ntp with mgmt vrf


Hello, all!
I have a switch which I would like to work as ntp server for hosts connected to it.
I synchronyze switch with ntp in Internet throughout eth0 in mgmt vrf. But servers connected to global routing tabe.

there are lines in ntp.conf:
# for local clients
restrict 10.0.0.0 mask 255.0.0.0 nomodify notrap
# interface to send ntp requests:
interface listen eth0

ntpq -p:
root@leaf2:mgmt-vrf:~# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*ip-79-111-152-1 .GPS. 1 u 11 256 377 29.437 -0.645 0.187
-ftpshare1.corbi 89.175.22.41 2 u 145 256 377 4.070 0.658 0.323
+cello.corbina.n 131.188.3.220 2 u 202 256 377 4.437 0.212 0.117
+ns1.ooonet.ru 89.109.251.24 2 u 193 256 377 31.153 -0.073 0.165

When I do tcpdump on port to which client is connected I see requests, but don't see responses:

10:13:33.099409 ec:0d:9a:a6:a4:22 (oui Unknown) > 44:38:39:ff:00:65 (oui Unknown), ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 64, id 58526, offset 0, flags [df], proto UDP (17), length 76)
10.0.1.101.53686 > 10.0.1.1.ntp: [udp sum ok] NTPv4, length 48
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 10 (1024s), precision 32
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
Reference Timestamp: 0.000000000
Originator Timestamp: 0.000000000
Receive Timestamp: 0.000000000
Transmit Timestamp: 3174975032.184608978 (2000/08/11 13:30:32)
Originator - Receive Timestamp: 0.000000000
Originator - Transmit Timestamp: 3174975032.184608978 (2000/08/11 13:30:32)

ntpd works in mgmt vrf:
root@leaf2:mgmt-vrf:~# systemctl status ntp@mgmt.service
● ntp@mgmt.service - NTP - Network Time Protocol daemon
Loaded: loaded (/lib/systemd/system/ntp.service; enabled)
Drop-In: /run/systemd/generator/ntp@.service.d
└─vrf.conf
Active: active (running) since Tue 2018-03-27 09:26:14 MSK; 49min ago
Docs: man:ntpd(8)
Main PID: 1588 (ntpd)
CGroup: /system.slice/system-ntp.slice/ntp@mgmt.service
└─1588 /usr/sbin/ntpd -n -u ntp:ntp -g

Is there need for some addtional configuration to distribute time from switch for local clients?

4 replies

Userlevel 3
The primary issue is this comment and line in ntp.conf
# interface to send ntp requests:
interface listen eth0
You'll need to add the swp ports that you want ntp to listen (and reply on) to the config. Your base ntp config is clearly working in that it's sync'ing time from upstream. Or remove the listen line completely, so ntp listens on all interfaces.
Hello, Dave!
The problem here is in vrf's. I started ntp service for vrf mgmt, because ntp server available only from eth0 address. But interfaces live in default vrf (or other sprecific vrf's), and system can't create sockets for this interaces.
Here syslog grep when I started ntp in mgmt vrf for eth0 (in mgmt) and vlan101 (in default vrf):

2018-03-28T09:12:40.775872+03:00 leaf2 ntpd[1929]: ntpd 4.2.6p5@1.2349-o Wed Sep 27 21:22:40 UTC 2017 (1)
2018-03-28T09:12:40.776841+03:00 leaf2 ntpd[1929]: proto: precision = 0.100 usec
2018-03-28T09:12:40.777790+03:00 leaf2 ntpd[1929]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
2018-03-28T09:12:40.778422+03:00 leaf2 ntpd[1929]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
2018-03-28T09:12:40.781407+03:00 leaf2 ntpd[1929]: Listen and drop on 1 v6wildcard :: UDP 123
2018-03-28T09:12:40.782432+03:00 leaf2 ntpd[1929]: Listen normally on 2 lo 127.0.0.1 UDP 123
2018-03-28T09:12:40.783062+03:00 leaf2 ntpd[1929]: Listen normally on 3 eth0 172.28.50.28 UDP 123
2018-03-28T09:12:40.783714+03:00 leaf2 ntpd[1929]: bind(20) AF_INET 10.0.1.3#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:12:40.784319+03:00 leaf2 ntpd[1929]: unable to create socket on vlan101 (4) for 10.0.1.3#123
2018-03-28T09:12:40.784838+03:00 leaf2 ntpd[1929]: failed to init interface for address 10.0.1.3
2018-03-28T09:12:40.785981+03:00 leaf2 ntpd[1929]: Listen normally on 5 eth0 fe80::268a:7ff:fea0:14fa UDP 123
2018-03-28T09:12:40.786649+03:00 leaf2 ntpd[1929]: Listen normally on 6 lo ::1 UDP 123
2018-03-28T09:12:40.788261+03:00 leaf2 ntpd[1929]: Listen normally on 7 vlan101 fe80::268a:7ff:fef2:f500 UDP 123
2018-03-28T09:12:40.788964+03:00 leaf2 ntpd[1929]: peers refreshed
2018-03-28T09:12:40.789552+03:00 leaf2 ntpd[1929]: Listening on routing socket on fd #23 for interface updates
2018-03-28T09:12:44.777327+03:00 leaf2 ntpd[1929]: bind(24) AF_INET 10.0.1.3#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:12:44.777802+03:00 leaf2 ntpd[1929]: unable to create socket on vlan101 (8) for 10.0.1.3#123
2018-03-28T09:12:44.778140+03:00 leaf2 ntpd[1929]: failed to init interface for address 10.0.1.3
2018-03-28T09:12:47.778862+03:00 leaf2 ntpd[1929]: bind(24) AF_INET 10.0.1.3#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:12:47.779315+03:00 leaf2 ntpd[1929]: unable to create socket on vlan101 (9) for 10.0.1.3#123
2018-03-28T09:12:47.779657+03:00 leaf2 ntpd[1929]: failed to init interface for address 10.0.1.3

