Re: Nexus 9K NTP no sync

kamlenegi · ‎10-27-2017

Hello All,

can anyone tell me why we are not able to sync NTP from Nexus 9504, 93180, 92160, two command we configured:

#ntp server 10.x.x.x prefer
#ntp source-interface Vlan (mgmt)

We are able to sync from WAN router but not any of the Nexus switches. We are able to do sync from Cisco 6509 also.

9k# sh ntp status

Distribution : Disabled
Last operational state: No session

9k# sh ntp session status
Last Action Time Stamp     : None
Last Action                : None
Last Action Result         : None
Last Action Failure Reason : none

Thanks

kamlesh

Flavio Miranda · ‎10-27-2017

Hi,

There´s a long discussion here around this. Maybe can help you:

https://supportforums.cisco.com/t5/network-management/nexus-5000-as-ntp-client/td-p/1527524

-If I helped you somehow, please, rate it as useful.-

kamlenegi · ‎10-30-2017

Hello Flavio,

We are not using management vrf interface as source for NTP. We are using vlan 72 and able communicate NTP server.

Thanks

Kamlesh

paul driver · ‎10-30-2017

Hello

Looks like NTP isnt enabled, Also make sure you can you ping the ntp server and to add any authentication if this is enabled

conf t
ntp enable
end
sh ntp status
sh ntp peers

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kamlenegi · ‎10-30-2017

Hello Paul,

There is no "ntp enable" command in 9504. " ntp allow control" I have enabled.

this is the output:

clock protocol ntp vdc 1
ntp server 10.x.x.x prefer
ntp source-interface Vlan72
ntp logging
ntp allow control rate-limit 3

I am able to ping NTP server also:

Thanks

Kamlesh

kamlenegi · ‎10-30-2017

Hi,

Getting below messages while debug ntp:

