Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

In the External NTP Servers step of the Create NTP Service wizard, specify the following:

  • Upstream: In this section, configure external NTP servers with which hosts will synchronize time.

  • Override: To override the global NTP properties, turn this toggle switch on.

Click Add External NTP Servers, and specify the following in the table:

  • SERVER ADDRESS: Enter the IP address or the FQDN of the NTP server you want to use as the upstream NTP server.

  • AUTHENTICATION: To enable authentication for the NTP server, toggle the switch to Enabled (green). The default is Disabled.

  • AUTHENTICATION KEY: If you enable authentication for the NTP server, Enter the trusted key.

  • TYPE: If you enable authentication for the NTP server, select MD5 from the drop-down list. At this time, BloxOne supports only MD5 hashing as the cryptographic protocol for authentication.

  • POOL: Select this checkbox to add this NTP server to the pool of NTP servers. When you select this option, you can specify a pool of servers with which you can synchronize time.

  • BURST: Select this checkbox to configure the NTP client to send a burst of eight packets if the external NTP server is reachable and a valid source of synchronization is available. The NTP client transmits each packet every two seconds. When you clear this checkbox, the client sends a single packet to the server only once. A burst is used to accurately measure jitter with long-poll intervals.

  • IBURST: Select this checkbox to configure the NTP client to send a burst of eight packets if the external NTP server is not reachable when the client sends the first packet to the server. The NTP client transmits each packet every two seconds. If an NTP server is not responsive, the NTP client in IBURST mode will continue to send frequent queries until the server responds and time synchronization starts. If you deselect this checkbox, the client will send a single packet to the server only once.

  • PREFERRED: Select this checkbox to mark this external NTP server as the preferred NTP server. You can select only one server as the preferred NTP server.

  • Downstream: In this section, add trusted client keys to downstream NTP servers, if applicable. 

  • Override: To override the global NTP properties, turn this toggle switch on.

Click Add key and specify the following:

  • TYPE: Select MD5 from the drop-down list. At this time, BloxOne supports only MD5 hashing as the cryptographic protocol for authentication.

  • KEY: Enter the trusted key.

  • Access Control & Rate Management: In this section, configure access control for the NTP service by enabling rate limiting and KOD (Kiss-O'-Death). The NTP access control list (ACL) specifies which clients can use a host as an NTP server. If you do not configure access control, then BloxOne will allow access to all clients. You can configure access control globally and override it for specific hosts. In addition, you can use one or more existing ACLs to control which clients can use the NTP service.

  • Override: To override the global NTP properties, turn this toggle switch on.

After specifying Upstream or Downstream, click Add ACL and specify the following in the table:

  • ACL NAME: Only the default ACL is currently supported. This ACL includes all clients.

  • RATE LIMIT STATUS: To enable rate limiting for the NTP service, toggle the switch to Enabled (green). The system will not respond to time service requests if the packet violates the default values for rate limiting. The default is Disabled.

  • KOD STATUS: If you enable rate limiting, toggle the switch to Enabled (green); this will send the KOD packet and reduce the number of unwanted queries. The default is Disabled

The KOD packet contains the stratum field set to zero and the ASCII string (in the Reference Source Identifier field) set to RATE. This indicates that the packets sent by the client have been dropped by the server.

When you select the KOD STATUS checkbox, the NTP service will send a KOD packet to the NTP client if the client has exceeded the rate limit. After you clear the checkbox, the NTP service will drop the packets but will not send any KOD packet to the client.  

  • Inter Packet Spacing (seconds): If you have enabled rate limiting for the ACL, you can override the default values of inter-packet gap intervals. An inter-packet gap is a pause (measured in seconds) required between NTP packets. 

  • Average: Specify the minimum average time for an inter-packet pause between two NTP packets. The default is 3.

  • Minimum: Specify the minimum time for an inter-packet pause between two NTP packets. The default is 1.

  • Monitor: Specify the time (in seconds) for the discard probability for packets once the permitted rate limits have been exceeded. The default is 3000. This option is intended for NTP servers that receive 1000 or more requests per second.

Ensure that all required information is provided, and click Next to proceed to the next step. If any required information is left empty, an error icon will appear next to the page. To complete missing information, click Back. To exit without saving the configuration, click Cancel. If you have completed all edits and configuration, click Finish.

  • No labels