3.2.26. ntp

Top-level container for NTP configuration.

vsr running config# vrf <vrf> ntp

enabled (pushed)

Enable or disable the NTP protocol and indicates that the system should attempt to synchronize the system clock with an NTP server from the servers defined in the ‘ntp/server’ list.

vsr running config# vrf <vrf> ntp
vsr running ntp# enabled true|false
Default value
true

ntp-source-address

Source address to use on outgoing NTP packets.

vsr running config# vrf <vrf> ntp
vsr running ntp# ntp-source-address NTP-SOURCE-ADDRESS

NTP-SOURCE-ADDRESS values

Description

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.

auth-key

List of NTP authentication keys.

vsr running config# vrf <vrf> ntp auth-key <uint16>

<uint16>

Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.

key-value (hidden)

NTP authentication key value.

vsr running config# vrf <vrf> ntp auth-key <uint16>
vsr running auth-key <uint16># key-value <string>

server-subnet

Allow / deny NTP clients to connect to this instance.

vsr running config# vrf <vrf> ntp
vsr running ntp# server-subnet <uint16> allow ALLOW deny DENY

<uint16>

List sequence.

allow

Allow NTP clients on this subnet to request synchronization.

allow ALLOW

ALLOW values

Description

<ipv4-prefix>

An IPv4 prefix: address and CIDR mask.

<ipv6-prefix>

An IPv6 prefix: address and CIDR mask.

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.

all

Allow all connections.

deny

Deny NTP clients on this subnet to request synchronization.

deny DENY

DENY values

Description

<ipv4-prefix>

An IPv4 prefix: address and CIDR mask.

<ipv6-prefix>

An IPv6 prefix: address and CIDR mask.

<ipv4-address>

An IPv4 address.

<ipv6-address>

An IPv6 address.

all

Allow all connections.

time-sources

List of servers.

vsr running config# vrf <vrf> ntp time-sources

makestep

Correct the system clock by slowing down or speeding up the clock as required.

vsr running config# vrf <vrf> ntp time-sources makestep

threshold

unit: milliseconds

Step the system clock if the adjustment is larger this threshold value.

vsr running config# vrf <vrf> ntp time-sources makestep
vsr running makestep# threshold <uint32>
Default value
1000

limit

Limit the step adjustment to this value.

vsr running config# vrf <vrf> ntp time-sources makestep
vsr running makestep# limit LIMIT

LIMIT values

Description

<uint16>

No description.

disabled

Disable makestep.
Default value
3

server

List of NTP servers to use for system clock synchronization. If ‘/system/ntp/enabled’ is ‘true’, then the system will attempt to contact and utilize the specified NTP servers.

vsr running config# vrf <vrf> ntp time-sources server <server>

<server> values

Description

<ipv4-address>

The ipv4-address type represents an IPv4 address in dotted-quad notation. The IPv4 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format for the zone index is the numerical format

<ipv6-address>

The ipv6-address type represents an IPv6 address in full, mixed, shortened, and shortened-mixed notation. The IPv6 address may include a zone index, separated by a % sign. The zone index is used to disambiguate identical address values. For link-local addresses, the zone index will typically be the interface index number or the name of an interface. If the zone index is not present, the default zone of the device will be used. The canonical format of IPv6 addresses uses the textual representation defined in Section 4 of RFC 5952. The canonical format for the zone index is the numerical format as described in Section 11.2 of RFC 4007.

<domain-name>{1,253}

The domain-name type represents a DNS domain name. The name SHOULD be fully qualified whenever possible. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. The description clause of schema nodes using the domain-name type MUST describe when and how these names are resolved to IP addresses. Note that the resolution of a domain-name value may require to query multiple DNS records (e.g., A for IPv4 and AAAA for IPv6). The order of the resolution process and which DNS record takes precedence can either be defined explicitly or may depend on the configuration of the resolver. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be A-labels as per RFC 5890.

version

Version number to put in outgoing NTP packets.

vsr running config# vrf <vrf> ntp time-sources server <server>
vsr running server <server># version <1-4>
Default value
4

association-type

The desired association type for this NTP server.

vsr running config# vrf <vrf> ntp time-sources server <server>
vsr running server <server># association-type ASSOCIATION-TYPE

ASSOCIATION-TYPE values

Description

SERVER

Use client association mode. This device will not provide synchronization to the configured NTP server.