SWITCH-01# ntp sync-retry
SWITCH-01# 2017 Oct 30 14:49:39.213153 ntp: ntp_process_mts_msg: Opcode received: MTS_OPC_NTP_RETRY_REQ
2017 Oct 30 14:49:39.213185 ntp: Successfully sent SIGKILL to ntpd
2017 Oct 30 14:49:39.213221 ntp: Sending cmi response with return_code = 0x0
2017 Oct 30 14:49:39.213240 ntp: setting global CMI msg req to NULL
2017 Oct 30 14:49:39.217302 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 8594
2017 Oct 30 14:49:39.217325 ntp: ntp_sigchld_wait_and_fetch_status: Got a SIGCHLD from pid : 8594
2017 Oct 30 14:49:39.217337 ntp: ntp_sigchld_wait_and_fetch_status: NTPD PID is 8594
2017 Oct 30 14:49:39.217348 ntp: ntp_sigchld_wait_and_fetch_status: Child exited due a signal, status 9
2017 Oct 30 14:49:39.217359 ntp: ntp_sigchld_wait_and_fetch_status: Child exited with status 0
2017 Oct 30 14:49:39.218297 ntp: NTPD pid is not valid
2017 Oct 30 14:49:39.219216 ntp: ntp_spawn_ntpd: Parent gets the pid of child: 8599
2017 Oct 30 14:49:39.219255 ntp: ntp_openhost: Binding to /tmp/ntp_client_1
2017 Oct 30 14:49:39.219297 ntp: ntp_openhost: Opening a client unix socket successful
2017 Oct 30 14:49:39.219547 ntp: ntp_spawn_ntpd: Parent gets the pid of child: 0
2017 Oct 30 14:49:39.229380 ntp: ntp_dohello: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.229419 ntp: sendpkt: sendto() failed, errno = 111
2017 Oct 30 14:49:39.229434 ntp: ntp_dohello: Error while sending the request to NTPd, ret_val = -1
2017 Oct 30 14:49:39.239517 ntp: ntp_dohello: sendrequest, num attempts = 29
2017 Oct 30 14:49:39.239552 ntp: sendpkt: sendto() failed, errno = 111
2017 Oct 30 14:49:39.239566 ntp: ntp_dohello: Error while sending the request to NTPd, ret_val = -1
2017 Oct 30 14:49:39.249641 ntp: ntp_dohello: sendrequest, num attempts = 28
2017 Oct 30 14:49:39.249673 ntp: sendpkt: sendto() failed, errno = 111
2017 Oct 30 14:49:39.249687 ntp: ntp_dohello: Error while sending the request to NTPd, ret_val = -1
2017 Oct 30 14:49:39.259763 ntp: ntp_dohello: sendrequest, num attempts = 27
2017 Oct 30 14:49:39.259794 ntp: sendpkt: sendto() failed, errno = 111
2017 Oct 30 14:49:39.259808 ntp: ntp_dohello: Error while sending the request to NTPd, ret_val = -1
2017 Oct 30 14:49:39.269882 ntp: ntp_dohello: sendrequest, num attempts = 26
2017 Oct 30 14:49:39.269913 ntp: sendpkt: sendto() failed, errno = 111
2017 Oct 30 14:49:39.269926 ntp: ntp_dohello: Error while sending the request to NTPd, ret_val = -1
2017 Oct 30 14:49:39.280008 ntp: ntp_dohello: sendrequest, num attempts = 25
2017 Oct 30 14:49:39.280046 ntp: Hello sanity check passed
2017 Oct 30 14:49:39.280059 ntp: ntp_create_un_socket: Connection with ntpd successful
2017 Oct 30 14:49:39.280198 ntp: getnetnum: Obtaining ip for host localhost
2017 Oct 30 14:49:39.280309 ntp: getnetnum: start_up_seq = 0
2017 Oct 30 14:49:39.280480 ntp: ntp_doquery: Pending data present. Receiving them
2017 Oct 30 14:49:39.290570 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.290664 ntp: getnetnum: Obtaining ip for host localhost
2017 Oct 30 14:49:39.290759 ntp: getnetnum: start_up_seq = 0
2017 Oct 30 14:49:39.300849 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.310975 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.311202 ntp: ntp_config_source_for_sync_retry: Reconfiguring Source IP for ntp sync-retry
2017 Oct 30 14:49:39.321291 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.321394 ntp: ntp_config_source_intf_for_sync_retry: Reconfiguring Source interface for ntp sync-retry
2017 Oct 30 14:49:39.321453 ntp: im_get_extension_index(242): Reading iod 0x109, from ext <267,0> (volatile:/dev/shm/im_sdb_exte                                        nsion_267_0)
2017 Oct 30 14:49:39.321474 ntp: im_get_extension_index(258): sdb_read successful - returned pss_datum 0x112017cc
2017 Oct 30 14:49:39.321485 ntp: im_get_extension_index(265): sdb_read succesful - returned pss_datum, size4, ptr 0x11208ca4 (va                                        l 0x7c87956a)
2017 Oct 30 14:49:39.331590 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.341749 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.341863 ntp: ntp_pss_save_source_interface: 24 bytes sent for CFG_TYPE_NTP_SRC_INTF sync
2017 Oct 30 14:49:39.351960 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.352051 ntp: ntp_process_allow_private: Allow NTP private mode packets = 0
2017 Oct 30 14:49:39.362133 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.362222 ntp: ntp_process_allow_ctrl: Allow NTP control mode packets = 0, delay:3
2017 Oct 30 14:49:39.362239 ntp: ntp_send_passive_to_ntpd: Sending NTP passive = 0 to ntpd 54
2017 Oct 30 14:49:39.372320 ntp: ntp_doquery: sendrequest, num attempts = 30
2017 Oct 30 14:49:39.372427 ntp: Authentication 0 ; passive 0 ntp_send_passive_to_ntpd
2017 Oct 30 14:49:39.372467 ntp: get_control_msg: Got a valid ntp control pkt
2017 Oct 30 14:49:39.372490 ntp: ntp_handle_ip_msg: ntp_db.ntp_logging enabled, event type = 129
2017 Oct 30 14:49:39.372502 ntp: ntp_handle_ip_msg: unspecified event
2017 Oct 30 14:49:40.318286 ntp: get_control_msg: Got a valid ntp control pkt
2017 Oct 30 14:49:40.318310 ntp: ntp_handle_ip_msg: ntp_db.ntp_logging enabled, event type = 135
2017 Oct 30 14:49:40.318329 ntp: ntp_handle_ip_msg: Event type: NTP_EVENT_REACH Peer ntp_handle_ip_msg: Event type: NTP_EVENT_RE                                        ACH Peer ntp_handle_ip_msg: Event type: NTP_EVENT_REACH Peer ntp_handle_ is reachable is reachable

Thanks

Kamlesh

paul driver · ‎10-30-2017

Hello

Can you ping it sourced from vlan 72?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kamlenegi · ‎10-30-2017

Hi Paul,

It is pinging from vlan 72 as source.

