Hello all. I'm trying to configure our SRX3600 cluster to sync with outside NTP servers but I'm not having any luck with this.
I have the following configured on the cluster.
ntp {
boot-server 161.53.160.5;
server 161.53.160.5 prefer;
server 161.53.123.5;
source-address 127.0.0.1;
}
lo0 {
unit 0 {
family inet {
filter {
input CONTROL_PLANE;
}
address 127.0.0.1/32;
}
}
}
NTP relevant part of the firewall filter
term 400_PERMIT_NTP {
from {
source-address {
161.53.160.4/32;
161.53.123.4/32;
127.0.0.1/32;
}
protocol udp;
port ntp;
}
then accept;
}
term 401_DENY_NTP_1 {
from {
protocol udp;
port ntp;
}
then {
discard;
}
}
The routing for the cluster
routing-options {
static {
route 0.0.0.0/0 {
next-hop 192.168.170.1;
retain;
}
route 10.64.8.96/32 next-table internet.inet.0;
route 10.64.8.202/32 next-table internet.inet.0;
route 161.53.160.5/32 next-table internet.inet.0;
route 161.53.123.5/32 next-table internet.inet.0;
route 10.64.20.50/32 next-table internet.inet.0;
}
}
routing-instances {
internet {
instance-type virtual-router;
interface reth0.0;
interface reth1.230;
interface reth1.231;
interface reth1.232;
interface reth1.233;
interface reth1.234;
interface reth1.235;
interface reth1.236;
interface reth1.244;
interface reth1.246;
interface reth1.248;
interface reth1.249;
interface reth1.252;
interface reth1.666;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 193.25.220.1;
retain;
}
route 10.0.0.0/8 {
next-hop 192.168.246.254;
retain;
}
route 192.168.254.0/24 {
next-hop 192.168.246.254;
retain;
}
route 192.168.0.0/16 {
next-hop 192.168.246.254;
retain;
}
route 192.168.234.0/24 {
next-hop 192.168.246.254;
retain;
}
route 192.168.90.0/23 {
next-hop 192.168.246.254;
retain;
}
route 192.168.55.0/24 {
next-hop 192.168.246.254;
retain;
}
}
}
}
}
With all of this configured I get the following results.
> show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
161.53.160.5 .INIT. 16 - - 1024 0 0.000 0.000 4000.00
161.53.123.5 .INIT. 16 - - 1024 0 0.000 0.000 4000.00
> show ntp status
status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.0-a Mon Sep 3 15:37:16 UTC 2018 (1)",
processor="powerpc", system="JUNOS12.3X48-D75.4", leap=11, stratum=16,
precision=-18, rootdelay=0.000, rootdispersion=309.015, peer=0,
refid=INIT, reftime=00000000.00000000 Thu, Feb 7 2036 7:28:16.000,
poll=4, clock=dfea239b.a2b2bea1 Wed, Jan 16 2019 22:41:47.635, state=1,
offset=0.000, frequency=0.778, jitter=0.004, stability=0.000
> set date ntp
node0:
--------------------------------------------------------------------------
16 Jan 22:42:22 ntpdate[68700]: no server suitable for synchronization found
node1:
--------------------------------------------------------------------------
16 Jan 22:42:22 ntpdate[70021]: no server suitable for synchronization found
> show log messages | match ntp
Jan 16 22:37:44 SRX xntpd[1381]: NTP Server Unreachable
Jan 16 22:40:56 SRX ntpq: attempt to configure invalid address 127.0.0.1
Jan 16 22:41:47 SRX ntpq: attempt to configure invalid address 127.0.0.1
Jan 16 22:42:22 SRX xntpd[1381]: ntpd 4.2.0-a Mon Sep 3 15:37:16 UTC 2018 (1)
Jan 16 22:42:22 SRX xntpd[1381]: mlockall(): Resource temporarily unavailable
Jan 16 22:42:22 SRX mgd[68688]: UI_CHILD_EXITED: Child exited: PID 68689, status 1, command '/usr/libexec/ui/ntp-date'
Jan 16 22:42:22 SRX xntpd[1381]: attempt to configure invalid address 127.0.0.1
Jan 16 22:42:37 SRX xntpd[1381]: ntpd 4.2.0-a Mon Sep 3 15:37:16 UTC 2018 (1)
Jan 16 22:42:37 SRX xntpd[1381]: mlockall(): Resource temporarily unavailable
Jan 16 22:42:37 SRX mgd[68705]: UI_CHILD_EXITED: Child exited: PID 68706, status 1, command '/usr/libexec/ui/ntp-date'
Jan 16 22:42:37 SRX xntpd[1381]: attempt to configure invalid address 127.0.0.1
I'm lost on what's going on here as I have a similar configuration on MX80 and EX4600 devices that work all right. The logs show a problem with the routing even when I have a route in the intet.0 pointing to the routing instance. Any help ewith this would be appreciated.