MX 104 NTP servers are not synching

View Only

last person joined: 3 days ago

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Back to discussions

Expand all | Collapse all

MX 104 NTP servers are not synching

1. MX 104 NTP servers are not synching

Recommend
PEDRO VIEIRA
Posted 10-24-2024 13:54

Reply Reply Privately
Hello, good morning to you all.

I have two juniper MX devices that I'm not able to sync with my ntp servers, even with reachability bw them.

Tried to figure out, but no luck so far.

root@CG-US-CHI-JNPR-MX104> set date ntp
24 Oct 10:28:46 ntpdate[35343]: no server suitable for synchronization found

root@CG-US-CHI-JNPR-MX104> show ntp associations
localhost: timed out, nothing received
***Request timed out

root@CG-US-CHI-JNPR-MX104> ping 10.150.234.16 source 10.150.246.82
PING 10.150.234.16 (10.150.234.16): 56 data bytes
64 bytes from 10.150.234.16: icmp_seq=0 ttl=61 time=2.177 ms
64 bytes from 10.150.234.16: icmp_seq=1 ttl=61 time=2.037 ms
64 bytes from 10.150.234.16: icmp_seq=2 ttl=61 time=2.048 ms
64 bytes from 10.150.234.16: icmp_seq=3 ttl=61 time=2.035 ms
^C
--- 10.150.234.16 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.035/2.074/2.177/0.060 ms

root@CG-US-CHI-JNPR-MX104> ping 10.195.7.71 source 10.150.246.82
PING 10.195.7.71 (10.195.7.71): 56 data bytes
64 bytes from 10.195.7.71: icmp_seq=0 ttl=60 time=21.472 ms
64 bytes from 10.195.7.71: icmp_seq=1 ttl=60 time=21.560 ms
64 bytes from 10.195.7.71: icmp_seq=2 ttl=60 time=21.637 ms
64 bytes from 10.195.7.71: icmp_seq=3 ttl=60 time=21.655 ms
^C

This is the current config I have.

set system ntp server 10.150.234.16
set system ntp server 10.195.7.71
set system ntp source-address 10.150.246.82
set policy-options prefix-list PFX-NTP-ACL 10.31.144.196/32
set policy-options prefix-list PFX-NTP-ACL 10.31.145.85/32
set policy-options prefix-list PFX-NTP-ACL 10.38.212.21/32
set policy-options prefix-list PFX-NTP-ACL 10.49.0.214/32
set policy-options prefix-list PFX-NTP-ACL 10.49.4.214/32
set policy-options prefix-list PFX-NTP-ACL 10.76.5.100/32
set policy-options prefix-list PFX-NTP-ACL 10.130.155.77/32
set policy-options prefix-list PFX-NTP-ACL 10.150.234.16/32
set policy-options prefix-list PFX-NTP-ACL 10.195.7.71/32
set policy-options prefix-list PFX-NTP-ACL 10.247.246.196/32
set policy-options prefix-list PFX-NTP-ACL 10.252.108.84/32
set firewall family inet filter RE-FILTER term ACCEPT-NTP from source-prefix-list PFX-NTP-ACL
set firewall family inet filter RE-FILTER term ACCEPT-NTP from protocol tcp
set firewall family inet filter RE-FILTER term ACCEPT-NTP from protocol udp
set firewall family inet filter RE-FILTER term ACCEPT-NTP from port 123
set firewall family inet filter RE-FILTER term ACCEPT-NTP from port ntp
set firewall family inet filter RE-FILTER term ACCEPT-NTP then count accept-ntp
set firewall family inet filter RE-FILTER term ACCEPT-NTP then accept

set groups GRP-FLTR-RE-IN interfaces lo0 unit <*> family inet filter input RE-FILTER

set interfaces lo0 apply-groups GRP-FLTR-RE-IN
set interfaces lo0 unit 0 family inet

Can someone help me with this issue?

------------------------------
PEDRO VIEIRA
------------------------------
2. RE: MX 104 NTP servers are not synching

Recommend
PER GRANATH
Posted 10-25-2024 01:04

Reply Reply Privately
Does it work if you disable the filter?

Perhaps the NTP server answers from the wrong IP address.

------------------------------
PER GRANATH
------------------------------

Original Message
3. RE: MX 104 NTP servers are not synching

Recommend
Andrei Cebotareanu
Posted 10-25-2024 03:11

Reply Reply Privately
Hi,

I think this is what you need

https://supportportal.juniper.net/s/article/Junos-Why-does-the-Network-Time-Protocol-NTP-stop-working-if-a-loopback-firewall-filter-is-applied?language=en_US

BR

------------------------------
Andrei Cebotareanu
------------------------------

Original Message
4. RE: MX 104 NTP servers are not synching

Recommend
PEDRO VIEIRA
Posted 10-25-2024 10:45

Reply Reply Privately
Hello.

Indeed the filter was blocking, but no messages was seeing.

After removing the filter it did worked so I went to the article Andrei shared and added my router source ip on the prefix list as well, aafter that it worked fine.

Thank you for the help :)

------------------------------
PEDRO VIEIRA
------------------------------

Original Message

Routing

MX 104 NTP servers are not synching

PEDRO VIEIRA10-24-2024 13:54

PER GRANATH10-25-2024 01:04

Andrei Cebotareanu10-25-2024 03:11

PEDRO VIEIRA10-25-2024 10:45

1. MX 104 NTP servers are not synching

2. RE: MX 104 NTP servers are not synching

3. RE: MX 104 NTP servers are not synching

4. RE: MX 104 NTP servers are not synching