Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In the External NTP Servers step of the Create NTP Service wizard, complete the following :

Upstream: In this section, configure external NTP servers with which hosts synchronize time.

  • Override: Toggle to override the global NTP properties.

Click Add External NTP Servers step:, and specify the following in the table:

  • SERVER ADDRESS: Enter the IP address or the FQDN of the NTP server you want to use as the upstream NTP server.

  • AUTHENTICATION: To enable authentication for the NTP server, toggle the switch to Enabled (green). The default is Disabled.

  • AUTHENTICATION KEY: If you enable authentication for the NTP server, enter the trusted key here.

  • TYPE: If you enable authentication for the NTP server, select MD5 from the drop-down list. At this time, BloxOne supports only MD5 hashing as the cryptographic protocol for authentication.

  • POOL: Select this checkbox to add this NTP server to the pool of NTP servers. When you select this option, you can specify a pool of servers with which you can synchronize time.

  • BURST: Select this checkbox to configure the NTP client to send a burst of eight packets if the external NTP server is reachable and a valid source of synchronization is available. The NTP client transmits each packet every two seconds. When you clear this checkbox, the client sends a single packet to the server only once. A burst is used to accurately measure jitter with long-poll intervals.

  • IBURST: Select this checkbox to configure the NTP client to send a burst of eight packets if the external NTP server is not reachable when the client sends the first packet to the server. The NTP client transmits each packet every two seconds. If an NTP server is not responsive, the NTP client in IBURST mode continues to send frequent queries until the server responds and time synchronization starts. When you deselect this checkbox, the client sends a single packet to the server only once.

  • PREFERRED: Select this checkbox to mark this external NTP server as the preferred NTP server. You can select only one server as the preferred NTP server.

Downstream: In this section, add trusted client keys to downstream NTP servers, if applicable. 

  • Override: Toggle to override the global NTP properties.

Click Add key and specify the following:

  • TYPE: Select MD5 from the drop-down list. At this time, BloxOne supports only MD5 hashing as the cryptographic protocol for authentication.

  • KEY: Enter the trusted key here.

Access Control & Rate Management: In this section, configure access control for the NTP service by enabling rate limiting and KOD (Kiss-O'-Death). The NTP access control list (ACL) specifies which clients can use a host as an NTP server. If you do not configure access control, then BloxOne allows access to all clients. You can configure access control globally and override it for specific hosts.You can use one or more existing ACLs to control which clients can use the NTP service.

  • Override: Toggle to override the global NTP properties.

After specifying Upstream or Downstream, click Add ACL and specify the following in the table:

  • ACL NAME: Only the default ACL is currently supported. This ACL includes all clients.

  • RATE LIMIT STATUS: To enable rate limiting for the NTP service, toggle the switch to Enabled (green): that is, the system will not respond to time service requests if the packet violates the default values for rate limiting. The default is Disabled.

  • KOD STATUS: If you enable rate limiting, toggle the switch to Enabled (green), to send the KOD packet and to reduce the number of unwanted queries. The default is Disabled

The KOD packet contains the stratum field set to zero and the ASCII string (in the Reference Source Identifier field) set to RATE. This indicates that the packets sent by the client have been dropped by the server.

When you select the KOD STATUS checkbox, the NTP service sends a KOD packet to the NTP client if the client has exceeded the rate limit. When you clear the checkbox, the NTP service drops the packets but does not send any KOD packet to the client.  

Inter Packet Spacing (seconds): If you have enabled rate limiting for the ACL, you can override the default values of inter-packet gap intervals. An inter-packet gap is a pause (measured in seconds) required between NTP packets. 

  • Average: Specify the minimum average time for an inter-packet pause between two NTP packets. The default is 3.

  • Minimum: Specify the minimum time for an inter-packet pause between two NTP packets. The default is 1.

  • Monitor: Specify the time (in seconds) for the discard probability for packets once the permitted rate limits have been exceeded. The default is 3000. This option is intended for NTP servers that receive 1000 or more requests per second.

Click Next to proceed to the next step. Note that all required information must be added prior to proceeding to the next step. If any required information is left empty, you will see an error icon next to the page.

To change information in the previous step, click Back to return to the previous page, or click Cancel to exit without saving the configuration. If you have completed all edits and configuration, click Finish.