Thanks

Kamlesh

kamlenegi · ‎10-30-2017

Hi Paul,

We are also able to sync NTP from Cisco 6509 which connected to Nexus 9504 as L2 and WAN router 4431 ASR 1001. and there are TOR switch Nexus 93180 which are also not able to sync.

Thanks

Kamlesh

Vinit Jain · ‎10-30-2017

Also, in your configuration, could you please make the below changes:

ntp server 10.x.x.x prefer use-vrf default

For the time being, also remove the ntp allow control rate-limit command.

Also, please make sure there is no key associated with NTP.

Thanks
--Vinit

kamlenegi · ‎10-30-2017

Hello Vinit,

I have done changes,

ntp server 10.x.x.x. use-vrf default
ntp source-interface Vlan72

Software
BIOS: version 08.32
NXOS: version 7.0(3)I4(7)
BIOS compile time: 10/18/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.7.bin
NXOS compile time: 6/28/2017 14:00:00 [06/29/2017 03:23:29]

Thanks

Kamlesh

Vinit Jain · ‎10-30-2017

Has the clock sync'ed after the changes?

If no, could you please collect "show tech ntp" and attach it as a file to the reply along with latest ntp debug.

Please collect the logs in a file and then attach it.

Thanks
--Vinit

kamlenegi · ‎10-30-2017

Hello Vinit,

Still not sync:

NEXUS# sh ntp status
Distribution : Disabled
Last operational state: No session
NEXUS#
NEXUS# sh ntp session status
Last Action Time Stamp     : None
Last Action                : None
Last Action Result         : None
Last Action Failure Reason : none
NEXUS#
NEXUS#
NEXUS# sh run | in ntp
ntp server 10.x.x.x use-vrf default
ntp source-interface Vlan72

from Cisco 6509: which is connected to Nexus

6509#sh ntp associations

address ref clock st when poll reach delay offset disp
*~10.x.x.x 210.173.160.57 3 7 1024 377 47.3 -0.28 0.5
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
6509#sh nt
6509#sh ntp st
6509#sh ntp status
Clock is synchronized, stratum 4, reference is 10.2.202.58
nominal freq is 250.0000 Hz, actual freq is 249.9973 Hz, precision is 2**18
reference time is DDA280C6.41495422 (10:25:34.255 IST Tue Oct 31 2017)
clock offset is -0.2795 msec, root delay is 227.48 msec
root dispersion is 88.41 msec, peer dispersion is 0.52 msec

kamlenegi · ‎11-05-2017

Hi,

If I am seeing peer status & statistics then showing NTP sync but in status showing None.

NEXUS# sh ntp status
Distribution : Disabled
Last operational state: No session
NEXUS#
NEXUS# sh ntp session status
Last Action Time Stamp     : None
Last Action                : None
Last Action Result         : None
Last Action Failure Reason : none

NEXUS# sh ntp peer-status
Total peers : 1
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
    remote               local                 st   poll   reach delay   vrf
-------------------------------------------------------------------------------
*10.x.x.x.            10.y.y.7             3   64     377   0.04837 default

NEXUS# show ntp statistics peer ipaddr 10.x.x.x.
remote host:          10.x.x.x.
local interface:      10.y.y.y.
time last received:   22s
time until next send: 40s
reachability change: 327239s
packets sent:         19390
packets received:     19284
bad authentication:   0
bogus origin:         0
duplicate:            0
bad dispersion:       0
bad reference time:   0
candidate order:      6
NEXUS#

Is this Ok.

Thanks

Kamlesh

Vinit Jain · ‎11-05-2017

The show ntp status command displays only the distribution status which is relevant with CFS. You actually need to rely on show ntp peer-status or show ntp statistics command.

Here is a sample from my lab:

Leaf1# sh ntp status
Distribution : Disabled
Last operational state: No session
Leaf1# sh ntp pee
peer-status peers
Leaf1# sh ntp peer-status
Total peers : 1
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
remote local st poll reach delay vrf
-----------------------------------------------------------------------------------------------------------------------
=171.68.x.x 0.0.0.0 16 64 0 0.00000 default
Leaf1#

Thanks
--Vinit