Hello Team - I wish to deploy an ISR4321 router to sit in my main DC between my NTP source sat upstream in my Management network and devices connected downstream in my network which do not have direct connection to my management network.
In this example, could I ...
a) configure the ISR4321 to be an NTP client of the upstream NTP server AND be the authoritative NTP source for downstream clients (using the 'router#ntp master' command)?
b) configure the ISR4321 as an NTP client of the upstream NTP server then configure the downstream devices as NTP clients of the ISR4321?
Another question is - What is the maximum number of supported Clients that can be supported by an ISR4321 running as an NTP Server?
Both NTP scenarios described would work.
ntp master allows your router to use it's internal clock as a reference time source if no higher stratum sources are available. You do need to be careful with this as if your set a higher stratum number (e.g. ntp master 2) and your configured NTP server is a lower stratum your routers internal clock will take precedence and can cause significant drift.
I normally would configure mutiple upstream ntp servers on the ISR and not use the ntp master command in a single site/type of scenario.
In a larger scenario, I have used multiple ISRs as ntp peers with each other and GPS (Stratum 0) as the reference source for them. In the event of a GPS failure, the peering kept the time for drifting as much until our GPS came back.
To service clients the ISRs had a loopback interface with a dedicated /32 which we anycasted throughout our network, so in the event of a device or link failure, clients would be automatically rerouted to the next closest ISR acting as an NTP server. This may be appropriate for your scenario, particularly if you have multiple DCs which need to be in sync.
I've never really seen any stats on amount of clients supported on current hardware, but like any feature you turn on, it is best to monitor the impact on resources for your environment (https://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html), but in practice I found it can scale to 5K+ clients without seeing any significant CPU load on our routers, time drift or synchronization issues on the client side.