NTP issues - Page 2

Cory Dryden · ‎12-11-2011

Hi guys,

I started a discussion last week about my two routers that are not synching time with a server on the internet. They both go through a firewall but are open for ntp.

After a day of screwing around last week they magically resynched and I thought all was well, however I have come back in this morning and they are down again.

I restarted ntp by removing the ntp server statements and readding. I saw on the firewall a UDP connection closing after 66hrs. But when I restart by typing statements in again, no synching occurs even though firewall states it builds an outbound connection.

It sounds like it might not be closing the connection, so possibly timed out???

I have used NTP query tool to confirm the server status and it comes back as a good connection.

Any ideas?

Cory Dryden · ‎12-13-2011

Thanks for staying with me guys. The 235 address is our FW int.

Sending 5, 100-byte ICMP Echos to 172.16.101.235, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

All good there. Nothing has changed in the topology of the network for some months (I have been here for three and have not messed around too much).

No rebooting of routers at all. Topology goes, router > layer 3 core switch (HP Procurve, IP routing enabled) > FW > Internet.

MONHUB1#sh run | i clock

clock timezone QLD 10

ntp clock-period 17180056

Turned on the ntp validity and nothing stands out. This router recieves requests from the whole network for ntp and I can see packets coming in for that but none going out for the 203 address unless I take out and readd the ntp server statements.

I did try putting ntp pointing to internet on another router with no success either. Could the firewall be doing something to it even though the rules state allo ntp etc?

Cory Dryden · ‎12-13-2011

Oh and yes I am in Brisbane! Melb is pretty nice, been there a fair bit lived there for a while too. Im coming down to Cisco Live in March, should be great! Unless I loose my job coz I can't get this working haha

Cory Dryden · ‎12-13-2011

Little bit more info

On switch route to ntp server

5400_COMS_SW1# sh ip route 203.161.12.165

IP Route Entries to 203.161.12.165

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 172.16.101.235 2 static 1 1

Also I am not getting the same results from the firewall logs today. The router is sending ntp xmits to the 203 and 194 address, however the firewall is not telling me about any formed UDP connections etc. But when I ping from router is is sending them towards FW and I see a log entry.

Deny icmp src BSA:172.16.101.252 dst TID:203.161.12.165 (type 8, code 0) by access-group "BSA_access_in" [0x0, 0x0]

Leo Laohoo · ‎12-13-2011

ACT here.

Try synchronizing your NTP with "ntp.bri.connect.com.au".

Cory Dryden · ‎12-13-2011

Wow! Synched straight away with ntp.bri.connect.com.au! Now I am really peeved!! Hope it stays synced.

Thanks to all who have replied and given ideas. Much appreciated. Sounds like there are a few aussies on here which is good to see too.

Leo Laohoo · ‎12-13-2011

Wow! Synched straight away with ntp.bri.connect.com.au! Now I am really peeved!! Hope it stays synced.

OK. So it works but why not the others.

I have a Cisco ADSL router at home but I configured multiple NTP hosts to synchronize with in AU. I've noticed (at home) that at least one of these address would go down and they all take turn. SO I am suspecting that you just ran into "bad luck" and your "favorite" host decides to have a downtime.

Here's a list I used, I just use as many Australian-based NTP pool as I can. Doesn't hurt.

Stratum Two Time Servers