Network Services Flashcards
NTP
NTP is used to synchronize timekeeping among a set of distributed time servers and clients. NTP uses UDP port 123 as both the source and destination, which in turn runs over IP.
An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock that is attached to a time server. NTP then distributes this time across the network. An NTP client makes a transaction with its server over its polling interval (from 64 to 1024 seconds). This transaction dynamically changes over time depending on the network conditions between the NTP server and the client. No more than one NTP transaction per minute is needed to synchronize two machines.
The communications between machines running NTP (associations) are usually statically configured. Each machine is given the IP addresses of all machines with which it should form associations. However, in a LAN, NTP can be configured to use IP broadcast messages instead. This alternative reduces configuration complexity because each machine can be configured to send or receive broadcast messages. However, the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
NTP Versions
NTPv4 is an extension of NTPv3 and provides the following capabilities:
NTPv4 supports IPv6, making NTP time synchronization possible over IPv6. Security is improved over NTPv3. NTPv4 provides a whole security framework that is based on public key cryptography and standard X.509 certificates. Using specific multicast groups, NTPv4 can automatically calculate its time-distribution hierarchy through an entire network. NTPv4 automatically configures the hierarchy of the servers to achieve the best time accuracy for the lowest bandwidth cost. In NTPv4 for IPv6, IPv6 multicast messages instead of IPv4 broadcast messages are used to send and receive clock updates.
Stratum
NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. For example, a Stratum 1 time server has a radio or atomic clock that is directly attached to it. It then sends its time to a Stratum 2 time server through NTP, and so on. A machine running NTP automatically chooses the machine with the lowest stratum number that is configured to communicate with by using NTP as its time source. This strategy effectively builds a self-organizing tree of NTP speakers.
NTP Sychronization
NTP avoids synchronizing to a machine whose time may not be accurate in two ways:
NTP never synchronizes to a machine that is not synchronized itself. NTP compares the time that several machines report. NTP will not synchronize to a machine whose time is significantly different from the others, even if its stratum is lower.
NTP Modes
NTP can operate in these four different modes that provide you with the flexibility for configuring time synchronization in your network:
Server Client Peer Broadcast/multicast
NTP Mode - Client
It synchronizes its time to the server.
A device that is an NTP client can act as an NTP server to another device.
NTP Mode - Server
It provides accurate time information to clients.
A device that is an NTP client can act as an NTP server to another device.
NTP Mode - Peer
Peers exchange time synchronization information. The peer mode is also commonly known as symmetric mode. It is intended for configurations where a group of low stratum peers operate as mutual backups for each other.
Symmetric modes are most often used between two or more servers operating as a mutually redundant group and are configured with the ntp peer command. In these modes, the servers in the group members arrange the synchronization paths for maximum performance, depending on network jitter and propagation delay. If one or more of the group members fail, the remaining members automatically reconfigure as required.
NTP Mode - Broadcast/Multicast
The broadcast mode requires a broadcast server on the same subnet. Because routers do not propogate broadcast messages, only broadcast servers on the same subnet are used. Broadcast mode is intended for configurations that involve one or a few servers and a potentially large client population. On a Cisco device, a broadcast server is configured by using the broadcast command with a local subnet address. A Cisco device acting as a broadcast client is configured by using the broadcast client command, allowing the device to respond to broadcast messages that are received on any interface.
NTP Authentication Configuration
Cisco devices support only MD5 authentication for NTP. To configure NTP authentication, follow these steps:
Define the NTP authentication key or keys with the ntp authentication-key command. Every number specifies a unique NTP key. Enable NTP authentication by using the ntp authenticate command. Tell the device which keys are valid for NTP authentication by using the ntp trusted-key command. The only argument to this command is the key that you defined in the first step. 4. Specify the NTP server that requires authentication by using the ntp server ip_address key key_number command. You can similarly authenticate NTP peers by using the ntp server ip_address key key_number command.
Not all clients need to be configured with NTP authentication. NTP does not authenticate clients—it authenticates the source. Therefore, the device will still respond to unauthenticated requests. Be sure to use access lists to limit NTP access.
NTP ACL Restrictions
For NTP, the following four restrictions can be configured through access lists:
peer: Time synchronization requests and control queries are allowed. A device is allowed to synchronize itself to remote systems that pass the access list. serve: Time synchronization requests and control queries are allowed. A device is not allowed to synchronize itself to remote systems that pass the access list. serve-only: It allows synchronization requests only. query-only: It allows control queries only.
PTP
defined in IEEE 1588 as Precision Clock Synchronization for Networked Measurements and Control Systems. PTP was developed to synchronize clocks in packet-based networks that include distributed device clocks of varying precision and stability. PTP is designed specifically for industrial, networked measurement and control systems, and is optimal for use in distributed systems because it requires minimal bandwidth and little processing overhead.
PTP Characteristics
The following are PTP characteristics:
Smart grid power automation applications, such as peak-hour billing, virtual power generators, and outage monitoring and management, require extremely precise time accuracy and stability.
Timing precision improves network monitoring accuracy and troubleshooting ability.
The PTP message-based protocol can be implemented on packet-based networks, such as Ethernet networks.
The benefits of using PTP in an Ethernet network include:
Low cost and easy setup in existing Ethernet networks.
Limited bandwidth is required for PTP data packets.
Best Master Clock Algorithm (BMCA)
pecifies how each clock on the network determines the best primary clock in its subdomain of all the clocks it can see, including itself. The BMCA runs locally on each port in the network continuously for every announce interval and quickly adjusts for changes in network configuration. BMCA based on IEEE 1588-2008 uses announce messages for advertising clock properties.
