1

I have an old SSG-140 that I wanted to use as an NTP server for a number of devices - is this device able to act as a stable NTP time source?

My Linux clients can't seem to stay synced to the device - they keep resetting their clocks:

Dec  6 10:13:45 host1 ntpd[28686]: synchronized to 10.100.100.1, stratum 1
Dec  6 10:14:46 host1 ntpd[28686]: time reset -2.000141 s

I know the Juniper is able to see the NTP servers because it set its clock correctly, and when I query it, it claims to be an NTP server:

netops@appprd2m1:~$ ntpdate -q 10.100.100.1
server 10.100.100.1, stratum 1, offset -0.683934, delay 1.02910
 6 Dec 10:33:25 ntpdate[6152]: step time server 10.100.100.1 offset -0.683934 sec

The lowest stratum clock it's syncing to is stratum 2, so I don't know why the Juniper is claiming to be stratum 1 -- it should be reporting itself as a stratum 3 source.

Here's the Juniper config:

NTP is Enabled
Primary server: 208.201.242.2 (src i/f: ethernet0/7)
Backup1 server: 72.254.0.254 (src i/f: ethernet0/7)
Backup2 server: 204.13.164.164 (src i/f: ethernet0/7)
Authentication Mode: None
Max Allowed Adjustment: 300 second(s)
Request Interval: 5 minute(s).
Sync NTP time to peer: Disabled
Update Status: Idle
Last Update at: 12/06/2012 10:40:14

I suspect that the Juniper isn't slewing its clock to sync with its NTP peer, but is stepping its own clock every 5 minutes when it queries the remote NTP server, which is why the Linux clients can't stay synced.

My Linux clients don't have direct access to the internet, so I can't just tell them to use a public NTP server (though if I have to, I can set up a DMZ linux server to act as an NTP server, I was trying to avoid that by using the Juniper). This Juniper device is 4 or 5 years old, so I wouldn't be surprised if it has some hardware problem that's giving it unusual clock skew.

I don't think all 8 of my Linux servers themselves have a local clock skew problem, as I have a half dozen identical servers (all purchased at the same time) in a different coloc that are successfully able to sync with public NTP servers.

Has anyone else successfully used a Juniper SSG device as an NTP server?

Johnny
  • 337
  • 1
  • 8
  • 1
    I hate to be that guy telling you about a different method of solving your problem, but when I needed NTP in a non-routed environment I just ended up hooking a USB GPS device to a Snow Leopard server then used gpsd to get the data to ntpd. This at least gives you the benefit of not having to worry about whether or not the Juniper is stable. But for all the trouble, I would probably just do bite the bullet and go with the DMZ option. – Michael Dec 06 '12 at 23:48
  • Thanks for the suggestion. Getting an antenna out to where it could receive a GPS signal might be problematic (these servers are in windowless basement). But if I have to go visit the site anyway, I'll just take a small server for use as an NTP server (which as you pointed out, is probably the easiest solution), I was hoping to avoid a site visit by using the Juniper that's already there. – Johnny Dec 07 '12 at 19:06

0 Answers0