Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure NTP service on PSM server and BTI7800 / BTI7000 series devices

0

0

Article ID: KB35601 KB Last Updated: 26 Mar 2020Version: 1.0
Summary:

This article explains how to configure NTP (Network Time Protocol) service on PSM (ProNX Service Manager) server, which helps to improve the robustness of Time Synchronization for Network Elements. Proper Time Synchronization among Network Elements and PSM server allows for more effective troubleshooting and log analysis when need arises.

Symptoms:
  1. Frequent occurrence of "NTP server not responding" alarms from network elements caused by communications issues and NTP server stability.
  2. Management network isolated from other networks / Internet which made NTP servers not reachable and Time Synchronization impossible.
Solution:

The solution to the issues is to configure NTP service on PSM server. Thus, the PSM server become NTP Client for higher-stratum NTP server and become NTP server for NTP clients of BTI7800 / BTI7000 network elements.

[higher-stratum NTP server]--->[NTP client : PSM with NTP service running : NTP server]--->[NTP Client : BTI7800 / BTI7000 network element]

The solution will allow it to:
  • Relay NTP protocol exchange between higher-stratum NTP server and network elements.
  • Enable PSM server to provide local clock as a lower-stratum NTP time source when higher-stratum NTP servers are not available.

The proNX Service Manager Installation and Administration Guide recommends PSM server applications to be installed on a server running minimal install CentOS 7 or RHEL 7.
The NTP service installed with minimal OSes install is ntpd, and ntpd will be used in this article. 

Follow the instructions below to setup ntpd on PSM server.
  1. Permit access from the IP (sub)network the network elements reside by adding the line below into /etc/ntp.conf configuration file.

    restrict 172.27.0.0 mask 255.255.0.0 nomodify notrap
  2. Add the preferred NTP servers you would otherwise configure on the network elements to /etc/ntp.conf configuration file (both IP address and URL are allowed).

    server 172.27.93.93 iburst
    server example.pool.ntp.org iburst
  3. Enable ntpd to provide PSM server local clock as a stratum 10 server by adding the following into /etc/ntp.conf configuration file

    server  127.127.1.0
    fudge   127.127.1.0 stratum 10
  4. Configure firewall (if any) to allow access to UDP port 123 on the PSM server. The firewall service by default is not running on PSM server. Example is not provided here. Do this step if firewall service is enabled by server system administrator.

  5. Sample content of basic /etc/ntp.conf. Check OS documentation for more advanced configuration options.

    # --- GENERAL CONFIGURATION ---
    # Prohibit general access to this service.
    restrict default ignore
    # Permit access to NTP for Network Elements by its IP range
    restrict 172.27.0.0 mask 255.255.0.0 nomodify notrap
    #Preferred higher-stratum NTP servers for PSM to become NTP client with
    server 172.27.93.93 iburst
    server example.pool.ntp.org iburst
    #Enable PSM server to provide local clock as a lower-stratum NTP time source
    server  127.127.1.0
    fudge   127.127.1.0 stratum 10
  6. Restart ntpd service once /etc/ntp.conf configuration file have been edited according to your needs.

    [root@LAB-PSM ~]# systemctl restart ntpd
    [root@LAB-PSM ~]# systemctl status ntpd
    ● ntpd.service - Network Time Service
       Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
       Active: active (running) since Fri 2020-03-20 15:17:45 CST; 6s ago
      Process: 18928 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
     Main PID: 18929 (ntpd)
       CGroup: /system.slice/ntpd.service
               └─18929 /usr/sbin/ntpd -u ntp:ntp -g

    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listen and drop on 1 v6wildcard :: UDP 123
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listen normally on 2 lo 127.0.0.1 UDP 123
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listen normally on 3 em1 172.27.93.22 UDP 123
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listen normally on 4 lo ::1 UDP 123
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listen normally on 5 em1 fe80::92b1:1cff:fe20:86fb UDP 123
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: Listening on routing socket on fd #22 for interface updates
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: 0.0.0.0 c016 06 restart
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: 0.0.0.0 c012 02 freq_set kernel 0.000 PPM
    Mar 20 15:17:45 LAB-PSM.juniper.net ntpd[18929]: 0.0.0.0 c011 01 freq_not_set
    Mar 20 15:17:51 LAB-PSM.juniper.net ntpd[18929]: 0.0.0.0 c514 04 freq_mode

Follow the instructions below to setup / check NTP on BTI7800 / BTI700 Elements.
  1. Configure PSM server IP address as NTP server address on BTI7800 / BTI7000 network elements

    BTI7800

    bti7800# configure
    Entering configuration mode terminal
    bti7800(config)# system
    bti7800(config-system)# ntp server 172.27.93.22
    bti7800(config-system)# commit

    BTI7000

    BTI7000> enable
    BTI7000# configure terminal
    BTI7000(config)# ntp
    BTI7000(config ntp)# ip 172.27.93.22
  2. With the above configuration in place, the network elements will synchronize time with higher-stratum NTP servers when they are available (through PSM server).

    BTI7800

    bti7800# show system ntpstat
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
     time.cloudflare   101.35.8.220    3 u  18h   64  0    10.508    0.427   0.05

    BTI7000

    BTI7000> show ntp
    Polling Period                 : 01:00 (HH:MM)
    Sync State                     : Y
    Stratum                        : 3
    Reference IP Address           : 101.35.8.220
    NTP associations (IP address) in random order
    ---------------------------------------------
    172.27.93.22
  3. The network elements synchronize time with PSM server NTP service when higher-stratum NTP servers are not available.

    BTI7800

    bti7800# show system ntpstat
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
     172.27.93.22    LOCAL(0)        11 u   39   64  377    0.290    0.537   0.075

    BTI7000

    BTI7000> show ntp
    Polling Period                 : 00:01 (HH:MM)
    Sync State                     : Y
    Stratum                        : 11
    Reference IP Address           : 172.27.93.22
    NTP associations (IP address) in random order
    ---------------------------------------------
    172.27.93.22

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search