Cisco Systems SMC-169 User Manual
Implementing NTP on Cisco IOS XR Software
Network TimeProtocol (NTP) is a protocol designed to time-synchronize devices within a network. The
Cisco IOS XR software implements NTPv4. NTPv4 retains backwards compatibility with the older
versions of NTP, including NTPv3 and NTPv2 but excluding NTPv1, which has been discontinued due
to security vulnerabilities.
This module describes the new and revised tasks you need to implement NTP on your Cisco IOS XR
network.
Note For more information about NTP on the Cisco IOS XR software and complete descriptions of the NTP
commands listed in this module, you can refer to the “Related Documents” section of this module. To
locate documentation for other commands that might appear in the course of running a configuration
task, search online in the Cisco IOS XR software master command index.
Feature History for Implementing NTP on Cisco IOS XR Software Contents
Release Modification
Release 2.0 This feature was introduced on the Cisco CRS-1.
Release 3.0 No modification.
Release 3.2 Support was added for the Cisco XR 12000 Series Router.
Release 3.3.0 No modification.
Contents
• Prerequisites for Implementing NTP on Cisco IOS XR Software, page SMC-170
• Information About Implementing NTP on Cisco IOS XR Software, page SMC-170
• How to Implement NTP on Cisco IOS XR Software, page SMC-171
• Configuration Examples for Implementing NTP on Cisco IOS XR Software, page SMC-187
• Additional References, page SMC-191
Cisco IOS XR System Management Configuration Guide
SMC-169
Implementing NTP on Cisco IOS XR Software
Prerequisites for Implementing NTP on Cisco IOSXR Software
Prerequisites for Implementing NTP on Cisco IOS XR Software
The following prerequisites are required to implement NTP in your network operating center (NOC):
• You must be in a user group associated with a task group that includes the proper task IDs for CDP
commands. Task IDs for commands are listed in the Cisco IOS XR Task ID Reference Guide.
For detailed information about user groups and task IDs, see the Configuring AAA Services on
Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.
• You must have connectivity with at least one server that is running NTP.
Information AboutImplementingNTP on Cisco IOS XR Software
To implement NTP, you need to understand the following concept:
• “NTP Functional Overview” section on page SMC-170
NTP Functional Overview
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization
allows events to be correlated when system logs are created and other time-specific events occur.
NTP uses the User Datagram Protocol (UDP) as its transport protocol. All NTP communication uses
Coordinated Universal Time (UTC). An NTP network usually receives its time from an authoritative
time source, such asa radio clock or anatomic clock attached to atime server. NTP distributes thistime
across the network. NTP is extremely efficient; no more than one packet per minute is necessary to
synchronize two machines to within a millisecond of each other.
NTP uses the concept of a “stratum” to describe how many NTP “hops” away a machine is from an
authoritative time source. A “stratum 1” time server typically has an authoritative time source (such as
a radio or atomic clock, or a GPS time source) directly attached, a “stratum 2” time server receives its
time via NTP from a “stratum 1” time server, and so on.
NTP avoids synchronizing to a machine whose time may not be accurate in two ways. First, NTP will
never synchronize to a machine that is not in turn synchronized itself. Second, NTP compares the time
reported by severalmachinesanddoes not synchronize to a machine whose time is significantlydifferent
than the others, even if its stratum is lower.This strategy effectively builds a self-organizing tree of NTP
servers.
The Cisco implementation of NTP does not support stratum 1 service; in other words, it is not possible
to connect to a radio or atomic clock (for some specific platforms, however, you can connect a GPS
time-source device). We recommend that time service for your network be derived from thepublic NTP
servers available in the IP Internet.
If the network is isolated from the Internet, the Cisco implementation of NTP allows a machine to be
configured so that it acts as though it is synchronized via NTP, when in fact it has determined the time
using other means. Other machines can then synchronize to that machine via NTP.
A number of manufacturers include NTP software for their host systems, and a publicly available version
for systems running UNIX and its various derivatives is also available. This software also allows
UNIX-derivative servers to acquire the time directly from an atomic clock, which would subsequently
propagate time information along to Cisco routers.
SMC-170
Cisco IOS XR System Management Configuration Guide
Implementing NTP on Cisco IOS XR Software
How to Implement NTP on Cisco IOS XR Software
The communications between machines running NTP (known as “associations”) are usually statically
configured;each machine is given the IP address of all machineswith which it should form associations.
Accurate timekeeping is made possible by exchanging NTP messages between each pair of machines
with an association.