BMCA Criteria
The BMCA uses the following criteria to determine the best primary clock in the subdomain:
Clock quality, where GPS is considered the highest quality. Clock accuracy of the clock’s time base. Stability of the local oscillator. Closest clock to the grandmaster.
BMCA Attributes to Determine Best Clock
BMCA based on IEEE 1588-2008 uses own data set with the received data set to determine the best clock based on the attributes with the following properties, in the indicated order:
Priority1: User-assigned priority to each clock. The range is from 0 to 255. The default value is 128. Class: Class to which the clock belongs to, each class has its own priority. Accuracy: Precision between clock and UTC, in nanoseconds. Variance: Variability of the clock. Priority2: Final-defined priority. The range is from 0 to 255. The default value is 128. Unique Identifier: 64-bit Extended Unique Identifier (EUI).
PTP Clock Types
A PTP network is made up of PTP-enabled devices and devices that are not using PTP.
The PTP-enabled devices typically consist of the following clock types:
The Grandmaster Clock is the primary source of time for clock synchronization using PTP. An Ordinary Clock is a PTP clock with a single PTP port. A Boundary Clock in a PTP network operates in place of a standard network switch or router. A Transparent Clock in a PTP network updates the time-interval field that is part of the PTP event message. This update compensates for switch delay and has an accuracy of within one picosecond.
Transparent Clock Types
There are two types of transparent clocks:
End-to-end (E2E) transparent clocks measure the PTP event message transit time for SYNC and DELAY_REQUEST messages. The secondary uses this information when determining the offset between the secondary’s and the primary’s time. End-to-end transparent clocks do not provide correction for the propagation delay of the link itself. Peer-to-peer (P2P) transparent clocks measure PTP event message transit time in the same way end-to-end transparent clocks do. In addition, peer-to-peer transparent clocks measure the upstream link delay. The upstream link delay is the estimated packet propagation delay between the upstream neighbor peer-to-peer transparent clock and the peer-to-peer transparent clock under consideration. These two times (message transit time and upstream link delay time) are both added to the correction field of the PTP event message, and the correction field of the message received by the secondary contains the sum of all link delays. In theory, this is the total end-to-end delay (from primary to secondary) of the SYNC packet.
PTP Domain Characteristics
These are PTP domain characteristics:
A PTP domain is an interacting set of clocks that synchronize to one another using PTP. Domains allow multiple clock distribution systems to share the same communications medium. Default domain is 0. Cisco Industrial Ethernet (IE) switches work with a single domain. Power profile standard requires a domain to be configurable. Boundary clock drops packets with a wrong domain.
Logging mechanisms
Cisco device syslog messages, which include OS notifications about unusual network activity or administrator implemented debug messages.
SNMP trap notifications about network device status or configured thresholds being reached. Exporting of network traffic flows using NetFlow.
Syslog Destinations
Console: By default, logging is enabled on the console port. Hence, the console port always processes syslog output even if you are using some other port or method (such as aux, vty, or buffer) to capture the output.
AUX and VTY Ports: To receive syslog messages when connected to the AUX port or remotely logged into the device via Telnet or SSH through the vty lines, type the terminal monitor command. Memory Buffer: Logging to memory logs messages to an internal buffer. The buffer is circular in nature, so newer messages overwrite older messages after the buffer is filled. The buffer size can be changed, but to prevent the router from running out of memory, do not make the buffer size too large. To enable system message logging to a local buffer, use the logging buffered command in global configuration mode. To display messages that are logged in the buffer, use the show logging command. The first message displayed is the oldest message in the buffer. Syslog Server: To log system messages and debug output to a remote host, use the logging host command in the global configuration mode. This command identifies a remote host (usually a device serving as a syslog server) to receive logging messages. By issuing this command more than once, you can build a list of hosts that receive logging messages. Flash Memory: Logging to buffer poses an issue when trying to capture debugs for an intermittent issue or during high traffic. When the buffer is full, older messages are overwritten. And when the device reboots, all messages are lost. Using persistent logging allows you to write logged messages to files on a router's flash disk. To log messages to flash, use the logging persistent command.
Syslog Format
seq no:time stamp: %facility-severity-MNEMONIC:description
seq no: Stamps log messages with a sequence number only if the service sequence-numbers global configuration command is configured.
time stamp: Date and time of the message or event, which appears only if the service time stamps log[datetime | log] global configuration command is configured.
facility: The facility to which the message refers (for example, SNMP, system, and so on).
severity: Single-digit code from 0 to 7 that is the severity of the message.
MNEMONIC: The text string that uniquely describes the message.
description: The text string containing detailed information about the event that the message is reporting.
Logging Severity
There are eight levels of severity of logging messages. Levels are numbered from 0 to 7, from most severe (emergency messages) to least severe (debug messages).
By default, system logging is “on,” and the default severity level is debugging, which means that all messages are logged.
Emergency (Severity 0): System is unusable
Alert (Severity 1): Immediate action needed
Critical (Severity 2): Critical condition
Error (Severity 3): Error condition
Warning (Severity 4): Warning condition
Notification (Severity 5): Normal but significant condition
Informational (Severity 6): Informational message
Debugging (Severity 7): Debugging message
SNMP Components
SNMP Manager network management system (NMS): Collects management data from managed devices via polling or trap messages.
SNMP Agent: Found on a managed network device, it locally organizes data and sends it to the manager.
