question
6 TopicsNTP synchronization
Hi Guyz, Please I need some help to get time synchronization from NTP servers on my F5 from NTP servers. I have two F5 LTM running version 10.2.4 working in production as redundancy, one of them getting time from NTP server as well and other one failed. Also there is new IPs for NTP server I have added them but getting failed on both F5, port 123 is opened for both F5. Standby F5 name is (riyadh-f5b)(its IP:10.6.140.240) failed on old and new IPs, Active F5 name (riyadh-f5b)(its IP:10.6.140.241) successfully getting time from old NTP servers but also failed on new IPs. Old IPs: 10.1.0.1 & 10.1.0.1 New IPs: 10.1.9.11 & 10.1.9.12 I will attached some info from both F5 and if there is more information required please let me know. Standby F5a: [root@riyadh-f5a:/S1-green-P:Standby] config ntpq -p remote refid st t when poll reach delay offset jitter 10.1.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000 10.1.0.2 .INIT. 16 u - 1024 0 0.000 0.000 0.000 10.1.9.11 .INIT. 16 u - 1024 0 0.000 0.000 0.000 10.1.9.12 .INIT. 16 u - 1024 0 0.000 0.000 0.000 slot1 .INIT. 16 u - 1024 0 0.000 0.000 0.000 slot2 .INIT. 16 u - 1024 0 0.000 0.000 0.000 slot3 .INIT. 16 u - 1024 0 0.000 0.000 0.000 slot4 .INIT. 16 u - 1024 0 0.000 0.000 0.000 [root@riyadh-f5a:/S1-green-P:Standby] config ntpdate 30 Jun 15:39:09 ntpdate[30699]: no servers can be used, exiting [root@riyadh-f5a:/S1-green-P:Standby] config ntpstat unsynchronised time server re-starting polling server every 64 s [root@riyadh-f5a:/S1-green-P:Standby] config ntpdate 30 Jun 15:53:23 ntpdate[1060]: no servers can be used, exiting [root@riyadh-f5a:/S1-green-P:Standby] config ntptrace localhost.localdomain: stratum 16, offset 0.000000, synch distance 1.434780 [root@riyadh-f5a:/S1-green-P:Standby] config cat ntp.conf THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!! Use the bigpipe shell utility to make changes to the system configuration. For more information, see bigpipe ntp help. Permit time synchronization with our time source, but do not permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery Permit all access over the loopback interface. This could be tightened as well, but to do so would effect some of the administrative functions. restrict 127.0.0.1 restrict -6 ::1 Allow queries from the TMM and SCCP. restrict 127.1.1.2 nomodify notrap restrict 127.2.0.1 nomodify notrap --- GENERAL CONFIGURATION --- Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition. server 10.1.0.1 iburst server 10.1.0.2 iburst server 10.1.9.11 iburst server 10.1.9.12 iburst peer 127.3.0.1 peer 127.3.0.2 peer 127.3.0.3 peer 127.3.0.4 Drift file. Put this in a directory which the daemon can write to. No symbolic links allowed, either, since the daemon updates the file by creating a temporary in the same directory and then rename()'ing it to the file. driftfile /var/lib/ntp/drift broadcastdelay 0.008 Keys file. keys /etc/ntp/keys Active F5b: [root@riyadh-f5b:/S1-green-P:Active] config ntpq -np remote refid st t when poll reach delay offset jitter +10.1.0.1 10.64.0.4 4 u 199 1024 377 1.821 -6.901 1.293 *10.1.0.2 10.64.0.4 4 u 293 1024 377 1.849 -4.921 1.882 10.1.9.11 .INIT. 16 u - 1024 0 0.000 0.000 0.000 10.1.9.12 .INIT. 16 u - 1024 0 0.000 0.000 0.000 127.3.0.1 .INIT. 16 u - 1024 0 0.000 0.000 0.000 127.3.0.2 .INIT. 16 u - 1024 0 0.000 0.000 0.000 127.3.0.3 .INIT. 16 u - 1024 0 0.000 0.000 0.000 127.3.0.4 .INIT. 16 u - 1024 0 0.000 0.000 0.000 [root@riyadh-f5b:/S1-green-P:Active] config ntpdate 30 Jun 16:20:48 ntpdate[10040]: no servers can be used, exiting [root@riyadh-f5b:/S1-green-P:Active] config ntpstat synchronised to NTP server (10.1.0.2) at stratum 5 time correct to within 92 ms polling server every 1024 s [root@riyadh-f5b:/S1-green-P:Active] config ntptrace localhost.localdomain: stratum 5, offset 0.005461, synch distance 0.100876 10.1.0.2: stratum 4, offset 0.000676, synch distance 0.279300 10.64.0.4: timed out, nothing received ***Request timed out [root@riyadh-f5b:/S1-green-P:Active] config cat ntp.conf THIS IS AN AUTO-GENERATED FILE -- DO NOT EDIT!!! Use the bigpipe shell utility to make changes to the system configuration. For more information, see bigpipe ntp help. Permit time synchronization with our time source, but do not permit the source to query or modify the service on this system. restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery Permit all access over the loopback interface. This could be tightened as well, but to do so would effect some of the administrative functions. restrict 127.0.0.1 restrict -6 ::1 Allow queries from the TMM and SCCP. restrict 127.1.1.2 nomodify notrap restrict 127.2.0.1 nomodify notrap --- GENERAL CONFIGURATION --- Undisciplined Local Clock. This is a fake driver intended for backup and when no outside source of synchronized time is available. The default stratum is usually 3, but in this case we elect to use stratum 0. Since the server line does not have the prefer keyword, this driver is never used for synchronization, unless no other other synchronization source is available. In case the local host is controlled by some external source, such as an external oscillator or another protocol, the prefer keyword would cause the local host to disregard all other synchronization sources, unless the kernel modifications are in use and declare an unsynchronized condition. server 10.1.0.1 iburst server 10.1.0.2 iburst server 10.1.9.11 iburst server 10.1.9.12 iburst peer 127.3.0.1 peer 127.3.0.2 peer 127.3.0.3 peer 127.3.0.4 Drift file. Put this in a directory which the daemon can write to. No symbolic links allowed, either, since the daemon updates the file by creating a temporary in the same directory and then rename()'ing it to the file. driftfile /var/lib/ntp/drift broadcastdelay 0.008 Keys file. keys /etc/ntp/keys1.5KViews0likes4CommentsConfig Sync issue (both boxes are staying "disconnected")
Need help... I currently dont have access to the boxes and Im tempted to just call support but trying to avoid it. (Not saying there is anything wrong with calling support but I know Im missing something basic!) Here are my steps (Im resetting everything): 1. Device Groups >(device group previously setup) put both boxes back to available. 2. Delete the existing device group. 3. Reset Device Trust. Choose Generate New Self-Signed Authority. 4. Device Trust>Peer list. Establish peering. (It is able to see peer no problem.) 5. Create device groups. "test-sync-failover". Put both devices in "includes". and check Network Failover. 6. Confirm both devices are in the Device List area. 7. Overview>(click self device)>choose "Sync Device to Group">Choose "Overwrite Configuration">Sync Boxes are showing disconnected. What can I check? Are there a specific log I can look at to find out why they cannot sync? Should I reset the whole darn configuration and start from scratch again?6.8KViews1like17CommentsInfo required for Viprion
Hi All, Need to clarify some basic info regarding Viprion(new to viprion) : i believe vcmp host and guest are on the same hardware . how are clusters and slots different ? is there any documentation regarding terms blades/slots . how basically viprion functions with vcmp and without vcmp ? Thanks211Views0likes1CommentSSL Bridging meaning?
I want to confirm context usage of SSL Bridging. Does it mean: 1. SSL pass-thru 2. SSL terminates on the F-5 and then re-encrypts using serverssl? Im trying to understand what customers and others refer to when they say that specific comment. I thought bridging was just another way of saying pass-thru...391Views0likes8Commentstcpdump command for multiple source hosts and destination hosts
The request that has been given me is to find any SOAP traffic from 2 sets of pools. Pool 1 172.17.30.100 172.17.30.101 172.17.30.102 Pool 2 172.17.31.200 172.17.31.201 172.17.31.202 cany anyone help me with a tcpdump command that will give me all 80 and 443 traffic from pool 1 to pool 2 bidirectionaly?11KViews0likes1Comment