cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3200
Views
10
Helpful
15
Replies

NTP peering and and client...at the same time?

R_Acuti
Level 1
Level 1

I've a customer who wants to peer some of our network devices so that in case of a loss of our authoritative NTP sources, they will remain synchronized with each other. These devices also act as NTP servers to every device downstream from them.

 

In essence, these peers will occupy all three states- server, client and peer. 

Is this possible? Does it even make sense to do so?

 

The Cisco NTP Best Practices white paper calls out 3 architectures- flat peer, hierarchy and star. It seems like my customer is asking for a merging of the first two.

1 Accepted Solution

Accepted Solutions

Thanks for the additional information. The fact that this is a closed environment and has its own authoritative ntp server, so will not use the Internet is good to know. But it does not chage the important parts of my response. An IOS device will not serve ntp time to a client unless the IOS device has learned ntp time from an authoritative source or that device is configured as ntp master. So if your customer has IOS routers (or switches) configured with ntp server pointing to the authoritative ntp source and has ntp peer configured pointing to the other IOS routers but none of them have ntp master configured, then if all of the IOS routers lose their ntp sync with the authoritative source then they will all stop serving ntp time to clients. As long as at least one router still has ntp sync with the authoritative ntp source or one router has ntp master configured then all routers can serve ntp time to clients. But if none of the routers have ntp sync with the authoritative source and none have ntp master then all will stop serving ntp time to clients.

 

HTH

 

Rick

HTH

Rick

View solution in original post

15 Replies 15

Jon Marshall
Hall of Fame
Hall of Fame

I may be misreading the document you mention but isn't the first example exactly what your customer wants ie.  A0-R1, R2 and R3 are getting time off internet servers, peering with each other and acting as NTP servers for A1-R1, R2 and R3. 

 

Jon

I guess the diagram does imply that. I'm trying to set up a lab to try it out.

Should work fine as far as I can see but be interested to hear if you have any problems etc. 

 

Jon

The original post asks this question "these peers will occupy all three states- server, client and peer. 

Is this possible?"

Clearly the answer is that yes it is possible for a device to function in all 3 states.

 

I would add a comment that having the devices peer with each other is certainly possible. If one device loses its ntp sync with the authoritative Internet time source then this device would continue to learn ntp time from its peers and continue to offer time to clients who request time from this device. But this only works as long as at least one of the devices is learning time from the authoritative Internet time source. To really provide the service when all time servers have lost their ntp sync with the authoritative Internet time source, then at least one of the devices must be configure with ntp master (at a strata lower than the authoritattive server).

 

HTH

 

Rick

HTH

Rick

@Richard BurtsRick,

 

Yes, this helps and I mocked it up in our lab this morning and took it for a test drive.

 

You state: "To really provide the service when all time servers have lost their ntp sync with the authoritative Internet time source, then at least one of the devices must be configure with ntp master (at a strata lower than the authoritattive server)."

 

What my customer expects, is that the "peered" sites will drift together, if they lose contact with the NTP master device.

 

A little background: This is a (relatively) small, closed environment. We will have an authoritative time source, but we won't be using the internet. Our needs for precise timekeeping are modest. The theory goes, that if we lose our authoritative source for a period of time, it's not a big deal as long as the core devices are peered and drift together, as they serve the rest of the clients downstream.

 

 

Thanks for the additional information. The fact that this is a closed environment and has its own authoritative ntp server, so will not use the Internet is good to know. But it does not chage the important parts of my response. An IOS device will not serve ntp time to a client unless the IOS device has learned ntp time from an authoritative source or that device is configured as ntp master. So if your customer has IOS routers (or switches) configured with ntp server pointing to the authoritative ntp source and has ntp peer configured pointing to the other IOS routers but none of them have ntp master configured, then if all of the IOS routers lose their ntp sync with the authoritative source then they will all stop serving ntp time to clients. As long as at least one router still has ntp sync with the authoritative ntp source or one router has ntp master configured then all routers can serve ntp time to clients. But if none of the routers have ntp sync with the authoritative source and none have ntp master then all will stop serving ntp time to clients.

 

HTH

 

Rick

HTH

Rick

This. Exactly this. 

 

My customer is under the impression that the peer group, with no connection to the authoritative source, and no NTP master connected, will contintue to serve time to downstream clients.

 

Major thanks for the assist.


Rich A.

You are quite welcome. Based on your customer not having a requirement for high accuracy, their impression that the routers should continue to serve time to clients even when it has no ntp sync to an authoritative server and no ntp master is logical and might be true in some other time protocols. But ntp was designed to maintain a high degree of accuracy and faced with loss of ntp sync to the authoritative source and no ntp master then the IOS device in ntp will stop serving ntp time. Configuring at least one router with ntp master is quite simple and would make things work as they expect. I assume that the results when you set this up in the lab agree with my description.

 

HTH

 

Rick

HTH

Rick

Hello Richard ,

 

Just keen to understand what is expected behaviors  in below scenario :

 

Incase we loose  ntp sync to all the authoritative source and one of the IOS/NX-OS core device is configured as NTP Master . Does all NTP Peers should sync to NTP Master ONLY ? I am testing this in lab but peers not really getting sync to NTP Master . Although they are in sync and maintaining correct time . Is that the expected behavior ?

 

Rgds

Baljeet

Baljeet

 

I am not sure that I am fully understanding your question. But I believe that the key element is this statement:

Does all NTP Peers should sync to NTP Master ONLY

No it is not necessary that each individual ntp peer should peer directly to the device configured as Master. It is sufficient that a device has learned ntp time from an authoritative source. So let me describe a sample scenario.

Let us assume:

- that there is some Authoritative Source for ntp, AS, which would be at ntp stratum 1.

- that there are 2 core core1 and core2. Both core are configured to learn ntp time from AS and that core1 is configured as ntp master stratum 5, and that core1 and core2 are configured as ntp peers.

- that something happens and both cores lose sync with AS. 

- core2 will establish sync with core1

- that there are devices d1, d2, d3 which connect to core1 and d4, d5, d6 which connect to core2. all of the devices will continue to learn ntp time from their configured core device.

 

If this does not satisfy your question then please provide clarification about what you are asking.

 

HTH

 

Rick

HTH

Rick

Thanks for reply Richard .  I think you have answered my query with below statement  

"No it is not necessary that each individual ntp peer should peer directly to the device configured as Master. It is sufficient that a device has learned ntp time from an authoritative source."

 

But just to be sure below is our setup : 

- that there are 4 AS, which would be at ntp stratum 1.
- that there are 4 core Core1&Core2 (IOS devices Datacenter 1 ) and Core 3 & Core 4 (NX0S devices Datacenter 2). All 4 core devices are configured to learn ntp time from AS and that core1 is configured as ntp master stratum 2, and that core1,core2,core3 and core 4 are configured as ntp peers.
- that something happens and all cores lose sync with all 4 AS.
- should core2 , core 3 and core 4 establish sync with core1 ONLY (Because core 1 is configured as NTP Master 2) ? or it can be any combination

Below statement is clear (as d1,d3,d3,d4,d5,d6 are in client server relation to core devices . My confusion is around peer relation between 4 core switches one being configured as NTP Master stratum 2).

- that there are devices d1, d2, d3 which connect to core1 and d4, d5, d6 which connect to core2. all of the devices will continue to learn ntp time from their configured core device.

Rgds

Baljeet

Baljeet

 

It sounds like your network has been well set up for ntp. I am impressed that there are 4 AS. I would hope that each core was configured with more than one AS as ntp server to provide some redundancy.

 

There are several ways to look at the question of peering among the core devices if they have all lost sync with all of the AS. If core1 is ntp master at stratum 2 then the easy answer is that each of core2, core3, and core4 should establish sync with core1. But other scenarios are possible. For example it is possible that core2 will establish sync with core1. So now core2 is able to provide ntp time to other devices. So it is possible that core3 will establish sync with core2. Now core3 is able to provide ntp time to other devices. So it is possible that core4 will establish sync with core3. Probably the important thing to understand here is that in the Cisco implementation of ntp once a device has learned reliable ntp time (either from being configured as master at some stratum or from establishing sync with a device that has authoritative time) that device is now able to provide ntp time to other devices (could be in a peer to peer relationship or could be in a server to client relationship).

 

HTH

 

Rick

HTH

Rick

Thanks Rick . That was really helpful .

 

Regarding 4 NTP AS , we manage network for critical services and hence time is for utmost importance .

And yes , we have configure each core with all 4 NTP Servers (so yes lots of redundancy :-) ) .

 

 

Baljeet

 

Thanks for the update. Yes indeed each core configured with all 4 servers does provide LOTS of redundancy.

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card