Synchronizing and Coordinating Time Distribution Using NTP
Using NTP to synchronize and coordinate time distribution in a large network involves these tasks:
To configure NTP on the router or switch, include the ntp statement at the [edit system] hierarchy level:
Configuring the NTP Boot Server
When you boot the router or switch, it issues an ntpdate request, which polls a network server to determine the local date and time. You need to configure a server that the router or switch uses to determine the time when the router or switch boots. If you configure an NTP boot server, then when the router or switch boots, it immediately synchronizes with the boot server even if the NTP process is explicitly disabled or if the time difference between the client and the boot server exceeds the threshold value of 1000 seconds.
To configure the NTP boot server, include the boot-server statement at the [edit system ntp] hierarchy level:
Specify the address of the network server. You must specify an IP address or a hostname.
Specifying a Source Address for an NTP Server
For IP version 4 (IPv4), you can specify that if the NTP server configured at the [edit system ntp] hierarchy level is contacted on one of the loopback interface addresses, the reply always uses a specific source address. This is useful for controlling which source address NTP will use to access your network when it is either responding to an NTP client request from your network or when it itself is sending NTP requests to your network.
The configuration of the source IP address in a routing instance by using the source-address statement at the [edit system ntp source-address source-address] hierarchy level is supported only for an NTP server. It is not supported for an NTP client
To configure the specific source address that the reply will always use, and the source address that requests initiated by NTP server will use, include the source-address statement at the [edit system ntp] hierarchy level:
source-address is a valid IP address configured on one of the router or switch interfaces.
Starting in Junos OS 13.3, you can also configure the source address using the routing-instance statement at the [edit system ntp source-address source-address] hierarchy level:
For example, the following statement is configured:
As a result, while sending NTP message through any interface in the ntp-source-test routing instance, the source address 126.96.36.199 is used.
The routing-instance statement is optional and if not configured, the primary address of the interface will be used.
If a firewall filter is applied on the loopback interface, ensure that the source-address specified for the NTP server at the [edit system ntp] hierarchy level is explicitly included as one of the match criteria in the firewall filter. This enables the Junos OS to accept traffic on the loopback interface from the specified source address.
The following example shows a firewall filter with the source address 10.0.10.100 specified in the from statement included at the [edit firewall filter firewall-filter-name] hierarchy:
If no source-address is configured for the NTP server, include the primary address of the loopback interface in the firewall filter.