Configuring Network Time Protocol (NTP)

NTP Overview

 

 

 

 

When planning your network, it is helpful to use the following general rules:

It is usually not a good idea to synchronize a local time server with a peer (in other words, a server at the same stratum), unless the latter is receiving time updates from a source that has a lower stratum than from where the former is receiving time updates. This minimizes common points of failure.

Peer associations should only be configured between servers at the same stratum level. Higher Strata should configure lower Strata, not the reverse.

It is inadvisable to configure time servers in a domain to a single time source. Doing so invites common points of failure.

Note. NTP does not support year date values greater than 2035 (the reasons are documented in RFC 1305 in the data format section). This should not be a problem (until the year 2035) as setting the date this far in advance runs counter to the administrative intention of running NTP.

Authentication

NTP is designed to use MD5 encryption authentication to prevent outside influence upon NTP timestamp information. This is done by using a key file. The key file is loaded into the switch memory, and consists of a text file that lists key identifiers that correspond to particular NTP entities.

If authentication is enabled on an NTP switch, any NTP message sent to the switch must contain the correct key ID in the message packet to use in decryption. Likewise, any message sent from the authenti- cation enabled switch will not be readable unless the receiving NTP entity possesses the correct key ID.

The key file is a text (.txt) file that contains a list of keys that are used to authenticate NTP servers. It should be located in the /networking directory of the switch.

Key files are created by a system administrator independent of the NTP protocol, and then placed in the switch memory when the switch boots. An example of a key file is show below:

2

M

RIrop8KPPvQvYotM

#

md5

key

as

an

ASCII

random string

14

M

sundial

#

md5

key

as

an

ASCII

string

In a key file, the first token is the key number ID, the second is the key format, and the third is the key itself. (The text following a “#” is not counted as part of the key, and is used merely for description.) The key format indicates an MD5 key written as a 1 to 31 character ASCII string with each character standing for a key octet.

The key file (with identical MD5 keys) must be located on both the local NTP client and the client’s server.

OmniSwitch 6600 Family Switch Management Guide March 2005

page 3-7

Page 80 Page 82
Page 81
Image 81
Alcatel Carrier Internetworking Solutions omniswitch manual Authentication
Page 80 Page 82

omniswitch specifications

Alcatel Carrier Internetworking Solutions offers the OmniSwitch series, renowned for its robust capabilities in delivering high-performance networking solutions tailored for a variety of enterprise and service provider environments. The OmniSwitch series is particularly recognized for its scalability, flexibility, and the depth of its feature set, making it a popular choice for organizations that demand reliable and efficient networking solutions.

One of the standout features of the OmniSwitch series is its advanced Layer 2 and Layer 3 switching capabilities, providing organizations with essential support for IP routing and robust Ethernet networking. This versatility ensures that the switch can seamlessly integrate into existing network architectures, facilitating smooth upgrade paths in response to evolving business needs. The OmniSwitch includes support for multiple protocols like RIP, OSPF, and BGP, making it suitable for complex networking topologies.

In terms of performance, OmniSwitch devices are engineered to handle high bandwidth demands. With features such as hardware-based forwarding, they ensure low latency and minimal packet loss, which are critical for applications sensitive to delays such as VoIP and video conferencing. Furthermore, they support Power over Ethernet (PoE), allowing users to power devices like IP phones and security cameras directly through the network.

Security is another key characteristic of the OmniSwitch series. It includes advanced security features such as robust access control lists (ACLs), port security, and built-in support for IEEE 802.1X authentication. These features collectively enhance the security posture of the network, protecting sensitive data and ensuring that only authorized devices can access the network resources.

The OmniSwitch is also designed with redundancy and reliability in mind. Features like Rapid Spanning Tree Protocol (RSTP) and Virtual Router Redundancy Protocol (VRRP) ensure that network uptime is maximized and that failover is swift in the event of a hardware failure. This makes it a viable option for organizations that cannot afford downtime.

In addition to these features, Alcatel's OmniSwitch series comes equipped with a user-friendly management interface. This interface simplifies the setup, configuration, and monitoring of the network, making it accessible even to those with limited networking expertise. Through intuitive dashboards and support for SNMP, administrators can manage their networks effectively.

In conclusion, Alcatel Carrier Internetworking Solutions' OmniSwitch series offers a comprehensive suite of features tailored to meet the needs of modern networks. With its blend of performance, scalability, security, and ease of management, the OmniSwitch stands out as a preferred choice for businesses seeking to enhance their networking infrastructure.
Top Page Image Contents