Setup local NTP servers

From MikroTik Wiki
Revision as of 09:17, 14 June 2010 by Marisb (talk | contribs) (format)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Setup

Non of routerboards have battery backed up clock so it's good practice to set NTP client on all boards to be able to set proper time after boot. There are many public NTP servers on the Internet but it's always good to have some centralized control of time source and in addition lower load of public servers with the aid of local cache NTP servers.

Benefits:

  • Router doesn't need direct access to internet and public NTP servers
  • Allow to control primary source of clock for your router only on two main routers (primary and secondary)
  • It can reduce traffic and load of some public NTP servers by local time caching


RouterOS support setting of two servers for NTP client primary and secondary. It's better to setup and use two servers for redundancy if it's feasible. NTP servers should be located in independent locations with high availability near main gateways.

NTP Server

NTP server could be configured by WinBox in menu System - NTP Server or in command line /system/ntp/server. NTP server service is not included in default set of packages so it needs to be downloaded and installed manually with ntp.npk package.

If package is successfully installed then it can be simply enabled with Manycast support.

/system ntp server
set broadcast=no enabled=yes manycast=yes multicast=no


Local NTP servers need to be synchronized from Stratum 1 or Stratum 2 public servers. Pick some form public list.

/system ntp client
set enabled=yes mode=unicast primary-ntp=1.2.3.4 secondary-ntp=5.6.7.8


Server ip mismatch

In routed network router can have multiple interfaces and ip addresses and NTP server running on such router can answer on different ip address then it received request. Then source NAT should be configured to solve this kind of problem which can result in Bad packet reason = server-ip-mismatch on client side.

/ip firewall nat add action=src-nat chain=srcnat comment="NTP" disabled=no \
  protocol=udp src-port=123 to-addresses=192.168.0.1

Where 192.168.0.1 is desired NTP server address. But this rule apply source NAT to all traffic going through so every other NTP server traffic will be SNATed to one address too. Then this rule can be more closely specified with src-address parameter configured to all other ip address which router have on other interfaces. Then if router have three addresses then two SNAT rules should be added like:

/ip firewall nat add action=src-nat chain=srcnat src-address="192.168.0.2" \
  comment="NTP interface ether2" disabled=no protocol=udp src-port=123 to-addresses=192.168.0.1
/ip firewall nat add action=src-nat chain=srcnat src-address="192.168.0.3" \
  comment="NTP interface ether3" disabled=no protocol=udp src-port=123 to-addresses=192.168.0.1

NTP Client

Now local NTP servers can be configured on every router in local network:

/system ntp client
set enabled=yes mode=unicast primary-ntp=192.168.0.1 secondary-ntp=192.168.1.1

Also you should set time zone according your location on every router.

/system clock
set time-zone-name=CET

See also

External links