Forum Discussion
NimbostratusLoad balancing NTP Servers
Hello,
We want to put two NTP servers behind a F5 [GTM]. The applications only know the DNS name [VIP], while the F5 is forwarding NTP requests to only NTP Server A.
Desired Failover Conditions like HA:
Only of NTP Server A is failing, F5 is forwarding traffic to NTP Server B.
And if NTP Server A becomes available again, F5 is forwarding to NTP Server A again.
Health monitoring via https.
I am wondering whether above scenario is doable?
Note:
Both NTP servers peer with exact the same NTP peers.
Only one server is available at a time, the second is standby - like in a HA scenario.
Please advise.
Thanks.
7 Replies
NetmartAnd since we are maintaining one DNS for NTP, I guess we haveto use BIG IP DNS instead of LTM. If so, is it also possible to set up priority groups in BIG IP DNS as well?
- Netmart
FYI:
I've been informed to use the following link to obtain the article about priority groups: Configure a standby pool member to process traffic when primary pool member goes down using priority groups [https://my.f5.com/manage/s/article/K13525153]
- zamroni777
MVP
you can use pool member priority group config to make B only receives traffic when A is down.
- Netmart
Thank you.
The link you suggested seems to be not available anymore, but I read about the priority option as well. This way, ntp requests are forwarded to one server. However, the question remains how granular can the health check be done [beyond ICMP checks] for the F5 to determine when to forward NTP requests to the secondary ntp server, in case the primary is failing.
- Hamish
Cirrocumulus
You can make it as granular as you like with custom health monitors. The monitors can even feed back load stats to enable you to balance some traffic to one when the other is under heavy load.
- Hamish
First question would be why?
ntp is perfectly capable of doing its own load balancing. And results in a much better result. For instance your big probably won't know whether the A NTP server is even any good (It might be responding with the wrong time). The ntp protocol includes logic to avoid this (i.e. if the time is too far out).
As long as you have multiple time servers (3 at a minimum, but you really need 1 more to provide quorum in a server failure scenario) ntp will work it out way better than checking a big in the way.Also why would you monitor an ntp server via https? Just because the https responds doesn't mean ntp is going to. You monitor services via the same protocol as being served. That way you have a better chance of knowing when the service is up or down.