However, in a LAN environment, NTP can be configured to use IP broadcast messages instead. This
alternativereduces configuration complexity, because each machine can simplybe configured to sendor
receive broadcast messages. However, the accuracy of timekeeping is marginally reduced because the
information flow is one-way only.
The time kept on a machine is a critical resource, so we strongly recommend that you use the security
features of NTP to avoid the accidental or malicious setting of incorrect time. Two mechanisms are
available: an access list-based restriction scheme and an encrypted authentication mechanism.
When multiple sources of time (VINES, hardware clock, manual configuration) are available, NTP is
always considered to be more authoritative. NTP time overrides the time set by any other method.
How to Implement NTP on Cisco IOS XR Software
This section contains the following procedures:
• “Configuring Poll-Based Associations” section on page SMC-171 (optional)
• “Configuring Broadcast-Based NTP Associations” section on page SMC-173 (optional)
• “Configuring NTP Access Groups” section on page SMC-175 (optional)
• “Configuring NTP Authentication” section on page SMC-178 (optional)
• “Disabling NTP Services on a Specific Interface” section on page SMC-180 (optional)
• “Configuring the Source IP Address for NTP Packets” section on page SMC-182 (optional)
• “Configuring the System as an Authoritative NTP Server” section on page SMC-184 (optional)
• “Updating the Hardware Clock” section on page SMC-185 (optional)
• “Verifying the Status of the External Reference Clock” section on page SMC-187 (optional)
Configuring Poll-Based Associations
This task explains how to configure poll-based NTP associations.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
Poll-Based Associations
Networking devices running NTP can be configured to operate in variety of association modes when
synchronizing time with reference time sources. Thereare two ways that a networking device can obtain
time information on a network: by polling host servers and by listening to NTP broadcasts. In this task,
we will focus onthe poll-based association modes. Broadcast-basedNTP associations will be discussed
in the next task, “Configuring Broadcast-Based NTP Associations.”
Cisco IOS XR System Management Configuration Guide
SMC-171
How to Implement NTP on Cisco IOS XR Software
The following are two most commonly used, poll-based association modes:
• Client mode
• Symmetric active mode
The client andthe symmetric active modes should be usedwhen NTP is required to provide a high level
of time accuracy and reliability.
When a networking device is operating in theclient mode,it polls itsassigned timeserving hosts forthe
current time. The networking device then picks a host from all the polled time servers to synchronize
with. Because the relationship that is established in this case is a client-host relationship, the host does
not capture or use any time information sent by the local client device. This mode is most suited for
file-server and workstation clients that are not required to provide any form of time synchronization to
other local clients. Use the s e rve r commandto individually specify the time-serving hoststhat you want
your networking device to consider synchronizing with and to set your networking device to operate in
the client mode.
When a networking device is operating in the symmetric active mode, it polls its assigned time-serving
hosts for the current time and it responds topolls by its hosts. Because thisis a peer-to-peer relationship,
the host also retains time-related information about the localnetworking device that it is communicating
with. This mode should be used when there is a number of mutually redundant servers that are
interconnected via diverse network paths. Most stratum 1 and stratum 2 servers on the Internet today
adopt this form of network setup. Use the peer command to individually specify the time-serving hosts
that you want yournetworking device to considersynchronizing withand to set your networkingdevice
to operate in the symmetric active mode.
Implementing NTP on Cisco IOS XR Software
SUMMARY STEPS
DETAILED STEPS
Command or Action Purpose
Step 1
Step 2
configure
Example:
RP/0/RP0/CPU0:router# configure
ntp
1. configure
2. ntp
3. server ip-address [version number] [ke y key-id] [minpoll interval] [maxpoll interval] [source
interface-type interface-instance] [prefer]
4. peer ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source
interface-type interface-instance] [prefer]
5. end
or
commit
Enters global configuration mode.
Enters NTP configuration mode.
Example:
RP/0/RP0/CPU0:router(config)# ntp
SMC-172
Cisco IOS XR System Management Configuration Guide
Implementing NTP on Cisco IOS XR Software
Command or Action Purpose
Step 3
server
[minpoll
interface-type interface-instance
ip-address
interval
[version
] [maxpoll
Example:
RP/0/RP0/CPU0:router(config-ntp)# server
172.16.22.44 minpoll 8 maxpoll 12
peer
Step 4
ip-address
[minpoll
interface-type interface-instance
[version
interval
] [maxpoll
Example:
RP/0/RP0/CPU0:router(config-ntp)# peer
192.168.22.33 minpoll 8 maxpoll 12 source pos
0/0/0/1
Step 5
end
or
commit
Example:
RP/0/RP0/CPU0:router(config)# end
or
RP/0/RP0/CPU0:router(config)# commit
number
interval
number
interval
][key
] [source
] [prefer]
] [key
] [source
] [prefer]
key-id
key-id
How to Implement NTP on Cisco IOS XR Software
]
Forms a server association with another system.
