Thursday, 21 May 2020

NTP Configuration via Management Routing Instance in Juniper


In related to configuring management interface in Juniper, NTP traffic should go via the management port and not through the data ports. Pre-requisite configuration can be found here:
https://mynetworkbio.blogspot.com/2020/03/configure-management-interface-in.html


NTP Server1: 192.168.10.101
NTP Server1: 192.168.10.102

Configuration:

set system ntp server 192.168.10.101 routing-instance mgmt_junos
set system ntp server 192.168.10.102 routing-instance mgmt_junos
set system ntp source-address 172.16.0.100 routing-instance mgmt_junos

where: 172.16.0.100 is your management (em0) interface IP

Sample Firewall configuration:

set firewall family inet filter FIREWALL-RE term NTP-PERMIT from source-prefix-list NTP-LIST
set firewall family inet filter FIREWALL-RE term NTP-PERMIT from protocol udp
set firewall family inet filter FIREWALL-RE term NTP-PERMIT from port ntp
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then policer RE-POLICER-256K
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then count NTP-PERMIT
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then accept
set firewall policer ntp-policer if-exceeding bandwidth-limit 1m
set firewall policer ntp-policer if-exceeding burst-size-limit 15k
set firewall policer ntp-policer then discard

set policy-options prefix-list NTP-LIST 172.20.2.100/32
set policy-options prefix-list NTP-LIST 192.168.10.101/32
set policy-options prefix-list NTP-LIST 192.168.10.102/32

where:
172.20.2.100/32 is your loopback0 address
Note: Those highlighted commands in bold font are the most important to make this work.

Verification:

darwin@QFX-re0#run show ntp associations
   remote         refid           st t when poll reach   delay   offset  jitter
===============================================================================
 192.168.10.101    .GPS.            1 -    -   64    1    1.555   -0.053   0.026
 192.168.10.102     .GPS.            1 -    1   64    1    0.901   -0.045   0.031

{master}[edit]

darwin@QFX-re0#run show ntp status
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Thu Dec 26 20:26:31  2019 (1)", processor="amd64",
system="FreeBSDJNPR-11.0-20191223.5f5c7dc_buil", leap=00, stratum=2,
precision=-23, rootdelay=1.514, rootdispersion=13.291, peer=13884,
refid=192.168.10.101,
reftime=e270e335.ef6c45ca  Thu, May 21 2020 19:23:33.935, poll=6,
clock=e270e3fa.23b9d2ce  Thu, May 21 2020 19:26:50.139, state=4,
offset=-0.019, frequency=34.239, jitter=0.042, stability=0.000

Additional Tips:
Set timezone (example changing from default UTC to SGT)

darwin@QFX-re0# set system time-zone Asia/Singapore

darwin@QFX-re0# run show system uptime
Current time: 2020-05-21 11:24:09 UTC
Time Source:  NTP CLOCK
System booted: 2020-04-19 13:28:11 UTC (4w3d 21:55 ago)
Protocols started: 2020-04-19 13:29:05 UTC (4w3d 21:55 ago)
Last configured: 2020-05-21 11:23:18 UTC (00:00:51 ago) by darwin
11:24AM  up 31 days, 21:56, 1 users, load averages: 0.37, 0.28, 0.25

darwin@QFX-re0# run show system uptime
Current time: 2020-05-21 19:25:48 SGT
Time Source:  NTP CLOCK
System booted: 2020-04-19 21:28:11 SGT (4w3d 21:57 ago)
Protocols started: 2020-04-19 21:29:05 SGT (4w3d 21:56 ago)
Last configured: 2020-05-21 19:25:29 SGT (00:00:19 ago) by darwin
 7:25PM  up 31 days, 21:58, 1 users, load averages: 0.39, 0.30, 0.26




No comments:

Post a Comment