Managing the NTP service

The NTP service identifies which NTP servers to query to synchronize the local date and time that the system uses.

About this task

Availability: Only administrators in the default domain with appropriate permissions.
  • On physical DataPower appliances, DataPower® Gateway for KVM, and DataPower Gateway for VMware, you can define the NTP service.
  • On DataPower Gateway for Docker and on DataPower Gateway for Linux®, you cannot define the NTP service. These products use the time management facilities on the host.
Tip: The equivalent entry point in the CLI is the global ntp-service command.

When you configure the DataPower NTP service, specify which NTP servers to query to synchronize the local date and time. After at least one NTP server is identified, the DataPower Gateway acts as an NTP client. The time from the NTP server can differ from the time that the DataPower Gateway shows. The difference is because of the defined DataPower local time zone.

The DataPower configuration includes a refresh interval. With each refresh interval timer event, the NTP client processes a single transaction with the NTP server. When a leap second occurs, the NTP server might insert the leap second indicator into the NTP protocol header. This insertion is designed to stage the leap second event ahead of time. When the NTP server sets this signal in the NTP response, NTP clients can choose to add or remove 1 second. The NTP server administrator can decide to enable this property before the event. The DataPower SNTP implementation ignores the leap second indicator and continues normal operation.

After a leap second event occurs, the DataPower SNTP implementation refreshes the current time reference from the NTP server and makes corrections as needed. If the NTP server corrected its own time, the reference time that is passed to the DataPower Gateway includes all or a portion of the correction. If the correction on the NTP server is incomplete, the full correction does not take place on the DataPower Gateway until the correction is fully completed on the NTP server.

The DataPower Gateway absorbs leap seconds as they are absorbed by the NTP servers and communicated as the reference time in responses that are sent to the DataPower Gateway. The DataPower Gateway logs the time change as an informational message. The following message reflects the 1-second change that the leap second introduced on an NTP server that used a step correction to implement a leap second.
7:59:07 PM system info 207 0x80e0031f ntp-service (NTP Service): NTP time adjustment of 1000097 microseconds

The DataPower implementation uses slew correction for offsets of 0.5 seconds or less and step corrections for offsets greater than 0.5 seconds. If the NTP server uses step correction, the DataPower Gateway uses a step correction.

By default, the DataPower Gateway issues requests to the first NTP server in the list and waits 750 milliseconds for a response. If this server is not available or does not respond within the allocated duration, the DataPower Gateway attempts to contact the next server in the list.

Procedure

  1. In the search field, enter ntp.
  2. From the search results, click NTP service.
  3. Set the administrative state of the configuration.
  4. In the Comments field, enter a brief, descriptive summary for the configuration.
  5. Add the NTP servers. When you add an NTP server, you can specify whether to use NTS (Network Time Security) to secure connections with the NTP server. When you secure connections with NTS, specify the truststore to authenticate the server certificate. The truststore must define all certificates to establish the PKIX trust chain.
    1. Click Add.
    2. In the NTP server field, enter the IP address or hostname of an NTP server.
    3. Set the Use NTS property to On to secure the connection with NTS.
    4. From the Truststore lists when the connection uses NTS to secure the connect, select the truststore to authenticate the server certificate.
    5. Click Apply to add the entry to the list.
    6. Optional: Repeat this step to add another NTP server.
  6. In the Refresh interval field, enter the interval between the time of day requests that the DataPower Gateway generates when it is an SNTP client.
  7. In the Timeout field, enter the time to wait for a response from an NTP server before trying the next server in the list.
  8. Click Apply to save changes to the running configuration.
  9. Click Save to save changes to the persisted configuration.

Results

After the page refreshes, review the data in the Local time field.

To view the status of the most recent NTP refresh, access NTP refresh status, which is the show ntp-refresh command. This status provider displays the following information.
  • Last NTP server queried
  • Results from last query
  • Time after the last refresh
  • Current local time