwareVersion,
ntpEntSoftwareVendor,
ntpEntSystemType,
ntpEntStatusEntityUptime,
ntpEntStatusDateTime,
ntpAssocName,
ntpAssocRefId,
ntpAssocAddressType,
ntpAssocAddress
}
STATUS current
DESCRIPTION
"A collection of objects for the NTP MIB."
::= { ntpEntGroups 1 }
ntpEntObjectsGroup2 OBJECT-GROUP
OBJECTS {
ntpEntTimeResolution,
ntpEntTimePrecision,
ntpEntTimeDistance,
ntpEntStatusCurrentMode,
ntpEntStatusStratum,
ntpEntStatusActiveRefSourceId,
ntpEntStatusActiveRefSourceName,
ntpEntStatusActiveOffset,
ntpEntStatusNumberOfRefSources,
ntpEntStatusDispersion,
ntpEntStatusLeapSecond,
ntpEntStatusLeapSecDirection,
ntpEntStatusInPkts,
ntpEntStatusOutPkts,
ntpEntStatusBadVersion,
ntpEntStatusProtocolError,
ntpEntStatusNotifications,
ntpEntStatPktSent,
ntpEntStatPktReceived,
ntpAssocOffset,
ntpAssocStratum,
ntpAssocStatusJitter,
ntpAssocStatusDelay,
ntpAssocStatusDispersion,
ntpAssocStatInPkts,
ntpAssocStatOutPkts,
ntpAssocStatProtocolError,
ntpEntHeartbeatInterval,
ntpEntNotifBits,
ntpEntNotifMessage
}
STATUS current
DESCRIPTION
"A collection of objects for the NTP MIB."
::= { ntpEntGroups 2 }
ntpEntNotifGroup NOTIFICATION-GROUP
NOTIFICATIONS {
ntpEntNotifModeChange,
ntpEntNotifStratumChange,
ntpEntNotifSyspeerChanged,
ntpEntNotifAddAssociation,
ntpEntNotifRemoveAssociation,
ntpEntNotifConfigChanged,
ntpEntNotifLeapSecondAnnounced,
ntpEntNotifHeartbeat
}
STATUS current
DESCRIPTION
"A collection of notifications for the NTP MIB"
::= { ntpEntGroups 3 }
END
IANA Considerations
The MIB module in this document uses the following IANA-assigned OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
ntpSnmp { mib-2 197 }
Security Considerations
There are currently two management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the objects and their sensitivity/ vulnerability:
ntpEntHeartbeatInterval controls the interval of heartbeat notifications. If set to 1, this will cause the NTP entity to send one notification each second. This is the maximum rate (1/s) that can be generated automatically. If it is set to 0, then one single hearbeat notification will be created and no further automatically generated notification is sent. This functionality can be used to create notifications at a higher rate (as high as the object can be written).
ntpEntNotifBits enables/disables notifications. Could be used to switch off notifications in order to delay or eliminate the notification for critical and important events.
Some of the readable objects in this MIB module (i.e., objects with a MAX-ACCESS other than not-accessible) may be considered sensitive or vulnerable in some network environments. It is thus important to control even GET and/or NOTIFY access to these objects and possibly to even encrypt the values of these objects when sending them over the network via SNMP. These are the tables and objects and their sensitivity/vulnerability:
ntpEntSoftwareName, ntpEntSoftwareVersion, ntpEntSoftwareVendor, and ntpEntSystemType all can be used to identify software and its version as well as the operating system and hardware platform. This might help a potential attacker to find security problems and therefore can be used in the preparation of an attack.
SNMP versions prior to SNMPv3 did not include adequate security. Even if the network itself is secure (for example by using IPsec), even then, there is no control as to who on the secure network is allowed to access and GET/SET (read/change/create/delete) the objects in this MIB module. It is RECOMMENDED that implementers consider the security features as provided by the SNMPv3 framework (see RFC 3410 RFC3410, section 8), including full support for the SNMPv3 cryptographic mechanisms (for authentication and privacy). Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.
Acknowledgments
Bert Wijnen provided valuable feedback as the MIB Doctor for this document.
References
Normative References
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC5905 Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch,
"Network Time Protocol Version 4: Protocol and Algorithms
Specification", RFC 5905, June 2010.
RFC2287 Krupczak, C. and J. Saperia, "Definitions of System-Level
Managed Objects for Applications", RFC 2287, February 1998.
RFC2578 McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Structure of Management Information
Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
RFC2579 McCloghrie, K., Ed., Perkins, D., Ed., and J.
Schoenwaelder, Ed., "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
RFC2580 McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
RFC4001 Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
Informative References
RFC3410 Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
Authors' Addresses
Heiko Gerstung Meinberg Funkuhren Gmbh & Co. KG Lange Wand 9 Bad Pyrmont 31812 Germany
Phone: +49 5281 9309 25 EMail: [email protected]
Chris Elliott 1516 Kent St. Durham, NC 27707 USA
Phone: +1-919-308-1216 EMail: [email protected]
Brian Haberman (editor) Johns Hopkins University Applied Physics Lab 11100 Johns Hopkins Road Laurel, MD 20723-6099 US
Phone: +1 443 778 1319 EMail: [email protected]
