NTP (Network Time Protocol) settings are critical for the functioning of the NSX Advanced Load Balancer. The analytics functionality in the Controller relies on synchronization between the Controller in the cluster and SE. Controller synchronize time with the configured NTP servers and the SE in turn synchronize time with the Controller.
NSX Advanced Load Balancer requires access to valid DNS and NTP servers for operation. Using an NTP server is especially critical, without which NSX Advanced Load Balancer cannot function properly.
Port 123 must be open on the NSX Advanced Load Balancer Controller to receive timestamps over UDP.
Configure DNS/ NTP Settings using the UI
Configure NTP servers from the NSX Advanced Load Balancer UI as follows:
Navigate to
.Click the EDIT button to view the EDIT SYSTEM SETTINGS screen.
Under DNS/NTP tab, enter DNS Resolver(s). This is a comma-delimited list of DNS server IP addresses. If a DNS server is not configured, NSX Advanced Load Balancer will not be able to accept names for load-balanced servers, virtual services, mail servers, and similar inputs.
Enter the Search Domain to use in DNS lookup.
Configure NTP Authentication Keys.
Click Add.
Enter the Key Number from the list of trusted keys used to authenticate this server.
Select the Message Digest Algorithm used for NTP authentication. Message Digest (MD5) and Secure Hash Algorithm (SHA1) are selected.
Enter the NTP Authentication Key.
Under NTP Servers, select the Key Number for NTP authentication and the IP address of the NTP Servers.
Click SAVE.
Configure DNS/ NTP Settings using the CLI
Configure NTP servers from the CLI as follows.
: > configure systemconfiguration : systemconfiguration> ntp_configuration : systemconfiguration:ntp_configuration> ntp_server_list 23.239.26.89 ntp_server_list 69.89.207.99 : systemconfiguration:ntp_configuration> exit : systemconfiguration> exit +-------------------------------------+----------------------------------+ | Field | Value | +-------------------------------------+----------------------------------+ | uuid | default | | dns_configuration | | | search_domain | | | ntp_configuration | | | ntp_server_list[1] | 23.239.26.89 | | ntp_server_list[2] | 69.89.207.99 | | tech_support_uploader_configuration | | | auto_upload | False | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | True | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | docker_mode | False | +-------------------------------------+----------------------------------+
The DNS Search Domain is the local domain name, which will be appended to a name that is not fully qualified. For instance, if the DNS search domain is set to avinetworks.com, and the name to be resolved is www, NSX Advanced Load Balancer will look up www.avinetworks.com.
Configure DNS Settings using the CLI
The .local
domains are not resolvable by default through the configured DNS server (local domains are not routed to DNS servers). The search domains need to be configured explicitly for .local
domains to make lookups work within this DNS domain. Configure the DNS settings from the CLI as shown below.
[admin:avictrl]: > configure systemconfiguration [admin:avictrl]: systemconfiguration> dns_configuration [admin:avictrl]: systemconfiguration:dns_configuration> search_domain "test.domain1.local test.domain2.com" Overwriting the previously entered value for search_domain [admin:avictrl]: systemconfiguration:dns_configuration> save [admin:avictrl]: systemconfiguration> save +----------------------------------+------------------------------------+ | Field | Value | +----------------------------------+------------------------------------+ | uuid | default | | dns_configuration | | | server_list[1] | 10.79.16.132 | | search_domain | test.domain1.local test.domain2.com| | ntp_configuration | | | ntp_servers[1] | | | server | 0.us.pool.ntp.org | | ntp_servers[2] | | | server | 1.us.pool.ntp.org | | ntp_servers[3] | | | server | 2.us.pool.ntp.org | | ntp_servers[4] | | | server | 3.us.pool.ntp.org | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard-Portal | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | disable_swagger | False | | api_force_timeout | 24 hours | | minimum_password_length | 8 | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | False | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | disable_tls | False | | docker_mode | False | | ssh_ciphers[1] | aes128-ctr | | ssh_ciphers[2] | aes256-ctr | | ssh_hmacs[1] | [email protected] | | ssh_hmacs[2] | [email protected] | | ssh_hmacs[3] | hmac-sha2-512 | | default_license_tier | ENTERPRISE | | secure_channel_configuration | | | sslkeyandcertificate_refs[1] | System-Default-Secure-Channel-Cert | | welcome_workflow_complete | False | | fips_mode | False | | enable_cors | False | | common_criteria_mode | False | +----------------------------------+------------------------------------+
Configure DNS Settings using the API
Configure NTP servers with the API as follows.
