Tuesday, 30 October 2012

System Services - NTP

NTP (Network Time Protocol) is a client/server protocol used to sync time information between a NTP server and a client. The protocol is also hierarchical with levels of the hierarchy defined as 'Stratums'. The top of the hierarchy 'Stratum 0' contains reference clocks. These clocks are highly accurate and could be atomic or GPS. Stratum 1 would reference Stratum 0 and so on.

NTP Configuration & Validation
The same basic lab setup was used for this exercise.

The screenshots below outline the configuration. The timezone is set along with two NTP servers. The command 'boot-server' can specify a server for use when the device boots or becomes a passive member in a chassis cluster.

This is how the config looks.

The command 'show ntp status' can be used to confirm NTP is running and time is properly synced.

NTP Server Configuration
Once the SRX is configured with an NTP client (where it can source time from) it can also function as a NTP server to other clients on the network. There is not additional configuration needed other than allowing the NTP protocol in the host-inbound-traffic configuration.

NTP Server Configuration
NTP communication can be authenticated using MD5. First a NTP key must be created, then the key can be used when configuring a server, and lastly a trusted-key can be specified so that clients wanting to sync NTP with the SRX (SRX as a NTP server) will only use authenticated requests. See the screenshot below for command details.


  1. Two clocks can't be off more that 128 sec to synchronize. People tend to forget about this and get confused why ntp doesn't work.