Strating ntp service in default vrf does not help. Because in this case we see opposite situation:

2018-03-28T09:09:11.210371+03:00 leaf2 ntpd[1026]: ntpd 4.2.6p5@1.2349-o Wed Sep 27 21:22:40 UTC 2017 (1)
2018-03-28T09:09:11.210853+03:00 leaf2 ntpd[1026]: proto: precision = 0.100 usec
2018-03-28T09:09:11.211215+03:00 leaf2 ntpd[1026]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
2018-03-28T09:09:11.211545+03:00 leaf2 ntpd[1026]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
2018-03-28T09:09:11.213446+03:00 leaf2 ntpd[1026]: Listen and drop on 1 v6wildcard :: UDP 123
2018-03-28T09:09:11.213968+03:00 leaf2 ntpd[1026]: Listen normally on 2 lo 127.0.0.1 UDP 123
2018-03-28T09:09:11.214323+03:00 leaf2 ntpd[1026]: bind(19) AF_INET 172.28.50.28#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:09:11.214667+03:00 leaf2 ntpd[1026]: unable to create socket on eth0 (3) for 172.28.50.28#123
2018-03-28T09:09:11.215048+03:00 leaf2 ntpd[1026]: failed to init interface for address 172.28.50.28
2018-03-28T09:09:11.215387+03:00 leaf2 ntpd[1026]: Listen normally on 4 vlan101 10.0.1.3 UDP 123
2018-03-28T09:09:11.215729+03:00 leaf2 ntpd[1026]: Listen normally on 5 eth0 fe80::268a:7ff:fea0:14fa UDP 123
2018-03-28T09:09:11.216128+03:00 leaf2 ntpd[1026]: Listen normally on 6 lo ::1 UDP 123
2018-03-28T09:09:11.216593+03:00 leaf2 ntpd[1026]: Listen normally on 7 vlan101 fe80::268a:7ff:fef2:f500 UDP 123
2018-03-28T09:09:11.217003+03:00 leaf2 ntpd[1026]: peers refreshed
2018-03-28T09:09:11.217424+03:00 leaf2 ntpd[1026]: Listening on routing socket on fd #23 for interface updates
2018-03-28T09:09:13.211114+03:00 leaf2 ntpd[1026]: bind(24) AF_INET 172.28.50.28#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:09:13.211549+03:00 leaf2 ntpd[1026]: unable to create socket on eth0 (8) for 172.28.50.28#123
2018-03-28T09:09:13.211911+03:00 leaf2 ntpd[1026]: failed to init interface for address 172.28.50.28
2018-03-28T09:09:17.212676+03:00 leaf2 ntpd[1026]: bind(24) AF_INET 172.28.50.28#123 flags 0x19 failed: Cannot assign requested address
2018-03-28T09:09:17.213158+03:00 leaf2 ntpd[1026]: unable to create socket on eth0 (9) for 172.28.50.28#123


Userlevel 3
I see you opened a support case on this also; that's good. I'm pretty sure we don't have an answer to this right now. I'm the internal Cumulus maintainer for vrf, but I'm not an expert on multiple vrf setups. Our vrf expert is looking at this now, but I suspect we'll need to modify ntp the way we modified rsyslog, to handle this case.

Dave Olson wrote:

I see you opened a support case on this also; that's good. I'm pretty sure we don't have an answ...

Dave, it is very desirable for us to syncрronize time on servers with default gw's on switches. Servers are in different vlan and vrf's. Right now we have to use workaround with external ntp server. And we will wait for answer in case.

Reply