{ }, "ntp_configuration": { "ntp_server_list": [ { "type": "V4", "addr": "23.239.26.89" }, { "type": "V4", "addr": "69.89.207.99" } ] } }
Configuring NTP Authentication using the CLI
NTP authentication can be enabled using either the CLI or the REST API. With NTP authentication, one can specify a set of trusted authentication keys and configure each NTP server peer with a specific authentication key. The NTP authentication key object consists of a key number, key algorithm (SHA1 or MD5) and the key itself.
Configure NTP and NTP authentication with the CLI as follows.
[admin:10-10-25-45]: > configure systemconfiguration [admin:10-10-25-45]: systemconfiguration> ntp_configuration [admin:10-10-25-45]: systemconfiguration:ntp_configuration> ntp_authentication_keys key_number 1 algorithm ntp_auth_algorithm_md5 key "=I&FBDl,WM,en5Mn~DaG" New object being created [admin:10-10-25-45]: systemconfiguration:ntp_configuration:ntp_authentication_keys> exit [admin:10-10-25-45]: systemconfiguration:ntp_configuration> ntp_authentication_keys key_number 5 algorithm ntp_auth_algorithm_sha1 key ff9a0d589668a0f66649abbd7dfb388d841f1f44 New object being created [admin:10-10-25-45]: systemconfiguration:ntp_configuration:ntp_authentication_keys> exit [admin:10-10-25-45]: systemconfiguration:ntp_configuration> exit [admin:10-10-25-45]: systemconfiguration:ntp_configuration> ntp_servers server 23.239.26.89 New object being created [admin:10-10-25-45]: systemconfiguration:ntp_configuration:ntp_servers> exit [admin:10-10-25-45]: systemconfiguration:ntp_configuration> ntp_servers server 69.89.207.99 key_number 5 New object being created [admin:10-10-25-45]: systemconfiguration:ntp_configuration:ntp_servers> exit [admin:10-10-25-45]: systemconfiguration:ntp_configuration> exit [admin:10-10-25-45]: systemconfiguration> exit +-------------------------------------+------------------------------------------+ | Field | Value | +-------------------------------------+------------------------------------------+ | uuid | default | | dns_configuration | | | search_domain | | | ntp_configuration | | | ntp_authentication_keys[1] | | | key_number | 1 | | algorithm | NTP_AUTH_ALGORITHM_MD5 | | key | =I&FBDl,WM,en5Mn~DaG | | ntp_authentication_keys[2] | | | key_number | 5 | | algorithm | NTP_AUTH_ALGORITHM_SHA1 | | key | ff9a0d589668a0f66649abbd7dfb388d841f1f44 | | ntp_servers[1] | | | server | 23.239.26.89 | | ntp_servers[2] | | | server | 69.89.207.99 | | key_number | 5 | | tech_support_uploader_configuration | | | auto_upload | False | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | True | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | docker_mode | False | +-------------------------------------+------------------------------------------+
Configuring NTP Authentication using the API
Configure NTP and NTP authentication with the API as follows.
{ }, "ntp_configuration": { "ntp_servers": [ { "server": { "type": "V4", "addr": "23.239.26.89" } }, { "key_number": 5, "server": { "type": "V4", "addr": "69.89.207.99" } } ], "ntp_authentication_keys": [ { "key_number": 1, "algorithm": "NTP_AUTH_ALGORITHM_MD5", "key": "=I&FBDl,WM,en5Mn~DaG" }, { "key_number": 5, "algorithm": "NTP_AUTH_ALGORITHM_SHA1", "key": "ff9a0d589668a0f66649abbd7dfb388d841f1f44" } ] } }