Junos
Reply
Regular Visitor
NikeBoy
Posts: 9
Registered: ‎11-10-2007
0

NTP between Juniper PE and any CE

Hello,

as I understand NTP does not work between L3VPN PE and CE, like Cisco can?
Is it possible to make something like routes-leaking or something else?
I need JUNOS examples about this issue!


Thanks in advance!

---
Yev.

---
Yev.
Trusted Contributor
gdavies
Posts: 115
Registered: ‎11-05-2007
0

Re: NTP between Juniper PE and any CE

Hi Yev,

 

Do you really mean NTP (Network Time Protocol)?  If so, I'm not sure I see how this relates to route leaking.

 

If you want a CE to be able to get an NTP sync, then you can place an NTP server anywhere in the VPN (behind another CE) and it should be accessible to any device in the VRF.  If you're looking to use a public server on the Internet, then you need to provide a path from the VRF to the Internet (and back).  The safest way to do this would be through a firewall of some description, with a 'trusted' interface in the VRF and an 'untrusted' interface with access to the Internet.  That device could then advertise a default route into the VRF.

 

Rgds,

 

Guy 

---
Guy Davies
Regular Visitor
NikeBoy
Posts: 9
Registered: ‎11-10-2007
0

Re: NTP between Juniper PE and any CE

Hi Guy,

 yes, NTP for me is network time protocol.


All I need - is that CE can get time from PE, so CE is NTP client and PE is NTP server for this CE.
The problem that it work if I use "native" IP (without vrf/routing-instance) between PE and CE, but if I configure VRF for this PE-CE connection it did not work.
Also I do not want to install some dedicated NTP server or make some new L3VPN vrf with Internet connection or overlapping VPNs.

Btw, it works correctly between CE and Cisco PE...

 

---

Yev.
---
Yev.
Trusted Contributor
gdavies
Posts: 115
Registered: ‎11-05-2007
0

Re: NTP between Juniper PE and any CE

Hi Yev,

 

It would seem to me that the PE should treat *all* traffic arriving on a particular interface as though it is intended for the VPN.  Equally, the PE should not have access to view the contents of traffic on the VPN.  Therefore, it *should not* be able to offer 'services' or 'applications' to the CE.  But that's just my view :-)

 

If all CE in a VRF form a mesh, as long as they all start with a reasonable view of the time, they should converge on a shared view of time.

 

If you absolutely need this feature, then you would probably be best talking to the SE for your account.  He will help you raise an enhancement request.

 

Rgds,

 

Guy 

---
Guy Davies
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.