The NTP or Network Time Protocol is a KEY function of all of your network equipment. If I have said it once and you’re annoyed that I’m saying it again then be annoyed because trust me, if you don’t do this then one day you will regret your decision. Find an NTP host, point at it, synchronise yourself and make sure you keep it going.
So lets start from the beginning here.
NTP is a protocol running on UDP port 123....easy to remember that yeah? 123 easy like...123...also it remind me of the time 1 o’clock, 2 o’clock 3 o’clock. You know, the NTP port number feels to me like one of the obvious exam questions. Anyway NTP, lets think about it.
Imagine you have a system and it has a problem. Maybe you are logging the issue locally on the device and are also capturing logs from other devices on a syslog server. So you want to find out what happened across all of this kit to see if there are any common starting points but they don’t match. Crucially you have forgotten to synchronise their times so the logs don’t match - you are hosed because you can’t see any commonality. NTP would be your answer here. The NTP protocol (and services which use it) would automatically synchronise the time between all of these devices...bliss.
Remember NTP updates use the UTC or Universal Time Constant which is disassociated with any world time-zone (but is the same as GMT). We will need to set the correct time-zone as a final step to make sure we’ve got the correct local time....we’ll do that last. First lets get NTP running.
So how do we enable this for JunOS? First of all login and go into configuration mode. The NTP configuration is all done under the ‘system > ntp’ subtree.
Lets take a look at the available options
We are an NTP client and we are going to point at an NTP peer on the internet. A quick Google for ‘public ntp servers’ found this list for me - I’m in the UK but you want to choose a list of stratum 2 public NTP servers need you.
I’ve chosen two servers from this list for me and I’l have a primary (the most trusted) and a secondary NTP server in case the primary fails. Lets use ntp2c.mcc.ac.uk and ntp2.sandvika.net. Do you notice that the list includes both the hostname and the IP address? Well I always like to use the hostname for the configuration in case they change the server IP address. We’ll need to setup the DNS lookup server on the Juniper router so we can resolve the IP address from the domain name.
I’ve chosen to use the Google public DNS servers but you can use any.
Now lets check we can lookup the IP address by using ping.
Perfect - DNS lookups are working.
Right lets configure the NTP peers then. First mcc - notice the ‘prefer’ keyword so we like this one the most.
Now for sandvika - we don’t prefer this one.
Ouch - thats not worked - no such hostname. Right lets have a look at ExNet then.
Ok great that went in - lets commit the candidate configuration now
Lets drop out of configuration now to run some ‘show’ commands to see it build the association and synchronise the time.
We’re not sync’d yet - notice we see stratum 16? There are 15 strata but mostly you sit at 2 or 3. Personally I wouldn’t ever wish to sync myself to anything less than a stratum 3 time source. The higher the number the less trustworthy the source. Lets take a look where we are now...we’ve left it for another 30 seconds...
Great, we see we have sync’d to three stratum 2 time sources. Why three I hear you cry...well honestly I think the mcc time sources run a round-robin DNS so we got two different IP end hosts. Well thats it, we’re sync’d now. A few other ‘options’ you may wish to explore. What about if the remote time source is expecting you to be coming in from say your loopback address. This is normally for security reasons. Imagine each of your routers has two resilient links to the network and you are running an IGP so ca reach the NTP source from multiple links. If that source is trying to restrict the hosts talking to it you may wish to allow connectivity only form one remote IP address. If you have two links to it then there are two sources...so we use the loopback address.
Lets go through that now.
First we create the loopback address. We’ll use 126.96.36.199/24 (remember JunOS uses CIDR notation).
Now we set the source for our NTP packets to the loopback IP address. Now the remote server only needs one line in it’s security filter rather than two...nice.
There are way more things we can do including setting ourselves up as an NTP time source but thats for another time.
One final thing for me though, living in the UK means that I have to consider my time-zone and more specifically British Summer Time (Dayiight Savings Time). At two times int eh year we all put our clocks forwards one hour and then backwards again. Historically this is meant to allow our farmers to do more work...not that they don’t already huh.
To set the timezone we type ‘set system time-zone’. If you wish to know what time-zone choices you have then just use the ‘?’ or context sensitive help. Here is the output for the first few lines:
I already said I’m in the UK and we run on GMT or Greenwich Mean Time but more specifically I wish to support BST or British Summer Time which operates a ‘Daylights Savings Time’ +1 hour and -1 hour at two points in the calendar. Now I’ve looked and looked and cannot find any command to support this. In IOS you would use the ‘clock’ command to set a recurring adjustment (see NTP post)
. In this case we could maybe go for GMT+1 which would do the same sort of thing but I fear that when the clock goes back again I’d have to change this again to GMT.
So thats it for this time.
Thanks for reading and good luck with your studies.