Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1459
Views
10
Helpful
2
Replies

interpreting the show ntp assocations reach field

Waterbird
Level 1
Level 1

‎05-22-2021 05:44 AM

I have a router that is configured to get it's time from a public NTP server on the internet.   I can ping the domain name of that server as well, so connectivity does not seem to be an issue.  However, time is not synced according to show clock, and show calendar gives the incorrect time as well.

 

The output of show ntp associations:

- configured for the remote server IP, but  not synced

- the ref clock field says .INIT.

- reach is 0.

 

After reading some Cisco documentaiton, I believe a reach of 0 might indicate a problem with the syncing is occuring, and it maybe stuck in init state.  Obviously I can wait 10-15 minutes to find out if it's working, but that's inefficient, and I want to know now if it is working or not.

 

I read this document that says the reach field is the key to understanding if the process is working or not, but doesn't explain much about it.

 

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-110/15171-ntpassoc.html

 

Can anyone explain a bit more about reach of 0?  Should it be 377 if it is working? How do I interpret 0?  Does that mean it's definitely not syncing and never will?

 

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-22-2021 09:12 AM

Hello @Waterbird ,

first of all your device may be allowed to ping the NTP server using ICMP protocol and at the sametime the NTP packets using UDP 123 can be blocked by a firewall and this looks like your case.

 

>> Can anyone explain a bit more about reach of 0? Should it be 377 if it is working? How do I interpret 0? Does that mean it's definitely not syncing and never will?

 

Using the link you have provided we find the following explanation of the meaning of the reach field:

 

The reach field is a circular bit buffer. It gives you the status of the last eight NTP messages (eight bits in octal is 377, so you want to see a reach field value of 377). If an NTP response packet is lost, the missing packet is tracked over the next eight NTP update intervals in the reach field. The table below provides explanations for possible reach field values using the loss of an NTP response packet as an example.

 

A value of reach 0 means tha the last 8 NTP messages have not been received and this is a sign of issues in the path with the NTP server for NTP packets.

 

You need to check with your colleagues managing the firewalls or the WAN edge routers in order to allow incoming NPT packets from that specific source to your device.

You may also find that there is an alternative NTP server avalable in your network.

 

Hope to help

Giuseppe

 

Richard Burts
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎05-22-2021 01:06 PM

The explanation by @Giuseppe Larosa is good. The original poster indicates that they want a quick way to know whether the ntp is working. I would point to this in his post "the ref clock field says .INIT." If the ref clock says INIT you can immediately know that your attempt to use this ntp source is not working.

 

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card