Forum Discussion
Omnix_TIMS_4122
Nimbostratus
NimbostratusNTP synchronization
Hi Guyz,
Please I need some help to get time synchronization from NTP servers on my F5 from NTP servers.
I have two F5 LTM running version 10.2.4 working in production as redundancy, one of them getting time from NTP server as well and other one failed.
Also there is new IPs for NTP server I have added them but getting failed on both F5, port 123 is opened for both F5.
Standby F5 name is (riyadh-f5b)(its IP:10.6.140.240) failed on old and new IPs, Active F5 name (riyadh-f5b)(its IP:10.6.140.241) successfully getting time from old NTP servers but also failed on new IPs.
Old IPs: 10.1.0.1 & 10.1.0.1
New IPs: 10.1.9.11 & 10.1.9.12
I will attached some info from both F5 and if there is more information required please let me know.
Standby F5a:
[root@riyadh-f5a:/S1-green-P:Standby] config ntpq -p
remote refid st t when poll reach delay offset jitter
10.1.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000
10.1.0.2 .INIT. 16 u - 1024 0 0.000 0.000 0.000
10.1.9.11 .INIT. 16 u - 1024 0 0.000 0.000 0.000
10.1.9.12 .INIT. 16 u - 1024 0 0.000 0.000 0.000
slot1 .INIT. 16 u - 1024 0 0.000 0.000 0.000
slot2 .INIT. 16 u - 1024 0 0.000 0.000 0.000
slot3 .INIT. 16 u - 1024 0 0.000 0.000 0.000
slot4 .INIT. 16 u - 1024 0 0.000 0.000 0.000
[root@riyadh-f5a:/S1-green-P:Standby] config ntpdate
30 Jun 15:39:09 ntpdate[30699]: no servers can be used, exiting
[root@riyadh-f5a:/S1-green-P:Standby] config ntpstat
unsynchronised
time server re-starting
polling server every 64 s
[root@riyadh-f5a:/S1-green-P:Standby] config ntpdate
30 Jun 15:53:23 ntpdate[1060]: no servers can be used, exiting
[root@riyadh-f5a:/S1-green-P:Standby] config ntptrace
localhost.localdomain: stratum 16, offset 0.000000, synch distance 1.434780
[root@riyadh-f5a:/S1-green-P:Standby] config cat ntp.conf
THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!!
Use the bigpipe shell utility to make changes to the system configuration.
For more information, see bigpipe ntp help.
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
Allow queries from the TMM and SCCP.
restrict 127.1.1.2 nomodify notrap
restrict 127.2.0.1 nomodify notrap
--- GENERAL CONFIGURATION ---
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available. The
default stratum is usually 3, but in this case we elect to use stratum
0. Since the server line does not have the prefer keyword, this driver
is never used for synchronization, unless no other other
synchronization source is available. In case the local host is
controlled by some external source, such as an external oscillator or
another protocol, the prefer keyword would cause the local host to
disregard all other synchronization sources, unless the kernel
modifications are in use and declare an unsynchronized condition.
server 10.1.0.1 iburst
server 10.1.0.2 iburst
server 10.1.9.11 iburst
server 10.1.9.12 iburst
peer 127.3.0.1
peer 127.3.0.2
peer 127.3.0.3
peer 127.3.0.4
Drift file. Put this in a directory which the daemon can write to.
No symbolic links allowed, either, since the daemon updates the file
by creating a temporary in the same directory and then rename()'ing
it to the file.
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
Keys file.
keys /etc/ntp/keys
Active F5b:
[root@riyadh-f5b:/S1-green-P:Active] config ntpq -np
remote refid st t when poll reach delay offset jitter
+10.1.0.1 10.64.0.4 4 u 199 1024 377 1.821 -6.901 1.293
*10.1.0.2 10.64.0.4 4 u 293 1024 377 1.849 -4.921 1.882
10.1.9.11 .INIT. 16 u - 1024 0 0.000 0.000 0.000
10.1.9.12 .INIT. 16 u - 1024 0 0.000 0.000 0.000
127.3.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000
127.3.0.2 .INIT. 16 u - 1024 0 0.000 0.000 0.000
127.3.0.3 .INIT. 16 u - 1024 0 0.000 0.000 0.000
127.3.0.4 .INIT. 16 u - 1024 0 0.000 0.000 0.000
[root@riyadh-f5b:/S1-green-P:Active] config ntpdate
30 Jun 16:20:48 ntpdate[10040]: no servers can be used, exiting
[root@riyadh-f5b:/S1-green-P:Active] config ntpstat
synchronised to NTP server (10.1.0.2) at stratum 5
time correct to within 92 ms
polling server every 1024 s
[root@riyadh-f5b:/S1-green-P:Active] config ntptrace
localhost.localdomain: stratum 5, offset 0.005461, synch distance 0.100876
10.1.0.2: stratum 4, offset 0.000676, synch distance 0.279300
10.64.0.4: timed out, nothing received
***Request timed out
[root@riyadh-f5b:/S1-green-P:Active] config cat ntp.conf
THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!!
Use the bigpipe shell utility to make changes to the system configuration.
For more information, see bigpipe ntp help.
Permit time synchronization with our time source, but do not
permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Permit all access over the loopback interface. This could
be tightened as well, but to do so would effect some of
the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
Allow queries from the TMM and SCCP.
restrict 127.1.1.2 nomodify notrap
restrict 127.2.0.1 nomodify notrap
--- GENERAL CONFIGURATION ---
Undisciplined Local Clock. This is a fake driver intended for backup
and when no outside source of synchronized time is available. The
default stratum is usually 3, but in this case we elect to use stratum
0. Since the server line does not have the prefer keyword, this driver
is never used for synchronization, unless no other other
synchronization source is available. In case the local host is
controlled by some external source, such as an external oscillator or
another protocol, the prefer keyword would cause the local host to
disregard all other synchronization sources, unless the kernel
modifications are in use and declare an unsynchronized condition.
server 10.1.0.1 iburst
server 10.1.0.2 iburst
server 10.1.9.11 iburst
server 10.1.9.12 iburst
peer 127.3.0.1
peer 127.3.0.2
peer 127.3.0.3
peer 127.3.0.4
Drift file. Put this in a directory which the daemon can write to.
No symbolic links allowed, either, since the daemon updates the file
by creating a temporary in the same directory and then rename()'ing
it to the file.
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
Keys file.
keys /etc/ntp/keys
amolariCirrostratus
tcpdump with filter on ntp shows anything?
Have you checked your routing + firewall (if any) inbetween?
Just to mention...NTP won't take management interface by default but follow the routing table. If you want to "force" it through management interface, you have to add management-routes. I've seen such case many times.
Omnix_TIMS_4122Hi amolari,
Great thanks brother, the issue was on management-routes which was not added for old and new IP in Standby F5. now both are working fine.
- shar_169852
Hi
I got this to work by adding specific routes even though I had a default management-route. Try this:
tmsh create /sys management-route MyNTPserver network x.x.x.x/255.255.255.255 gateway y.y.y.y tmsh save /sys config bigstart restart ntpd
Also, F5 documentation states:
"When the BIG-IP system starts, the ntpd process starts before the system loads the TMM network configuration, and the ntpd process attempts to use the management network to reach the NTP server. However, the attempt fails because the NTP server is on the TMM network."
(Reference: https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7017.html)
Regards, Sharmeelan
- shar_169852*adjustment for spacing tmsh create /sys management-route MyNTPserver network x.x.x.x/255.255.255.255 gateway y.y.y.y tmsh save /sys config bigstart restart ntpd