Forum Discussion

Nimbostratus

Jun 22, 2022

Replying to NTP requests from a Virtual Server IP

Hi, I am trying to configure the F5 to function as a NTP server, but through a virtual server instead of a self IP. The KB only has information about setting it up on a self IP. Is this possible? ...

application delivery

ntp

Kin

Employee

Jun 22, 2022

Big-IP as NTP server - DevCentral (f5.com)

may be useful... In the above use case, it's a Performance (layer 4), UDP virtual server with Pool created consisting of NTP servers. If things don't work, try toggling "Port translation", SNAT= Automap, and take tcpdumps at the BIG-IP and NTP servers to verify requests are reaching. Hope it works out.

Ctan
Nimbostratus
Jun 22, 2022
Good stuff.. but unfortunately not quite the use case I'm looking for.
Due to the security requirements of our environment the NTP servers are unreachable from the data plane of the F5. So the goal was to hopefully have the F5 sync up to our stratum1 servers via the management interface, then service requests from clients via a VS.
Is there a way to have the F5 process NTP requests from a VS or to redirect requests from into the VS into a self IP?
- Kin
  Employee
  Jun 23, 2022
  I may not have connected the dots fully on the security requirements, but to the last qn: The system does not allow us to create a self IP and add it as a pool member. So one way to direct requests from a VS to a self IP is through a Forwarding virtual server with the same IP address as the SelfIP. The forwarding VS can have the configuration described in the UDP VS in Overview of IP forwarding virtual servers (f5.com)
  - Ctan
    Nimbostratus
    Jun 27, 2022
    I'll describe the actual scenario so it makes more sense: We currently have an old cisco router providing NTP services for our client network running over 900 terminals. The router is unfortunately on its last legs due to age and needs to be taken out of the network.
    The plan is to configure the router's IP address as a VS on the F5 and have it do NTP without having to reconfigure the terminals individually.
    The security contraint i mentioned is that the primary NTP servers behind the F5 are only reachable via tha management interfaces and are on a completely separate network, so i can't use it as a pool as it won't be reachable.
    Was hoping there was a way to do a combination of NAT or rerouting that can be done on just the F5 so that I avoid having to stick NAT somewhere upstream.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Replying to NTP requests from a Virtual Server IP

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Adding my Product and support to bigF5 account

Illigal Parameter addition as custom signature set wanted to Unblock

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

TCPDUMP in BigIP for traffic coming from distrbuited cloud.

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

Handling HTTP Requests on an HTTPS Virtual Server

no reply from big3d: timed out

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

iControl REST Cookbook - Virtual Server (ltm virtual)

Logging DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS