Wired

last person joined: 18 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

ArubaOS-CX as an NTP Time Server

  • 1.  ArubaOS-CX as an NTP Time Server

    Posted Apr 12, 2019 01:13 AM

    ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

     

    ArubaOS-CX NTP Client Config
    Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

    ntp server 10.2.10.2
    ntp server 10.2.10.3
    ntp enable
    ntp vrf mgmt
    
    8320-upper# sh ntp associations
    ----------------------------------------------------------------------
    ID NAME REMOTE REF-ID ST LAST POLL REACH
    ----------------------------------------------------------------------
    1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0
    * 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377
    ----------------------------------------------------------------------

     

    ArubaOS-CX NTP Server Config

    NTP master is enabled by default, with no settings.

    8320-upper# sh ntp master
    
    NTP Master Status : Enabled
    
    -----------
    VRF Stratum
    -----------

    To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

    ntp master vrf default stratum 3

    If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

    8320-lower# sh run | in ntp
    ntp server 10.2.10.2
    ntp server 10.2.10.3
    ntp enable
    ntp vrf mgmt
    ntp master vrf default stratum 3

     

    Config for ArubaOS-Switch (also ProCurve)
    I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

    timesync ntp
    ntp unicast
    ntp server 10.80.255.7
    ntp server 10.80.255.8
    ntp enable

    My timezone settings for Sydney Australia:

    time daylight-time-rule user-defined begin-date 10/01 end-date 04/01
    time timezone 600

     

    3500in8xxx(config)# sh ntp associations
    
    NTP Associations Entries
    
    
    Remote St T When Poll Reach Delay Offset Dispersion
    --------------- ---- ---- ------ ----- -------- -------- -------- ----------
    10.80.255.7 4 u 75 10 3 0.000 0.000 15.87588
    10.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

     

    Other Notes
    NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

    3500in8xxx(config)# sh ntp associations
    
    NTP Associations Entries
    
    
    Remote St T When Poll Reach Delay Offset Dispersion
    --------------- ---- ---- ------ ----- -------- -------- -------- ----------
    10.80.32.1 16 75 17 0 0.000 0.000 15.93835

    NTP authentication isn't currently supported with the OS-CX device acting as server/master.



  • 2.  RE: ArubaOS-CX as an NTP Time Server

    Posted Oct 05, 2019 12:50 PM

    Is NTP Master supported i.c.m with Active-Gateway?

     

    My ntp clients seems to communiate only with the real interface IP's and not the active gateway IP



  • 3.  RE: ArubaOS-CX as an NTP Time Server

    Posted Oct 09, 2019 01:48 PM

    I just got a message from TAC, saying it is not possible. Below a good explanation from TAC:

     

     

    "This is possible to source NTP traffic from the active-gateway Virtual IP, It is inappropriate as the logic behind this Virtual IP is purely for ARP scope. Indeed, as this is not a protocol based VIP (like VRRP), there is no guarantee that for a handshake communication between the NTP server and the NTP client the return packet will go through the same CX node.
    
    Say the NTP communication is initiated by VSX primary with VIP, there is a possibility that packet might comes back through VSX secondary which will handle the received packet as hosting the destination IP, but which will be out-of-sync for NTP protocol as not sourcing this request sequence."