NTP
NTP (Network Time Protocol) is a hierarchical time synchronization protocol that maintains accurate time across network devices by synchronizing with authoritative time sources and distributing precise time information throughout the network infrastructure. It operates using a stratum-based system where lower stratum numbers indicate higher accuracy, supporting both server and peer relationships with authentication mechanisms to ensure time source integrity. NTP is critical for network operations including log correlation, certificate validation, debugging, security event analysis, and distributed system coordination, providing microsecond-level accuracy essential for modern network management and compliance requirements.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”configuration (iosxe.devices)
Section titled “configuration (iosxe.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ntp | Class | [ntp] | No |
ntp (iosxe.devices.configuration)
Section titled “ntp (iosxe.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| authenticate | Boolean | true, false | No | |
| logging | Boolean | true, false | No | |
| access_group_peer_acl | String | No | ||
| access_group_query_only_acl | String | No | ||
| access_group_serve_acl | String | No | ||
| access_group_serve_only_acl | String | No | ||
| authentication_keys | List | [authentication_keys] | No | |
| clock_period | Integer | min: 0, max: 4294967295 | No | |
| delete_mode | Choice | all, attributes | No | |
| master | Boolean | true, false | No | |
| master_stratum | Integer | min: 1, max: 15 | No | |
| passive | Boolean | true, false | No | |
| update_calendar | Boolean | true, false | No | |
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, TenGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet, PortChannel, PortChannelSubinterface | No | |
| source_interface_id | String | No | ||
| servers | List | [servers] | No | |
| peers | List | [peers] | No |
authentication_keys (iosxe.devices.configuration.ntp)
Section titled “authentication_keys (iosxe.devices.configuration.ntp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| number | Integer | min: 1, max: 4294967295 | Yes | |
| trusted | Boolean | true, false | No | |
| mode | Choice | md5, cmac_aes_128, hmac_sha1, hmac_sha2_256, sha1, sha2 | No | |
| key | String | No | ||
| encryption_type | Integer | min: 0, max: 4294967295 | No |
servers (iosxe.devices.configuration.ntp)
Section titled “servers (iosxe.devices.configuration.ntp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| vrf | String | No | ||
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet, PortChannel, PortChannelSubinterface | No | |
| source_interface_id | String | No | ||
| key | Integer | min: 1, max: 4294967295 | No | |
| prefer | Boolean | true, false | No | |
| version | Integer | min: 1, max: 4 | No | |
| burst | Boolean | true, false | No | |
| iburst | Boolean | true, false | No | |
| periodic | Boolean | true, false | No |
peers (iosxe.devices.configuration.ntp)
Section titled “peers (iosxe.devices.configuration.ntp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| vrf | String | No | ||
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet, PortChannel | No | |
| source_interface_id | String | No | ||
| key | Integer | min: 1, max: 4294967295 | No | |
| prefer | Boolean | true, false | No | |
| version | Integer | min: 1, max: 4 | No |
By synchronizing device clocks with authoritative time sources, NTP ensures accurate timekeeping for consistent logging, security, and network operations.
NTP Parameters
Section titled “NTP Parameters”Key Components:
Authentication (
authenticate,authentication_keys): Enables NTP authentication and configures authentication keys.Logging (
logging): Enables logging of NTP messages.Access Groups (
access_group_peer_acl,access_group_query_only_acl,access_group_serve_acl,access_group_serve_only_acl): Controls access to NTP functions.Clock Period (
clock_period): Sets the NTP clock period.Master (
master,master_stratum): Enables the device as an NTP master and sets the stratum.Passive (
passive): Enables passive mode for NTP.Update Calendar (
update_calendar): Enables calendar updates from NTP.Source Interface (
source_interface_type,source_interface_id): Specifies the source interface for NTP packets.Servers (
servers): Configures NTP servers with IP, source interface, key, prefer, version, and VRF.Peers (
peers): Configures NTP peers with IP, source interface, key, prefer, version, and VRF.
Key Parameters Briefly Explained:
authenticate,authentication_keys: NTP authentication settings.logging: NTP logging.access_group_peer_acl,access_group_query_only_acl,access_group_serve_acl,access_group_serve_only_acl: NTP access control.clock_period: NTP clock period.master,master_stratum: NTP master settings.passive: Passive mode.update_calendar: Calendar update.source_interface_type,source_interface_id: Source interface.servers,peers: NTP server and peer configuration.
You can use these NTP parameters to configure time synchronization on your network device. Customize authentication, server/peer relationships, and access controls to fit your network’s time accuracy requirements, security policies, and operational needs. Adjusting these parameters lets you tailor how your device maintains accurate time and distributes it across the network.
Sample Configuration
Section titled “Sample Configuration”The following configuration describes how to set up NTP on a Cisco IOS-XE device, including authentication, logging, access groups, authentication keys, master clock settings, source interface, and server/peer relationships.
ntp authenticatentp loggingntp access-group peer NTP-PEER-ACLntp access-group query-only NTP-QUERY-ACLntp access-group serve NTP-SERVE-ACLntp access-group serve-only NTP-SERVE-ONLY-ACL!ntp authentication-key 1 md5 MySecretKey123ntp trusted-key 1ntp authentication-key 2 sha1 AnotherSecretKey456ntp trusted-key 2ntp authentication-key 3 hmac-sha1 HmacKey789ntp authentication-key 4 hmac-sha2-256 Sha256Key101112ntp trusted-key 4!ntp master 8ntp passiventp update-calendarntp source Loopback0!ntp server 129.6.15.28 source Loopback0 key 1 prefer version 4ntp server vrf MGMT 216.239.35.0 key 2 version 4!ntp peer 192.168.1.10 source Loopback1 key 3 prefer version 4ntp peer vrf PEER-VRF 192.168.1.20 key 4 version 3Example YAML Code
Section titled “Example YAML Code”The following YAML code defines NTP configuration on an IOS-XE device, including authentication, logging, access groups, authentication keys, master clock settings, source interface, and server/peer relationships.
iosxe: devices: - name: Device1 configuration: ntp: authenticate: true logging: true access_group_peer_acl: NTP-PEER-ACL access_group_query_only_acl: NTP-QUERY-ACL access_group_serve_acl: NTP-SERVE-ACL access_group_serve_only_acl: NTP-SERVE-ONLY-ACL authentication_keys: - number: 1 trusted: true mode: md5 key: MySecretKey123 encryption_type: 0 - number: 2 trusted: true mode: sha1 key: AnotherSecretKey456 encryption_type: 0 - number: 3 mode: hmac_sha1 key: HmacKey789 encryption_type: 0 - number: 4 trusted: true mode: hmac_sha2_256 key: Sha256Key101112 encryption_type: 0 clock_period: 17179869184 master: true master_stratum: 8 passive: true update_calendar: true source_interface_type: Loopback source_interface_id: "0" servers: - ip: 129.6.15.28 source_interface_type: Loopback source_interface_id: "0" key: 1 prefer: true version: 4 - ip: 216.239.35.0 vrf: MGMT key: 2 prefer: false version: 4 peers: - ip: 192.168.1.10 source_interface_type: Loopback source_interface_id: "1" key: 3 prefer: true version: 4 - ip: 192.168.1.20 vrf: PEER-VRF key: 4 prefer: false version: 3