Network Time Protocol¶
The Network Time Protocol (NTP) service on TNSR synchronizes the host clock with reference sources, typically remote servers. It also acts as an NTP server for clients.
NTP Configuration Examples¶
NTP Client Example¶
Configure the NTP Service as a client from configuration mode
(Configuration Mode). This example uses pool.ntp.org
in pool mode so that
multiple DNS results are used as reference servers.
tnsr(config)# ntp server
tnsr(config-ntp)# tos orphan 12
tnsr(config-ntp)# tinker panic 0
tnsr(config-ntp)# logconfig sequence 1 set sync all
tnsr(config-ntp)# logconfig sequence 2 add clock all
tnsr(config-ntp)# restrict default
tnsr(config-ntp-restrict)# kod
tnsr(config-ntp-restrict)# limited
tnsr(config-ntp-restrict)# nomodify
tnsr(config-ntp-restrict)# nopeer
tnsr(config-ntp-restrict)# notrap
tnsr(config-ntp-restrict)# noquery
tnsr(config-ntp-restrict)# exit
tnsr(config-ntp)# restrict source
tnsr(config-ntp-restrict)# kod
tnsr(config-ntp-restrict)# limited
tnsr(config-ntp-restrict)# nomodify
tnsr(config-ntp-restrict)# notrap
tnsr(config-ntp-restrict)# exit
tnsr(config-ntp)# restrict 127.0.0.1
tnsr(config-ntp-restrict)# exit
tnsr(config-ntp)# server host pool.ntp.org
tnsr(config-ntp-server)# operational-mode pool
tnsr(config-ntp-server)# maxpoll 9
tnsr(config-ntp-server)# exit
tnsr(config-ntp)# exit
tnsr(config)# ntp enable
tnsr(config)#
Note
When acting as a client, the NTP daemon may run in either the host
or
dataplane
namespace. The choice is decided by the location of the NTP
servers and how the NTP daemon must route to reach those servers.
NTP Server Example¶
To act as an NTP server, start with the client example above (NTP Client Example) and then configure the additional parts from this section.
First, to serve clients connected to TNSR interfaces, the NTP instance must
run in the dataplane
namespace:
tnsr(config)# ntp namespace dataplane
tnsr(config)# ntp server
tnsr(config-ntp)#
Now add restrictions which allow peers from local subnets:
tnsr(config-ntp)# restrict 10.2.0.0/24
tnsr(config-ntp-restrict)# kod
tnsr(config-ntp-restrict)# limited
tnsr(config-ntp-restrict)# nomodify
tnsr(config-ntp-restrict)# notrap
tnsr(config-ntp-restrict)# noquery
tnsr(config-ntp-restrict)# exit
Note
These restrictions are a rough guideline, and may vary depending on the needs and behaviors of the clients.
Repeat the restrict
direcetive for each local subnet for which the NTP
daemon will act as a time server. When finished, exit
out of config-ntp
mode.
NTP Best Practices¶
Use a minimum of three servers, either as three separate server entries or a pool containing three or more servers. This is to ensure that if the clock on any one server becomes skewed, the remaining two sources can be used to determine that the skewed server is no longer viable. Otherwise NTP would have to guess which one is accurate and which is skewed.
There are a large number of public NTP servers available under pool.ntp.org
.
The pool.ntp.org
DNS entry will return a number of randomized servers in
each DNS query response. These can be used individually or as pools. The easiest
way is to use the pool
operational mode, which uses all returned servers as
if they were specified individually.
When using entries as individual server
entries, these responses can be
subdivided into mutually exclusive pools of peers to avoid overlap. For example,
if a configuration specifies pool.ntp.org
multiple times for server
entries, the same IP address could accidentally be selected twice. In this case,
use 0.pool.ntp.org
, 1.pool.ntp.org
, 2.pool.ntp.org
, and so on. When
queried in this way, the responses will be unique for each number.
Furthermore, there are also pools available for regional and other divisions.
For example, to only receive responses for servers in the United States, use
us.pool.ntp.org
as a pool or <n>.us.pool.ntp.org
as servers. For more
information, see https://www.ntppool.org/en/