Clock is not synchronized between RE and data-plane modules (SPC, SPU, CPP)

This article explains why the clock may be unsynchronized between the Routing Engine (RE) and the data-plane modules (SPC, SPU, CPP) on the High-End SRX device, when no external NTP servers are used. It also provides a workaround that helps to keep all the modules synchronized.

When an external NTP server is not configured on the High-End SRX device, the clock on the data-plane modules (SPC, SPU, CPP) may be not synchronized with the Routing Engine (RE).

This may result in issues with some functionality, such as certificate-based authentication and other PKI-based services.

In addition, the lack of clock synchronization between modules makes troubleshooting significantly more difficult, due to inconsistent time stamps in the log files.

When no NTP servers are configured on the High-End SRX, the clock setting on all the data-plane modules (SPC, SPU, CPP) is reset to a default value during every reboot of the corresponding module (including the entire chassis reboot).

When at least one NTP server is configured, the clock setting is synchronized with the Routing Engine (RE) during every reboot of the corresponding module.

If using an external NTP server is not an option, you can configure the Routing Engine to act as a local NTP server for the data-plane modules (SPC, SPU, CPP).

In the following example, we can see that the clock setting is incorrect on the SPU, because it was reset to the default value during the last reboot:

At the same time, the RE shows the following correct clock setting:

We can configure the RE to act as a local NTP server as follows:

During the next reboot, the clock setting on all the data-plane modules will be synchronized with the RE. We can see the result on the same SPU, after the reboot:

Note: The synchronization will only happen during the reboot of the corresponding module. There will be no periodic synchronization. Therefore, a certain time drift is still possible between the RE and the data-plane modules after the system remains up for a long time. Using an external NTP server will solve this issue, since the RE and the data-plane modules will be synchronized periodically.

About the author

Prasanna

Leave a Comment