8.2. Configuring NTP

Overview

Function Introduction

NTP is a tiered time distribution system with redundancy capability. NTP measures delays within the network and within the algorithms on the machine on which it is running. Using these tools and techniques, it is able to synchronize clocks to within milliseconds of each other when connected on a Local Area Network and within hundreds of milliseconds of each other when connected to a Wide Area Network. The tiered nature of the NTP time distribution tree enables a user to choose the accuracy needed by selecting a level (stratum) within the tree for machine placement. A time server placed higher in the tree (lower stratum number), provides a higher likelihood of agreement with the UTC time standard.

Some of the hosts act as time servers, that is, they provide what they believe is the correct time to other hosts. Other hosts act as clients, that is, they find out what time it is by querying a time server. Some hosts act as both clients and time servers, because these hosts are links in a chain over which the correct time is forwarded from one host to the next. As part of this chain, a host acts first as a client to get the correct time from another host that is a time server. It then turns around and functions as a time server when other hosts, acting as clients, send requests to it for the correct time.

Principle Description

N/A

Configuration

Configuring Client/Server mode connecting with in-band interface

Before configuring NTP client, make sure that NTP service is enabled on Server.

image

Fig. 8.1 NTP

step 1 Enter the configure mode

Switch# configure terminal

step 2 Enter the vlan configure mode and create a vlan

Switch(config)# vlan database
Switch(config-vlan)# vlan 10
Switch(config-vlan)# exit

step 3 Enter the interface configure mode and join the vlan

Switch(config)# interface eth-0-26
Switch(config-if)# switch access vlan 10
Switch(config-if)# no shutdown
Switch(config-if)# exit

step 4 create a vlan interface and set the IP address

Switch(config)# interface vlan10
Switch(config-if)# ip address 6.6.6.5/24
Switch(config-if)# exit

step 5 Set the attributes of NTP client

Enable a trustedkey; Configure the IP address of the NTP server; Enable authentication; Once you have enabled authentication, the client switch sends the time-of-day requests to the trusted NTP servers only; Configure ntp ace.

Switch(config)# ntp key 1 serverkey
Switch(config)# ntp server 6.6.6.6 key 1
Switch(config)# ntp authentication enable
Switch(config)# ntp trustedkey 1
Switch(config)# ntp ace 6.6.6.6 none

step 6 Exit the configure mode

Switch(config)# end

step 7 Validation

Switch# show ntp
Current NTP configuration:
 ============================================================
NTP access control list:
6.6.6.6 mask 255.255.255.255 none
Unicast peer:
Unicast server:
6.6.6.6 key 1
Authentication: enabled
Local reference clock:
Disable management interface
Switch# show ntp status
Current NTP status:
 ============================================================
clock is synchronized
stratum: 7
reference clock: 6.6.6.6
frequency: 17.365 ppm
precision: 2**20
reference time: d14797dd.70b196a2 ( 1:54:37.440 UTC Thu Apr 7 2023)
root delay: 0.787 ms
root dispersion: 23.993 ms
peer dispersion: 57.717 ms
clock offset: -0.231 ms
stability: 6.222 ppm
Switch# show ntp associations
Current NTP associations:
remote refid st when poll reach delay offset disp
 ============================================================================
 *6.6.6.6 127.127.1.0 6 50 128 37 0.778 -0.234 71.945
```console
synchronized, + candidate,  selected, x falsetick, . excess, - outlier

Configuring Client/Server mode connecting with management interface

step 1 Enter the configure mode

Switch# configure terminal

step 2 Enable ntp management interface

Switch(config)# ntp mgmt-if only

Note1: Use the following command to enable both in-band and management interface

Switch(config)# ntp mgmt-if enable

Note: Use the following command to disable management interface

Switch(config)# no ntp mgmt-if

step 3 Set the attributes of NTP client

Switch(config)# ntp key 1 serverkey
Switch(config)# ntp server 192.168.100.101 key 1
Switch(config)# ntp authentication enable
Switch(config)# ntp trustedkey 1
Switch(config)# ntp ace 192.168.100.101 none

step 4 Exit the configure mode

Switch(config)# end

step 5 Validation

Switch# show ntp
Current NTP configuration:
 ============================================================
NTP access control list:
192.168.100.101 mask 255.255.255.255 none
Unicast peer:
Unicast server:
192.168.100.101 key 1
Authentication: enabled
Local reference clock:
Only management interface
Switch# show ntp associations
Current NTP associations:
remote refid st when poll reach delay offset disp
 ==============================================================================
 *192.168.100.101 127.127.1.0 3 27 64 1 1.328 2.033 433.075
 * sys.peer, + candidate,  selected, x falsetick, . excess, - outlyer

Application cases

Configuring NTP Server (Use the ntpd of linux system for example

Step 1 Display eth1 ip address

 [<root@localhost> octeon] ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:58:3F:89:4B:AA
inet addr:6.6.6.6 Bcast:6.6.6.255 Mask:255.255.255.0
inet6 addr: fe80::208:c7ff:fe89:4baa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3453 errors:1 dropped:0 overruns:0 frame:1
TX packets:3459 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:368070 (359.4 KiB) TX bytes:318042 (310.5 KiB)

Step 2 Check networks via Ping

 [<root@localhost> octeon] ping 6.6.6.5
PING 6.6.6.5 (6.6.6.5) 56(84) bytes of data.
64 bytes from 6.6.6.5: icmp_seq=0 ttl=64 time=0.951 ms
64 bytes from 6.6.6.5: icmp_seq=1 ttl=64 time=0.811 ms
64 bytes from 6.6.6.5: icmp_seq=2 ttl=64 time=0.790 ms

Step 3 Configure ntp.conf

 [<root@localhost> octeon] vi /etc/ntp.conf
server 127.127.1.0  local clock
fudge 127.127.1.0 stratum 5
 
  Drift file. Put this in a directory which the daemon can write to.
  No symbolic links allowed, either, since the daemon updates the file by creating a temporary in the same directory and then rename()'ing it to the file.
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
broadcast 6.6.6.255
 
  PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
  systems might be able to reset your clock at will. Note also that
  ntpd is started with a -A flag, disabling authentication, that
  will have to be removed as well.
 
disable auth
keys /etc/ntp/keys
trustedkey 1

Step 4 Configure keys

 [<root@localhost> octeon] vi /etc/ntp/keys
 
  PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote
  systems might be able to reset your clock at will. Note also that
  ntpd is started with a -A flag, disabling authentication, that
  will have to be removed as well.
1 M serverkey

Step 5 Start ntpd service

[<root@localhost> octeon] ntpd