Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  MX Router. Time Source: LOCAL CLOCK vs Time Source: NTP CLOCK

    Posted 11-26-2020 10:57
    Hello All,

    I need help or "direction to search" for the following issue.

    I have a number of MX/SRX devices in my network configured with NTP servers. The configuration looks similar on all devices 

    set system ntp server A.B.C.D
    set system ntp server A1.B1.C1.D1

    The A.B.C.D are private IP of the NTP servers configured in my network.

    The show ntp associate, show ntp status shows no issues and looks as follows (almost identical on all devices)

    show ntp status
    status=0664 leap_none, sync_ntp, 6 events, event_peer/strat_chg,
    version="ntpd 4.2.0-a Fri Dec 29 07:11:30 2017 (1)", processor="amd64",
    system="FreeBSDJNPR-10.3-20171207.04b87e3_buil", leap=00, stratum=3,
    precision=-23, rootdelay=38.992, rootdispersion=55.057, peer=61686,
    refid=A.B.C.D,
    reftime=e36a4ca4.aca1c202 Thu, Nov 26 2020 15:47:48.674, poll=10,
    clock=e36a4cb9.c5ab9b79 Thu, Nov 26 2020 15:48:09.772, state=4,
    offset=0.514, frequency=30.517, jitter=0.793, stability=0.002

    show ntp associations
    remote refid st t when poll reach delay offset jitter
    ===============================================================================
    +A1.B1.C1.D1 136.243.21.38 3 - 138 512 377 11.997 0.144 0.428
    *A.B.C.D 90.187.99.165 2 - 79 512 377 12.198 0.838 0.001

    The issue is that some of the devices are showing the Time Source: LOCAL CLOCK and some are showing NTP CLOCK

    show system uptime
    Current time: 2020-11-26 15:50:04 UTC
    Time Source: LOCAL CLOCK

    show system uptime
    Current time: 2020-11-26 15:50:41 UTC
    Time Source: NTP CLOCK

    The difference I noted (not confident) is that the devices with "Time Source: NTP CLOCK" do have a routing/reachability to the refid, and the other with "LOCAL CLOCK" looks to be filtered by FW (not yet confirmed).
    But All devices do have full access to the NTP servers (A.B.C.D and A1.B1.C1.D1).

    So my questions will be:

    1. Does "Time Source" from the show system uptime indicate the "Time Source" used by the system (so in case of LOCAL - I do not consider NTP servers). Or it's just cosmetic?
    2. Is there any way to debug/check what is the current source of time for the system?
    3. Any way to debug the Time Source?

    Thank you in advance,

    Andrei 









  • 2.  RE: MX Router. Time Source: LOCAL CLOCK vs Time Source: NTP CLOCK

    Posted 11-26-2020 11:17

    Hi Andrei,

    1. Does "Time Source" from the show system uptime indicate the "Time Source" used by the system (so in case of LOCAL - I do not consider NTP servers). Or it's just cosmetic?
    Yes, it should actually display the time source that is currently used by the system.

    2. Is there any way to debug/check what is the current source of time for the system?
    You can do that by using standard operational commands for ntp such as mentioned in your post:
    show ntp status
    show ntp associations
    show system uptime | match "Time Source"

    3. Any way to debug the Time Source?
    By default ntp logs are being displayed in the messages file. You can search for them with show log messages | match ntp command

    Try to specify the source address of your device that will communicate with NTP server and check if that helps.

    If you have applied any filters to the loopback interface on the devices where the ntp is not synchronized, you need to add particular terms to allow NTP traffic. Also in that term you need to add both NTP server address and your local source address. Detail information can be found here: [Junos] Why does the Network Time Protocol (NTP) stop working if a loopback firewall filter is applied? 



    ------------------------------
    Regards,
    Elchin
    ------------------------------



  • 3.  RE: MX Router. Time Source: LOCAL CLOCK vs Time Source: NTP CLOCK

    Posted 11-26-2020 11:50
    Hi Elchin,

    Thank you so much! As you see from my original comment - the status and associations are showing all clean... 
    The logs are not showing any issues.

    More than this, if I try to do set clock ntp  (on devices with local clock), I can see that the system is able to sync from NTP server, but even after sync, the Time Source is local.

    In regards to FW on Loopback, I have different examples with and without FW, so this part was also confirmed/verified.

    As you can see I need sort of the "low level" debug on this topic.

