cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2362
Views
0
Helpful
2
Replies

NTP configuration

bberry
Level 1
Level 1

I am attempting to simplify our existing NTP configuration across our network. We currently have different devices pointing to different servers for NTP synchronization. Some local devices point to a local source and some local devices point to a remote source with no rhyme or reason.

I am looking at creating a more tiered approach with the local routers being the source for all local devices and the local routers using the core routers as the source. I can then create one or two holes into the firewall for pulling an internet source for the core routers.

Below is the sample NTP config I am planning for my core routers. My question is do I need the NTP MASTER command in all the remote routers? As a secondary question, is it better to sync the core routers with my external internet router o simply allow them to directly update?

ntp broadcastdelay 119

ntp clock-period 17179674

ntp source Loopback0

ntp master 1

ntp server x.x.x.x prefer

ntp server x.x.x.x

Phase 2 is going to be to add authentication once I get basic NTP up and running.

Brent

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

The answer to your first question is NO you do not need (or want) NTP MASTER on any remote router. And if the core router will get time from an Internet source then you do not want NTP MASTER on any core router either. The NTP MASTER command will make that router an authoritative NTP source using its own understanding of what time it is.

Also it would be better not to have ntp clock-period 17179674 as part of the config that you paste in. The clock-period should be calculated by the router as it learns time and should not be directly configured.

I am not clear what you are asking in your secondary question. If you can access a time source from the Internet that is a good thing and you probably should do that. If you have difficulty in learning time from an Internet source then having the core router(s) advertise their own time is an alternative that will work ok.

One way of analyzing the situation is that it is more important that your network devices have a consistent view of time than it is that the time setting be exactly accurate.

HTH

Rick

HTH

Rick

Thanks for the information. I was not 100% clear on how the master command worked in regards to local switchs pulling time from their local router. I was wondering if this was more of a client/server type command as opposed to an authoritave source.

I will go ahead and pull the clock-period as well.

The second question is in regards to what is best practice. I do have an external router that currently pulls time from several different internet sources. I was wondering if it was better to have this router provide the time source or better to have the core routers bypass this and pull directly from internet sources. To minimize my single points of failure, I will probably go ahead and pull from the internet. I will also drop the master command as part of this change.

Thnaks ...

Brent