For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Justkennie_4820's avatar
Justkennie_4820
Icon for Nimbostratus rankNimbostratus
Sep 11, 2012

F5 LTM not synchronising with NTP Server

Hi All,

 

Pleae help out, my LTM is not synchronising with my NTP server.

 

My NTP server is 10.10.10.10, with gateway of 10.10.10.1 on cisco FWSM

 

My LTM have a management IP of 20.20.20.20 with gateway of 20.20.20.1 on cisco FWSM

 

The LTM also has a connectioin for productiion traffic and address is 30.30.30.30 with gateway on cisco FWSM as 30.30.30.1.

 

In this case there, the LTM can reach the NTP server either through the management interface (10.10.10.10) or production traffic interface ( 30.30.30.30), as access had bin allowed on the firewall.

 

But the issues is....

 

I cant see the NTP traffic from the LTM when I view the live log on FWSM

 

What interface by default will the LTM use to communicate with the NTP server.

 

I have define route to the NTP server through this two interfaces, yet its not working. PLS HELP !!!!

 

config
design

3 Replies

  • Beinhard_8950's avatar
    Beinhard_8950
    Icon for Nimbostratus rankNimbostratus
    Sep 11, 2012

    Hi,

     

     

    it will go on eth0, so if u have default gw on mgmt interface it should be enough.

     

     

    /Beinhard

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Sep 11, 2012
    Login to the cli and type

     

     

    ntpq -p

     

     

    and examine the output. It'll tell you what the sync status of the ntp daemon is with your ntp servers. Verify the status. I suspect it'll say something like .INIT. which I've seen a couple of units do for unexplained reasons. Just do a quick 'bigstart restart ntpd' and that'll restart ntpd and cause it to try & talk to the upstream ntp servers you've defined.

     

     

    An ntpq -p every now & again will (SHould) show you the ntpd getting the delta between the local time and the ntp servers. You'll probably geta quick step into line, and then ntpd should (Within a few monites) eventually get into sync and start to track the clock of one of the servers.

     

     

    Checkout the ntpd doc on the internet for various status results of the ntp servers.

     

     

    If for some reason you never see any success with your defined servers, doa quick tcpdump on eth0 looking for udp packets on port 123. You should see requests and responses. if not, you have a problem somewhere with your routing or a firewall (Possibly).

     

     

    H
  • Justkennie_4820's avatar
    Justkennie_4820
    Icon for Nimbostratus rankNimbostratus
    Sep 14, 2012

     

    [root@ACC-GTM-01:Active] config tcpdump udp port 123

     

    tcpdump: WARNING: eth0: no IPv4 address assigned

     

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

     

    listening on eth0, link-type EN10MB (Ethernet), capture size 108 bytes

     

    16:37:30.201229 IP ACC-GTM-01.ABC.COM.ntp > 10.2.104.19.ntp: NTPv4, Client, length 48

     

    16:37:30.203031 IP 10.2.104.19.ntp > ACC-GTM-01.ABC.COM.ntp: NTPv3, Server, length 48

     

    16:38:05.202147 IP ACC-GTM-01.ABC.COM.ntp > 10.2.104.47.ntp: NTPv4, Client, length 48

     

    16:38:05.202738 IP 10.2.104.47.ntp > ACC-GTM-01.ABC.COM.ntp: NTPv3, Server, length 48

     

     

    [root@ACC-GTM-01:Active] config ntpq -np

     

    remote refid st t when poll reach delay offset jitter

     

    ==============================================================================

     

    10.2.104.47 .LOCL. 1 u 46 64 377 0.596 -117951 9.868

     

    10.2.104.19 10.2.104.10 3 u 15 64 377 0.523 -117953 19.465