Hi,
I read a bit about anycast implementations and I'm trying one on two nexus switches in a vpc pair. I've created the same loopback address on both, and source my ntp from it. They both connect as clients to time.nist.gov, and peers to each others on another set of unique loopbacks (.1 and .2). All four loopbacks are being injected into their EIGRP AS. As of this standing though, only one of the two cores is synced externally. I'm assuming this is because only one can truly receive ntp updates because the firewall cannot differentiate the return path to the anycast loopback. What am I misinterpreting here?
core 1:
ntp peer 2.2.2.2 ###core 2 lo0 ntp server 132.163.96.3 prefer ###time.nist.gov ntp source-interface loopback1 ###anycast address ntp authenticate ntp authentication-key 1 md5 Qa1bgrfTfwsru 7 ntp trusted-key 1 ntp logging ntp master 6 ntp allow private
core 2:
ntp peer 1.1.1.1 ###core 1 lo0 ntp server 132.163.96.3 prefer ###time.nist.gov ntp source-interface loopback1 ####anycast address ntp authenticate ntp authentication-key 1 md5 Qa1bgrfTfwsru 7 ntp trusted-key 1 ntp logging ntp master 6 ntp access-group match-all ntp allow private
show status:
CORE-1# show ntp peer-status Total peers : 3 * - selected for sync, + - peer mode(active), - - peer mode(passive), = - polled in client mode remote local st poll reach delay vrf ----------------------------------------------------------------------------------------------------------------------- +2.2.2.2 10.240.251.0 16 64 0 0.00000default =127.127.1.0 10.240.251.0 6 64 0 0.00000 *132.163.96.3 10.240.251.0 1 64 0 0.04498default CORE-2# show ntp peer-status Total peers : 3 * - selected for sync, + - peer mode(active), - - peer mode(passive), = - polled in client mode remote local st poll reach delay vrf ----------------------------------------------------------------------------------------------------------------------- +1.1.1.1 10.240.251.0 16 64 0 0.00000default *127.127.1.0 10.240.251.0 6 64 377 0.00000 =132.163.96.3 10.240.251.0 16 64 0 0.00000default
Is this correct? shouldn't I see a valid stratum from at least my peer/time.nist.gov? Any help is appreciated
No comments:
Post a Comment