Home / user-146943

Johnny's questions

Martin Hope
Johnny
Asked: 2012-12-07 11:55:47 +0800 CST
  • 1

I have an old SSG-140 that I wanted to use as an NTP server for a number of devices - is this device able to act as a stable NTP time source?

My Linux clients can't seem to stay synced to the device - they keep resetting their clocks:

Dec  6 10:13:45 host1 ntpd[28686]: synchronized to 10.100.100.1, stratum 1
Dec  6 10:14:46 host1 ntpd[28686]: time reset -2.000141 s

I know the Juniper is able to see the NTP servers because it set its clock correctly, and when I query it, it claims to be an NTP server:

netops@appprd2m1:~$ ntpdate -q 10.100.100.1
server 10.100.100.1, stratum 1, offset -0.683934, delay 1.02910
 6 Dec 10:33:25 ntpdate[6152]: step time server 10.100.100.1 offset -0.683934 sec

The lowest stratum clock it's syncing to is stratum 2, so I don't know why the Juniper is claiming to be stratum 1 -- it should be reporting itself as a stratum 3 source.

Here's the Juniper config:

NTP is Enabled
Primary server: 208.201.242.2 (src i/f: ethernet0/7)
Backup1 server: 72.254.0.254 (src i/f: ethernet0/7)
Backup2 server: 204.13.164.164 (src i/f: ethernet0/7)
Authentication Mode: None
Max Allowed Adjustment: 300 second(s)
Request Interval: 5 minute(s).
Sync NTP time to peer: Disabled
Update Status: Idle
Last Update at: 12/06/2012 10:40:14

I suspect that the Juniper isn't slewing its clock to sync with its NTP peer, but is stepping its own clock every 5 minutes when it queries the remote NTP server, which is why the Linux clients can't stay synced.

My Linux clients don't have direct access to the internet, so I can't just tell them to use a public NTP server (though if I have to, I can set up a DMZ linux server to act as an NTP server, I was trying to avoid that by using the Juniper). This Juniper device is 4 or 5 years old, so I wouldn't be surprised if it has some hardware problem that's giving it unusual clock skew.

I don't think all 8 of my Linux servers themselves have a local clock skew problem, as I have a half dozen identical servers (all purchased at the same time) in a different coloc that are successfully able to sync with public NTP servers.

Has anyone else successfully used a Juniper SSG device as an NTP server?

ntp