Synchronizing the time in a data center is crucial for maintaining accurate and coordinated operations across all the servers and network devices within the facility. If the time is not synced on network devices, correlating the event across multiple devices becomes very difficult.
In this article, I’m going to explain the Network Time Protocol (NTP) and will demonstrate its configuration and verification in Cisco Nexus switches.
Time Synchronization Purposes
We can summarize the time synchronization importance as follows:
- Logging and debugging output for troubleshooting.
- Network management reporting.
- SSL/TLS certificate validation.
- Timed-based protocol authentication (send/accept keys).
- Time-based traffic restrictions (Timed ACL).
Network Time Protocol (NTP) Overview
Network devices have an internal System Clock. Most are battery-driven and maintain the time/date across reloads. The system clock can obtain its information via the following:
- Manual configuration
- Precision Time Protocol (PTP)
- Network Time Protocol (NTP)
NTP is a protocol designed to synchronize the time of network devices and computers to a common time base over a network. NTP uses the Multicast address 224.0.1.1 and UDP port 123 (Src & Dst).
NTP uses Client and Server network model types:
- NTP Client: periodically polls a server for time information.
- NTP Server: provides time information to clients.
An NTP server usually receives its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server, and then distributes this time across the network.
NTP server is also considered an “authoritative source” of time-based on its Stratum Level:
- Stratum 1: Device directly connected to a radio or atomic clock source.
- Stratum 2: Time Server that is one hop away from Stratum-1 device.
- Stratum 3: Time Server that is two hops away from Stratum-1 device.. etc.
NTP in NX-OS
In NX-OS, NTP association can be one of the following:
- A server association. The device synchronizes its time to a server.
- A peer association. The device can either synchronize to another device or allow another device to synchronize with it.
NX-OS device can be configured as an authoritative NTP server to distribute time when it is not synced to an outside time source. An NTP peer relationship allows designating another NTP Client to consider synchronizing the time with it, which is needed in case a failure event occurs on the NTP server.
On a multi-VDC N7K switch (release 5.2 or later), the clock is synchronized in the default VDC.
NTP Configuration Steps in NX-OS
- Step 1. Make sure the NTP feature is enabled (default is enabled):
- feature ntp
- feature ntp
- Step 2. If we need to configure the Nexus switch as an Authoritative NTP Server:
- ntp master <stratum value>
- The default stratum value is 8.
- Step 3. To configure the Nexus switch as an NTP Server and/or an NTP Peer:
- ntp server a.b.c.d [prefer][use-vrf name]
- ntp peer a.b.c.d
- Note that NTP recognizes VRF instances. NTP uses the default VRF if you do not configure a specific VRF for the NTP server and NTP peer. In production networks, typically, we use the management vrf for NTP traffic.
- Step 4. (optional) Configure the NTP Source IP and source Interface:
- ntp source a.b.c.d
- ntp source-interface ethx/y
- By default, NTP sets the source IP address for all NTP packets based on the address of the interface through which the NTP packets are sent according to the routing table.
- Step 5. (optional) Configure NTP Authentication:
- 1) Defines the authentication keys: ntp authentication-key id md5 value
- 2) Specifies one or more keys as trusted keys: ntp trusted-key id
- 3) Forms an association with a server: ntp server a.b.c.d key id
- 4) Enable authentication using: ntp authenticate
Useful show commands
- show run ntp; displays ntp running configuration.
- show ntp peers; displays all the NTP peers.
- show ntp peer-status; displays the status for all NTP servers and peers.
- show ntp statistics; displays the NTP statistics.
- show ntp authentication-status; displays the status of NTP authentication.
NTP Configuration LAB Demo in NX-OS (Video)
The below video demonstrates the NTP configuration and verification in NX-OS:
Conclusion
For more details, please refer to the resources:
I hope this article was useful; feel free to leave a comment or a question.