SD-WAN

 View Only
last person joined: 4 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).

  • 1.  NTP to a public server

    Posted 10-05-2021 10:20
    Hi. 

    I've configured an external NTP server under a router, router settings, but I have an alert "No active NTP server".

    Do I need to configure a service to allow the NTP communication with the External server?

    It appears in the running-config, but its rejected.

    system
    ntp
    80.86.38.193
    ip-address 80.86.38.193
    exit
    exit
    exit

    ======= =============== ======== ========= ========= ====== ====== ====== ======= ======= ======== ======== ============
    Node Time Source Status Ref. ID Stratum Type When Poll Reach Delay Offset Jitter Tally Code
    ======= =============== ======== ========= ========= ====== ====== ====== ======= ======= ======== ======== ============
    node1 80.86.38.193 active .INIT. 16 - - 64 0 0.000 0.000 0.000 reject


    ------------------------------
    DAN KENNEDY
    ------------------------------


  • 2.  RE: NTP to a public server

     
    Posted 10-06-2021 08:59

    Hi Dan,

    Sounds like you don't use an out-of-band management interface (on Linux OS) and you haven't configured management over forwarding interfaces.

    Please refer to https://docs.128technology.com/docs/config_management_over_forwarding for more details.

    Thanks,
    Mathias 



    ------------------------------
    Mathias Jeschke
    Juniper Networks
    ------------------------------

    Original Message


  • 3.  RE: NTP to a public server

     
    Posted 10-06-2021 08:59
    Hi Dan,

    Whether or not you need a service configured depends on how that device reaches the internet. NTP is handled by a protocol stack running on the Linux host of the computer running the 128T/SSR software. If the Linux routing table knows how to reach the destination (80.86.38.193) without using the 128T's data plane, then you don't need a service. (I.e., your system has out-of-band management.) If your Linux routing table indicates that that destination is reachable via the 128T's data plane -- generally via the presence of a route with `dev kni254` as the next hop -- then you will need a service.

    ------------------------------
    Patrick Timmons
    Vice President of Customer Success
    ------------------------------

    Original Message


  • 4.  RE: NTP to a public server

    Posted 10-07-2021 13:24
    Understood. 

    So I tried enabling the interface for management and it works and created the services for NTP etc as suggested.

    Out of curiosity, If I didn't enable the management function on the WAN interface, but created a service just for NTP, would I need to allow the _internal _ tenant for this service and if so would that be enough for NTP to work (trying to understand if enabling the management function simply creates these services).

    Thanks again

    ------------------------------
    DAN KENNEDY
    ------------------------------

    Original Message


  • 5.  RE: NTP to a public server

     
    Posted 10-07-2021 14:01
    If you created the service for NTP and created a policy to allow _internal_, then yes it would behave the same way -- assuming your Linux route table is set up to send traffic to the 128T's data plane. This is another thing that the management function does for you -- it sets those routes in Linux on your behalf.

    There's a document on our documentation portal that covers this. The tl;dr: back in the "good old days," before we'd implemented management over forwarding interfaces as an interface toggle, you'd need to go into Linux to tweak this stuff yourself. It still works perfectly well (and has some flexibilities that the management-over-forwarding doesn't), but it's certainly more involved than going the "new" route. (No pun intended.)

    ------------------------------
    Patrick Timmons
    Vice President of Customer Success
    ------------------------------

    Original Message