Dell Networking SONiC: How to Configure the Switch as a Network Time Protocol Client

Index

Introduction
Basic NTP Configuration
        Configure an NTP server.
        Configure the switch interface whose IPv4 or IPv6 address is used as the source address.
         (Optional) Configure NTP to operate either in the Management or default VRF
NTP Authentication Configuration (Optional)
Sample Basic NTP configuration Verification
 

Introduction

The Network Time Protocol (NTP) synchronizes the clocks in network devices. NTP coordinates time distribution in a large network between time servers and client devices. NTP clients synchronize with NTP servers to receive accurate time updates. NTP clients can choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information.

As an NTP client, the switch sends messages to one or more servers and processes the replies as received. Information in an NTP message allows each client or server peer to determine the timekeeping characteristics of its other peers, including the expected accuracies of their clocks. Each peer selects the best time from several other clocks, updates the local clock, and estimates its accuracy using this information. 
 

Basic NTP Configuration

Configure an NTP server.

Configuration Syntax
Configure an NTP server by entering its IP address or domain name to synchronize time on the switch. Multiple NTP servers can be configured using the below command.

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure
DELLSONiC(config)# ntp server {ipv4-address | ipv6-address | ntp-server-name} [key keyid] [prefer true | false] [maxpoll interval] [minpoll interval]

(Optional) Enter an authentication-key ID (1 to 65535) to use NTP authentication. The switch uses the authentication key to validate a remote NTP server as a time source, or by a downstream NTP client to validate the switch as a time source.

Configure the switch interface whose IPv4 or IPv6 address is used as the source address.

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure
DELLSONiC(config)# ntp source-interface {interface-type interface-number}

Where interface-type interface-number is one of these values:

• Eth slot or port [/breakout-port]
• PortChannel portchannel-number
• VLAN a vlan-id
• Loopback number
• Management 0 (eth0)

If no source interface is configured, by default a single NTP source interface is selected using an internal algorithm in the following order:

• Statically configured management interface IP address
• IP address configured on the loopback0 interface
• DHCP-acquired management IP address

(Optional) Configure NTP to operate either in the Management or default VRF

By default, NTP is enabled in the Management VRF if it is configured. If no Management VRF is configured, NTP service is enabled in the default VRF.

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# ntp vrf {mgmt | default}

From Dell SONiC 4.4.0 enable NTP in user-defined VRF.
 

sonic(config)# ntp vrf <Vrf_name>

NTP Authentication Configuration (Optional)

Configure the switch to authenticate a remote NTP server which serves as the time source to synchronize the local time. The switch rejects an NTP server if the received NTP packets do not pass the authentication check using the authentication key. NTP authentication is disabled by default. Enter the same commands to configure the switch as an NTP server that a downstream NTP client validates as an acceptable time source.

Configuration Syntax

admin@DELLSONiC:~$ sonic-cli

DELLSONiC# configure

DELLSONiC(config)# ntp authentication-key {key-id} {key-type} {Authentication-key}

DELLSONiC(config)# ntp trusted-key id-number

DELLSONiC(config)# ntp authenticate

Configuration Notes

• key-id defines the authentication-key number (1 to 65535; no default).
• The supported authentication key types are md5, sha1 and sha2-256.
• The trusted authentication-key numbers (1 to 65535) that the switch must receive in NTP packets in order to accept the NTP server time. Trusted keys identify trusted sources — the NTP servers from which the switch accepts time synchronization.
• The Authentication-key (authentication password) is encrypted in the running configuration. In future authentication-key configuration, you can copy and paste the encrypted password (with the encrypted keyword) from the show running configuration output. 

Sample Basic NTP configuration

Sample Configuration

admin@DELLSONiC:~$ sonic-cli
DELLSONiC# configure terminal
DELLSONiC(config)# ntp server 10.0.0.1
DELLSONiC(config)# ntp source-interface Management 0
DELLSONiC(config)# end

Verification

Use the following commands to verify NTP connection:

show ntp associations
show ntp server 
show ntp global

NTP synchronization may take few minutes to populate.

Sample Output

DELLSONiC# show ntp associations 
remote                      refid            st   t  when   poll   reach  delay  offset       jitter      
------------------------------------------------------------------------------------------------------ 
*10.0.0.1               X.X.X.X             2    u  59     64     17     0.219  170837.000   86.119      
------------------------------------------------------------------------------------------------------
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

DELLSONiC# show ntp server 
----------------------------------------------------------------------
NTP Servers                     minpoll maxpoll Authentication key ID
----------------------------------------------------------------------
10.0.0.1                                  6       10     

DELLSONiC# show ntp global 
----------------------------------------------
NTP Global Configuration      
----------------------------------------------
NTP source-interfaces:  eth0