HPE Community
Comware Based
1752795 Members
6182 Online
108789 Solutions
New Discussion

Re: NTP Config Questions

 
L1nklight
Valued Contributor

‎09-10-2012 02:05 PM

‎09-10-2012 02:05 PM

NTP Config Questions

I have an A5800 series switch and I am trying to set it up as an NTP relay/server to some of my other devices. One of the devices is a VMware ESXi host. My 5800 is currently hooked up to our ISP's time server and everything seems to be ok from that leg. I cannot seem to get the ESX servers to hook/sync with the A5800. I see the sessions are established, but the ESX servers are not able to sucessfully connect. 

 

  • ntp unicast-server x.x.x.x is the command I am using to sync with the ISP
  • ntp unicast-peer x.x.x.x is the command i am using to allow sync with the VMware server.

I feel like I am missing a huge piece of info here to get this to work. I have actually tried syncing the vmware servers directly with the ISP's time server and that process works just fine. Any help is appreciated. Thanks in advance!

0 Kudos
4 REPLIES 4
paulgear
Esteemed Contributor

‎09-10-2012 10:57 PM

‎09-10-2012 10:57 PM

Re: NTP Config Questions

Edit /etc/ntp.conf on your ESXi server and add " version 3" to the end of the line referencing your switch.  That should allow it to sync successfully.

 

Be aware that you need to provide at least 3 (preferably 4-6) bare metal devices as time sources if you expect NTP to converge on the right time successfully.

Regards,
Paul
0 Kudos
paulgear
Esteemed Contributor

‎09-10-2012 10:57 PM

‎09-10-2012 10:57 PM

Re: NTP Config Questions

I also forgot to mention that you need to run /etc/init.d/ntpd restart after changing the config file...
Regards,
Paul
0 Kudos
L1nklight
Valued Contributor

‎09-11-2012 12:52 PM - edited ‎09-11-2012 12:53 PM

‎09-11-2012 12:52 PM - edited ‎09-11-2012 12:53 PM

Re: NTP Config Questions

Worked like a charm. I used the following command in an SSH session on the ESXi server to verify:

 

> watch ntpq -p

 

Quick question. Can you explain what you meant by this:

 

"Be aware that you need to provide at least 3 (preferably 4-6) bare metal devices as time sources if you expect NTP to converge on the right time successfully."

 

In the past, what I've typically done is reference an external ntp pool using my WAN/Edge routers. Then I referenced my WAN/Edge from my core. Finally I referenced my various VLAN gateways (maintained in the core) from my servers. I actually don't have any WAN/Edge routers as this is being provided by my ISP.  

 

From my A5800s I am referencing 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org, and 3.pool.ntp.org (I am also referencing an NTP server from my ISP).  In order to keep my ACLs on my firewall looking ok, I am only allowing my A5800 to pull NTP from the world and nothing else. My intent is to hang everything else in my network off my core.

0 Kudos
paulgear
Esteemed Contributor

‎09-11-2012 03:44 PM

‎09-11-2012 03:44 PM

Re: NTP Config Questions

* One more caveat: if you edit your time server configuration from the vSphere GUI, all of your customisations to /etc/ntp.conf will be lost.  Clicker beware!  :-)

Now to your question: Often even expensive switches and servers have cheap and nasty clock crystals.  Being an accurate NTP source is not as high a priority for the A5800 as getting packets from A to B (understandably).

 

NTP is designed to cope with this by watching the way its peers change and calculating what it thinks is the real time, and aiming for that rather than any one peer's view of the time.  It works best when there are 3-6 peers in the algorithm. [1]

 

So by referencing the pool servers on only one system, you are completely at the mercy of that device's ability to converge on the pool servers' time (which is probably pretty good).  If it's accurate, your clocks will be accurate.  But if it's not, how will you know? [2]  Take the precaution now and put in enough NTP sources to compensate.

 

Hope that makes sense.

 

 

[1] See http://libertysys.com.au/blog/sun-ntp-documentation for references to some doco explaining this.

[2] Shameless plug for my little monitoring script: http://libertysys.com.au/software/ntpmon

Regards,
Paul
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.