    For now, my assumptions are ( I will try to test it):
    - I need to have access to refid (so to external NTP server)
    - I need to find a way to increase the stratum level for a local clock (not sure it's the correct way, as the same setup on other devices is working).

    BR,
    Andrei



  • 4.  RE: MX Router. Time Source: LOCAL CLOCK vs Time Source: NTP CLOCK

    Posted 11-26-2020 12:21
    And there is the next updated.

    I took the node with Time Source: LOCAL CLOCK and with "no route/forwarding path" or potentially FW filtering way to the "external ref ID:

    ===============================================================================
    +A1.B1.C1.D1 136.243.21.38 3 - 138 512 377 11.997 0.144 0.428
    *A.B.C.D 90.187.99.165 2 - 79 512 377 12.198 0.838 0.001

    So not A1.B1.C1.D1 but the next peer.

    and 
    show ntp associations
    remote refid st t when poll reach delay offset jitter
    ===============================================================================
    *A1.B1.C1.D1 136.243.21.38 3 - 1 64 1 11.123 0.315 0.129

    show system uptime
    Current time: 2020-11-26 17:18:27 UTC
    Time Source: NTP CLOCK

    So all looks as expected. however, my open concerns are:
    - do I need to have access to the "external NTP" to be able to "trust" the internal NTP server..
    - I need to review the NTP server configuration maybe it's just not properly configured (relay instead of sourcing)... 

    BR

    Andrei





  • 5.  RE: MX Router. Time Source: LOCAL CLOCK vs Time Source: NTP CLOCK

    Posted 11-26-2020 12:37

    Just tried to simulate your situation and got approx similar result. NTP was synchronized but time source was LOCAL CLOCK.
    Have you tried to issue set date ntp from operational mode and check if that helps? Here is my result:

    > show system uptime
    Current time: 2020-11-26 21:25:43 +04
    Time Source: LOCAL CLOCK
    System booted: 2020-09-07 00:03:54 +04 (11w3d 21:21 ago)
    Protocols started: 2020-09-07 00:05:36 +04 (11w3d 21:20 ago)
    Last configured: 2020-11-26 17:30:08 +04 (03:55:35 ago) by root
    9:25PM up 80 days, 21:22, 3 users, load averages: 0.27, 0.24, 0.19

    > set date ntp
    26 Nov 21:25:48 ntpdate[75594]: step time server X.X.X.X offset 0.000002 sec

    > show system uptime | refresh
    ---(refreshed at 2020-11-26 21:25:50 +04)---
    Current time: 2020-11-26 21:25:50 +04
    Time Source: LOCAL CLOCK
    System booted: 2020-09-07 00:03:54 +04 (11w3d 21:21 ago)
    Protocols started: 2020-09-07 00:05:36 +04 (11w3d 21:20 ago)
    Last configured: 2020-11-26 17:30:08 +04 (03:55:42 ago) by root
    9:25PM up 80 days, 21:22, 3 users, load averages: 0.31, 0.24, 0.20
    ---(refreshed at 2020-11-26 21:25:55 +04)---
    Current time: 2020-11-26 21:25:55 +04
    Time Source: LOCAL CLOCK
    System booted: 2020-09-07 00:03:54 +04 (11w3d 21:22 ago)
    Protocols started: 2020-09-07 00:05:36 +04 (11w3d 21:20 ago)
    Last configured: 2020-11-26 17:30:08 +04 (03:55:47 ago) by root
    9:25PM up 80 days, 21:22, 3 users, load averages: 0.28, 0.24, 0.20
    ---(refreshed at 2020-11-26 21:26:00 +04)---
    Current time: 2020-11-26 21:26:00 +04
    Time Source: NTP CLOCK
    System booted: 2020-09-07 00:03:54 +04 (11w3d 21:22 ago)
    Protocols started: 2020-09-07 00:05:36 +04 (11w3d 21:20 ago)
    Last configured: 2020-11-26 17:30:08 +04 (03:55:52 ago) by root
    9:26PM up 80 days, 21:22, 3 users, load averages: 0.26, 0.23, 0.19
    ---(*more 100%)---[abort]

    Regarding "external NTP" you mean external server under the refid? I think there is no need for that...

    Could you please share NTP configuration just as an example in case if previous command doesn't help?



    ------------------------------
    Regards,
    Elchin
    ------------------------------