I don't have a KB for it but I once tried to get a totally isolated network to sync time internally. The Juniper EX4200 switches couldn't be persuaded to act as NTP servers unless they has a server to sync to but I had a number of Adva FSP3000R7 chassis that could. By setting them to stratum 5 or something, I could use them as masters and the EX switches could sync.
A standard NTP server that doesn't get time from another source will set its stratum to level 16, the lowest. No NTP server should use the time from a stratum 16 server so this makes the switch unusable as a time source, even if they can talk. In Linux etc., you can set a "fudge" parameter to spoof a stratum of your choice:
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
Just to test if this would work in a modern EX, I took an EX4100-24MP and edited the raw config file:
start shell user root
vi /var/etc/ntp.conf (to edit the file, put in the two lines shown below)
ps ax | grep ntp
There will be one line with "/usr/sbin/xntpd" in it (and another perhaps with tcp.sntpd but ignore that).
22926 - S 0:05.12 /usr/sbin/xntpd -j -N -g (ntpd)
You need the process number (22926 in my case). Use kill -1 to restart the process (-1 means restart, not actually kill it)
kill -1 22926
root@EX4100-24MP-01:RE:0% cat /var/etc/ntp.conf
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
In an neighbouring system , I see this:
fredrik@EX4100-12P-01> show ntp associations
remote refid auth st t when poll reach delay offset jitter
===================================================================================================
*my.ntp.server 14.158.104.39 - 2 u 60 64 37 14.640 -0.089 0.401
10.16.2.20 LOCAL(0) - 11 u - 64 3 6.747 +0.069 3.429
This means that this system can read time from the -24MP I just restarted the service on. I set that stratum to 10 and the other switch therefore sees it as stratum 11, just as it should.
So you could edit the file yourself to get the functionality you want. Even a new commit didn't overwrite the file for me when I did an unrelated change (a random interface description). Making changes to the NTP config itself would likely overwrite your edit of course.
I don't see a way to set a "fudge"/local clock in the config. I'll ask my Juniper SEs about this and perhaps it will get into the Junos feature set one day!
Original Message:
Sent: 12-11-2024 10:27
From: JAMES LAMBERT
Subject: Does SRX stop providing NTP to clients without valid sync to server?
Does the Juniper SRX still provide time to NTP clients when it has lost synchronization with its own NTP server? Or does the SRX simply stop sending NTP to clients all-together?
I believe it simply stops when it has lost its own NTP server, but I would like confirmation. If you can provide a Juniper knowledge article with this information in it, I would be thankful. I have been unable to find one as of yet.
------------------------------
JAMES LAMBERT
------------------------------