The Network Time Protocol (NTP) provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse network. VMware recommends using NTP to synchronize the system clocks of Edges and other network devices.
As an enterprise user, you can configure a time source for the SD-WAN Edge to set its own time accurately by configuring a set of upstream NTP Servers to get its time. While the Edge attempts to set its time from a default set of public NTP Servers, but the time set is not reliable in most secure networks. In order to ensure that the time is set correctly on an Edge, you must enable the Private NTP Servers feature and then configure a set of NTP Servers. Once the Edge's own time source is properly configured, you can configure the SD-WAN Edge to act as an NTP Server to its own clients.
NTP has the following prerequisites:
- To configure an SD-WAN Edge to act as an NTP Server for its clients, you must first configure the Edge's own NTP time sources by defining Private NTP Servers.
- From the SD-WAN Orchestrator, go to Configure > Profiles.
The Configuration Profiles page appears.
- Select a profile for which you want to configure NTP and click the icon under the Device column.
The Device Settings page for the selected profile appears.
- Configure the Edge's own time sources by defining Private NTP Servers. These servers could be either known time sources within your own network, or well-known time servers on the public Internet, if they are reachable from the Edge. To define Private NTP Servers:
- Go to the NTP area and select the Private NTP Servers Enabled checkbox.
- In the Servers textbox, enter the IP address of your Private NTP Server. If DNS is configured, you can use a domain name instead of an IP address. To configure another NTP Server, click the + button.
It is strongly recommended to add two or three servers to increase availability and accuracy of time setting. If you do not set Private NTP Servers, the Edge attempts to set its time from a default set of public NTP Servers, but that is not guaranteed to work, especially if the Edge cannot communicate to servers on the public Internet.Note: SD-WAN Orchestrator allows you to enable the Edge to act as an NTP Server to its clients, only if you have defined Private NTP Servers.As Edge interfaces are not available at the Profile level, the Source Interface field is set to Auto. The Edge automatically selects an interface with 'Advertise' field set as the source interface.
- Once you have defined Private NTP Servers, Orchestrator allows you to configure the SD-WAN Edge to act as an NTP Server for its clients:
- Under Edge as NTP Server, select the Enabled checkbox. You can select the checkbox only if you have enabled at least one Private NTP Server.
- Choose the type of NTP Authentication as either None or MD5.
- If you choose MD5, then you must configure the NTP authentication key value pair details.
- Click Save Changes. The NTP configuration settings are applied to the selected profile.
What to do next
At the Edge-level, you can override the NTP settings for specific Edges. For more information, see Configure NTP Settings for Edges.