Router as NTP server

snooter · ‎06-03-2008

So, about three months ago I set our 1751 router as the NTP server of our domain for both our AVVID phone system and our Microsoft Active Directory domain. Been working excellent up until last night. Our company's building had a power cycle and the router got rebooted. Not a huge issue, since it's actually been rebooted a couple of times since becoming the ntp server.

After it's reboot, the time somehow jumped ahead an hour according to all the devices that sync with it. Phone calls stopped working and Active Directory pretty much became useless.

I finally had to break all the devices off of syncing with the router and set them back to the way they were (phone servers sync with each other, active directory doesn't sync with anything externally). It took a few hours to get everything stable again, and I'm still working on parts this morning.

My concern is, why the heck the time jump ahead an hour on our Cisco Router?

Here's what I've had setup now for three months, we're in Central Standard Time:

ntp clock-period 17179971

ntp master

ntp server 69.26.112.120

and I set the "clock timezone CDT -6"

It's been like that for three months and everything was fine till last night when it went out of wack.

Anyone seen this before, or anything like it with using a router as an NTP server?

Richard Burts · ‎06-03-2008

Scott

I have not seen that symptom before and do not have any suggestions specific to it. But I do have an observation and a suggestion. You have configured your router to learn NTP time from an Internet time server at 96.26.112.120. But you have also configured your router as an NTP master (and by default it believes that it is a stratus 1 server) which pretty much prevents it from learning time from the external server. This makes the router dependent on its own clock. I suspect that the symptoms that you experienced are related to what the router clock was indicating. I suggest that you remove the ntp master from the router config and let the router learn time from the reliable source.

HTH

Rick

HTH

Rick

PAUL TRIVINO · ‎06-03-2008

Rick, just to complete the loop here: am I correct that an NTP sync'd IOS device will "automatically" serve as an NTP server, i.e., if he sync's it (the "master") to an outside source, the other devices in the network can point to it as an NTP server anyway?

Thanx.

Paul

snooter · ‎06-03-2008

That was my next question.. I thought I needed to have that ntp master command in order for it to serve as an ntp server, rather than just a client.

Apparently not. I just removed the ntp master command and I've got devices syncing with the router once again.

Still, what ever caused the clocks on everything inside our network to jump ahead an hour has got me nervous..

m_zabetian · ‎06-03-2008

try this command sh ntp associations

and check if NTP associat with server

Also you can add NIST Internet Time Service ip addresses for your NTP server.

ntp server 69.26.112.120 perfer

ntp server 129.6.15.28

nrp server 206.246.118.250

Also check you firewall to making sure port 123 is open.

Joseph W. Doherty · ‎06-03-2008

BTW: Don't know if supported on a 1751, but you might also try the config command "ntp update-calendar".

Richard Burts · ‎06-03-2008

Paul and Scott (and whoever)

Yes when an IOS device has learned NTP time from a source that it consider authoritative then it will automatically act as an NTP server to any device that sends it an NTP request (subject to limitiations that may be configured with ntp access-group).

The ntp master command should be used only in situations in which there is no real NTP server available.

HTH

Rick

HTH

Rick

guruprasadr · ‎06-03-2008

HI Rick,

I am confused about your POST.

So, if i have some 900 Spoke Locations and 2" HUB Location Router.

I would like to have my HUB Router to issue the NTP Associations to my Clients ie., to Spoke Routers.

In this case, by not configuring the "NTP Master" command at HUB Router will it work ?

In addition, by just configuring the HUB Router IP @ Address as the NTP Server at Client will it work ?

Nevertheless, my HUB Router is pointed to some Public NTP Server as similar to previous POST.

Thanks in Advance for HELP

Best Regards,

Guru Prasad R

Andreas Martensson · ‎06-04-2008

Or you could specify what stratum you would like to use for your ntp server;

!

ntp clock-period 17180053

ntp master 3

ntp update-calendar

ntp server x.x.x.x prefer

!

Richard Burts · ‎06-04-2008

Guru

If your hub routers are learning NTP from a Public NTP source then they will automatically operate as NTP servers for your remote routers and do not need the ntp master command (and should not have the ntp master command).

If the hub routers are learning NTP from a Public NTP source then you just configure the remote spoke routers with ntp server command pointing to your hub router as the server.

HTH

Rick

HTH

Rick

Andreas Martensson · ‎06-04-2008

But if you remove the ntp master statement, the output of 'sh ntp associations' look like this;

address ref clock st when poll reach delay offset disp

*~x.x.x.x .. 1 497 512 377 6.4 -0.12 0.3

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

If you on the other hand uses the ntp master command you will get a fallback to the local systemclock incase of a failure of the ntp source, or am i wrong?

address ref clock st when poll reach delay offset disp

~127.127.7.1 127.127.7.1 2 - 64 0 0.0 0.00 16000.

*~x.x.x.x .. 1 12 1024 377 6.7 -0.21 0.3

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

guruprasadr · ‎06-04-2008

Dear Rick,

Have rated your POST.

Your Statement "should not have the ntp master command"

What could be the consequence if the same is Configured at HUB Router ?

Any dis-advantages / Failure could Occur in Network ?

Please provide us the exact Justification and Thanks in Advance for Help

Best Regards,

Guru Prasad R

Richard Burts · ‎06-04-2008

Guru

The issue with configuring ntp master on the hub router is that the hub router then believes that it is authoritative and it does not sync to the external time server. At that point what is the use of sending requests to the external server? The time in the network is then only as accurate as the accuracy of the clock in your hub router and you lose the self correcting sync with Internet NTP.

If you are careful to set the stratum level on your router lower than the Internet server then it would still sync to the Internet server.

HTH

Rick

HTH

Rick

Kevin Dorrell · ‎06-04-2008

I wonder whether this incident had somethong to do with daylight saving time. It should not do, because NTP synchronisation is always based on UTC, and then an offset is applied locally on each router.

But suppose for a moment that you had the ntp master command, so your router was not synchronising correctly to 69.26.112.120, and suppose you did not have DST configured correctly. Come the first weekend in March(over your side of the pond), the clock would be reading incorrectly. Suppose then someone (not yourself) decided to adjust the clock manually. The real clock, the UTC one, would then be an hour out.

That might explain why the service survived all the reboots during winter, but as soon as summer came along, it was out of kilter.

Once you have synchronised correctly to the Internet server, please check whether you have DST configured correctly. This is what I have, although your settings would be different on your side of the Atlantic.

clock timezone CET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

Then you will not need to adjust your clocks ever again.

Kevin Dorrell

Luxembourg

Ivaylo Georgiev · ‎03-20-2013

Kevin,

I have a question regarding rhe second line:

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

Can't the router tell when the daylight saving time occurs just from the timezone that it's in? In other words, Do we really need that additional command?

Thanks,

Ivo.