Synchronizing and Coordinating Time Distribution Using NTP
Using NTP to synchronize and coordinate time distribution in a large network involves these tasks:
Configuring NTP
To configure NTP on the switch, include the
ntp
statement at the[edit system]
hierarchy level:[edit system] ntp { authentication-key number type type value password; boot-server (address | hostname); broadcast <address> <key key-number> <version value> <ttl value>; broadcast-client; multicast-client <address>; peer address <key key-number> <version value> <prefer>; server address <key key-number> <version value> <prefer>; source-address source-address; trusted-key [ key-numbers ]; }
Configuring the NTP Boot Server
When you boot the switch, it issues an ntpdate request, which polls a network server to determine the local date and time. You need to configure a server that the switch uses to determine the time when the switch boots. Otherwise, NTP will not be able to synchronize to a time server if the server’s time appears to be very far off of the local switch’s time.
-
To configure the NTP boot server, include the
boot-server
statement at the[edit system ntp]
hierarchy level:[edit system ntp] boot-server (address | hostname);
-
Junos OS Release 15.1 onwards, to configure the NTP boot server, include the
set ntp server
statement at the[edit system ntp]
hierarchy level:[edit system ntp] set ntp server (address | hostname);
Specify either the IP address or the hostname of the network server.
Specifying a Source Address for an NTP Server
For IP version 4 (IPv4), you can specify that if
the NTP server configured at the [edit system ntp]
hierarchy level is contacted on one of the loopback interface addresses,
the reply always uses a specific source address. This is useful for
controlling which source address NTP uses to access your network when
it is either responding to or sending an NTP client request from your
network.
When configuring the NTP service in the management VRF
(mgmt_junos
), you must configure at least one IP address on
a physical or logical interface within the default routing instance and ensure
that this interface is up in order for the NTP service to work with the
mgmt_junos VRF.
To configure the specific source address that the
reply will always use, and the source address that requests initiated
by NTP server will use, include the source-address
statement
at the [edit system ntp]
hierarchy level:
[edit system ntp]
source-address source-address;
source-address is a valid IP address configured on one of the switch interfaces.
If a firewall filter is applied on the loopback interface,
ensure that the source address specified for the NTP server at the [edit system ntp]
hierarchy level is explicitly included as
one of the match criteria in the firewall filter. This enables the
Junos OS to accept traffic on the loopback interface from the specified
source address.
The following example shows a firewall filter with the source
address 10.0.10.100 specified in the from
statement
included at the [edit firewall filter firewall-filter-name]
hierarchy:
[edit firewall filter Loopback-Interface-Firewall-Filter] term Allow-NTP { from { source-address { 192.168.27.46/16; // IP address of the NTP server 10.0.10.100/10; // Source address specified for the NTP server } then accept; } }
If no source address is configured for the NTP server, include the primary address of the loopback interface in the firewall filter.