]
Forms a peer association with another system.
Saves configuration changes.
• When you issue the endcommand, the systemprompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
–
Entering ye s saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Broadcast-Based NTP Associations
This task explains how to configure broadcast-based NTP associations.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
Broadcast-Based NTP Associations
Broadcast-based NTP associations should be used when time accuracy and reliability requirements are
modest and if your network is localized and has a large number of clients (more than 20).
Broadcast-based NTP associations also are recommended for use on networks that have limited
bandwidth, system memory, or CPU resources.
Cisco IOS XR System Management Configuration Guide
SMC-173
How to Implement NTP on Cisco IOS XR Software
When a networking device is operating in the broadcastclient mode, it does not engage in any polling.
Instead, it listens for NTP broadcast packets transmitted by broadcast time servers. Consequently, time
accuracy can be marginally reduced, because time information flows only one way.
Use the broadcast client command to set your networking device to listen for NTP broadcast packets
propagated through a network. For broadcastclient mode to work, the broadcast server and its clients
must be located on the same subnet. The time server that istransmitting NTPbroadcast packetsmust be
enabled on the interface of the given device using the broadcast command.
SUMMARY STEPS
1. configure
2. ntp
3. broadcastdelay microseconds
4. interface type instance
5. broadcast client
6. broadcast [destination ip-address] [key key-id] [version number]
7. end
or
commit
Implementing NTP on Cisco IOS XR Software
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
ntp
Example:
RP/0/RP0/CPU0:router(config)# ntp
Step 3
broadcastdelay
Example:
RP/0/RP0/CPU0:router(config-ntp)#
broadcastdelay 5000
Step 4
interface
Example:
RP/0/RP0/CPU0:router(config-ntp)# interface POS
0/1/0/0
Step 5
broadcast client
microseconds
type instance
Enters global configuration mode.
Enters NTP configuration mode.
Adjusts the estimated round-trip delay for NTP broadcasts.
Enters NTP interface configuration mode.
Configuresthe specified interface to receive NTP broadcast
packets.
Example:
RP/0/RP0/CPU0:(config-ntp-int)# broadcast
client
SMC-174
Cisco IOS XR System Management Configuration Guide
Implementing NTP on Cisco IOS XR Software
Command or Action Purpose
Step 6
broadcast [destination
[version
number
]
Example:
RP/0/RP0/CPU0:(config-ntp-int)# broadcast
destination 10.50.32.149
Step 7
end
or
commit
Example:
RP/0/RP0/CPU0:router(config)# end
or
RP/0/RP0/CPU0:router(config)# commit
ip-address
][key
key-id
How to Implement NTP on Cisco IOS XR Software
]
Configures the specified interface to send NTP broadcast
packets.
Saves configuration changes.
• When you issue the endcommand, the systemprompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
–
Entering ye s saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring NTP Access Groups
This task explains how to configure NTP access groups.
Note No specific command enables NTP; the first NTP configuration command that you issue enables NTP.
NTP Access Groups
The access list-based restriction scheme allows you to grant or deny certain access privilegesto an entire
network, a subnet within a network, or a host within a subnet.
The access group options are scanned in the following order, from least restrictive to most restrictive:
1. peer—Allows time requests and NTP control queries and allows the system to synchronizeitself to
a system whose address passes the access list criteria.
2. serve—Allowstime requests and NTP control queries, but does not allow the system to synchronize
itself to a system whose address passes the access list criteria.
3. serve-only—Allows only time requests from a system whose address passes the access list criteria.
4. query-only—Allows only NTP control queries from a system whose address passes the access list
criteria.
Cisco IOS XR System Management Configuration Guide
SMC-175
How to Implement NTP on Cisco IOS XR Software
If the source IP address matches the access lists for more than one access type, the first type is granted.
If no access groups are specified, all access types are granted to all systems. If any access groups are
specified, only the specified access types are granted.
For details on NTP control queries, see RFC 1305 (NTP version 3).
SUMMARY STEPS
1. configure
2. ntp
3. access-group {peer | query-only | serve | serve-only} access-list-name
4. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Implementing NTP on Cisco IOS XR Software
Enters global configuration mode.
Step 2
Example:
RP/0/RP0/CPU0:router# configure
ntp
Example:
RP/0/RP0/CPU0:router(config)# ntp
Enters NTP configuration mode.
SMC-176
Cisco IOS XR System Management Configuration Guide
Loading...