The Mystery of Network Time Protocol
NTP : Network Time Protocol Services on CISCO routers.
Time synchronization is very critical on CISCO routers, as
without accurate date and time settings, we would not be able to generate any
meaningful logs on the routers. Most of the time, all the devices on a network
are in synch with famous NTP servers on the internet. All the NTP servers are
in synch with some Radio or Atomic Clock. Atomic clock is the defacto standard
for time keeping in the world. Atomic
clocks are also used as the primary standard for controlling television
broadcast wave frequency and in global positioning systems!
If our network is not connected to the internet, we can
define one or two routers/switches on our network as an NTP server. We can also
create different NTP peers to create redundancy and to avoid any inaccurate tuning of time.
Some quick facts about NTP:
- NTP uses UDP as transport protocol
- Client/Server Protocol ( Client request time from Server)
- All NTP communication is in UTC (Universal Coordinated Time) or GMT ( Greenwich Mean Time) Format
- NTP Startum is the value of the number of hops an NTP server is away from Root Servers, Stratum 1 value is the best value.
In addition to above points, we can enable NTP
authentication to avoid any malicious time hack on our account. We can enable
NTP authentication on the client, to authenticate the NTP server prior to
synchronizing with it. I think we have enough info about NTP and good to go for
a small configuration example. Once again, we are using GNS3!
NTP server and Client configuration in GNS3:
In our simple NTP demonstration, we will configure two 2691
routers, one as a Server and the other as a Client. The server router is called
the Master router, or in simple words, every router try to get in synch with
the Master Router on the network for time keeping. Below mentioned topology is
used:
R1:
Master Router/NTP Server
R2:
Client Router
R1: Fast Ethernet 0/0 ( 192.168.2.1/24) / R2: Fast Ethernet
0/0 ( 192.168.2.2/24)
Just imagine, we traveled via a time machine into the future,
2020, and the task is to configure our NTP servers J
As a starting step we set clock on Master router:
As the time is set, in the next step we designate our R1 as
Master by issuing ntp master command:
To confirm , all the values set on our NTP Master router, use below
command:
Okay, we are good to go. Now we will configure R2 as our NTP Cleint:
And after an instant, it got synchronized with its master:
We can also check ntp
associations detail via:
The above command, confirm that the originating time and the received
time are totally in synchronization.
And the time can be confirmed via simple show clock command once the whole synchronization process is done:
Cient_NTP_Router#show
clock detail
13:40:46.290 UTC
Wed Jan 1 2020
Time source is NTP
From the above command, it can be seen that for R2, the Time source is
NTP J
NTP Authentication:
NTP Authentication is one of the major requirements in production
networks, as it avoids any unwanted changed to our routers and switched time
clock. It's enabled on the client, to authenticate the server before accepting
it as its Master. The configuration needed on the client to enable
authentication are:
Cient_NTP_Router(config)#ntp authenticate
Cient_NTP_Router(config)#ntp authentication-key 1 md5 NTPDOMAIN
Cient_NTP_Router(config)#ntp trusted-key 1
Cient_NTP_Router(config)#ntp server 192.168.2.1 key 1
We only need to define the key and md5 hash value (NTPDOMAIN) on our
server, which we have defined on our client:
Master_NTP_Router(config)#ntp authentication-key 1 md5 NTPDOMAIN
And that’s it!
NTP Peers: beside the Master router, we can enable other routers as NTP
peers with the client routers. NTP peers create a bidirectional sort of NTP
settings, in which Peer continuously updates each other time settings. In our
above GNS3 topology, we have put another router, R3, as an NTP peer with R2:
I think, i should stop now, or for the next few weeks, you will dream about NTP!! :) Enjoy.
Wow, its certainly a wonderful artical.....
ReplyDeleteThanks a lot Jawad, for you kind comments. Please keep me posted with your feedback regarding the articles.
Delete