PEER

Use symmetric active association mode. This device may provide synchronization to the configured NTP server.

POOL

Use client association mode with one or more of the NTP servers found by DNS resolution of the domain name given by the ‘address’ leaf. This device will not provide synchronization to the servers.
Default value
SERVER

iburst

Indicates whether this server should enable burst synchronization or not.

vsr running config# vrf <vrf> ntp time-sources server <server>
vsr running server <server># iburst true|false
Default value
false

prefer

Indicates whether this server should be preferred or not.

vsr running config# vrf <vrf> ntp time-sources server <server>
vsr running server <server># prefer true|false
Default value
false

auth-key-id

Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.

vsr running config# vrf <vrf> ntp time-sources server <server>
vsr running server <server># auth-key-id <leafref>

stratum (state only)

Indicates the level of the server in the NTP hierarchy. As stratum number increases, the accuracy is degraded. Primary servers are stratum while a maximum value of 16 indicates unsynchronized. The values have the following specific semantics: | 0 | unspecified or invalid | 1 | primary server (e.g., equipped with a GPS receiver) | 2-15 | secondary server (via NTP) | 16 | unsynchronized | 17-255 | reserved.

vsr> show state vrf <vrf> ntp time-sources server <server> stratum

root-delay (state only)

unit: milliseconds

The round-trip delay to the server, in milliseconds.

vsr> show state vrf <vrf> ntp time-sources server <server> root-delay

root-dispersion (state only)

unit: milliseconds

Dispersion (epsilon) represents the maximum error inherent in the measurement.

vsr> show state vrf <vrf> ntp time-sources server <server> root-dispersion

offset (state only)

unit: milliseconds

Estimate of the current time offset from the peer. This is the time difference between the local and reference clock.

vsr> show state vrf <vrf> ntp time-sources server <server> offset

poll-interval (state only)

unit: seconds

Polling interval of the peer.

vsr> show state vrf <vrf> ntp time-sources server <server> poll-interval

synchronized (state only)

True if we are synchronized with this server.

vsr> show state vrf <vrf> ntp time-sources server <server> synchronized

state (state only)

The server status in the clock selection process.

vsr> show state vrf <vrf> ntp time-sources server <server> state

server (state only)

List of NTP servers to use for system clock synchronization. If ‘/system/ntp/enabled’ is ‘true’, then the system will attempt to contact and utilize the specified NTP servers.

version (state only)

Version number to put in outgoing NTP packets.

vsr> show state vrf <vrf> ntp server <server> version

association-type (state only)

The desired association type for this NTP server.

vsr> show state vrf <vrf> ntp server <server> association-type

iburst (state only)

Indicates whether this server should enable burst synchronization or not.

vsr> show state vrf <vrf> ntp server <server> iburst

prefer (state only)

Indicates whether this server should be preferred or not.

vsr> show state vrf <vrf> ntp server <server> prefer

stratum (state only)

Indicates the level of the server in the NTP hierarchy. As stratum number increases, the accuracy is degraded. Primary servers are stratum while a maximum value of 16 indicates unsynchronized. The values have the following specific semantics: | 0 | unspecified or invalid | 1 | primary server (e.g., equipped with a GPS receiver) | 2-15 | secondary server (via NTP) | 16 | unsynchronized | 17-255 | reserved.

vsr> show state vrf <vrf> ntp server <server> stratum

root-delay (state only)

unit: milliseconds

The round-trip delay to the server, in milliseconds.

vsr> show state vrf <vrf> ntp server <server> root-delay

root-dispersion (state only)

unit: milliseconds

Dispersion (epsilon) represents the maximum error inherent in the measurement.

vsr> show state vrf <vrf> ntp server <server> root-dispersion

offset (state only)

unit: milliseconds

Estimate of the current time offset from the peer. This is the time difference between the local and reference clock.

vsr> show state vrf <vrf> ntp server <server> offset

poll-interval (state only)

unit: seconds

Polling interval of the peer.

vsr> show state vrf <vrf> ntp server <server> poll-interval

synchronized (state only)

True if we are synchronized with this server.

vsr> show state vrf <vrf> ntp server <server> synchronized

state (state only)

The server status in the clock selection process.

vsr> show state vrf <vrf> ntp server <server> state

auth-key-id (state only)

Integer identifier used by the client and server to designate a secret key. The client and server must use the same key id.

vsr> show state vrf <vrf> ntp server <server> auth-key-id