NTP Server Health Monitor

The udp monitor is a bit counterintuitive in that it considers a service UP if it receives no response from the node. If there is any sort of response it assumes it to be an error and therefore marks the service down.

 

 

So pretty much the only option for effectively monitoring this type of service is to call an external monitor script that can interactively check the application.

 

 

There doesn't appear to be anything in the codeshare for NTP, but there is this script for DNS, which is along the same lines as a udp service: Click here

 

 

Denny

If BIG-IP is synced to your NTP servers, why not just use one of the self-IP's as the server and eliminate the extra call? My XP machine sync's just fine to my self IP:

 

 

 

[root@ltm-dc01:Active] config ntpdc -p

 

remote local st poll reach delay offset disp

 

=======================================================================

 

=ntp-1.gw.uiuc.e 10.10.10.10 2 256 377 0.02010 -0.014216 0.00352

 

*time.missouri.e 10.10.10.10 2 256 377 0.02060 -0.012398 0.00449

 

 

As verified in tcpdump:

 

[root@ltm-dc01:Active] config tcpdump -ni 0.0 udp port 123

 

tcpdump: listening on 0.0

 

14:12:10.705663 802.1Q vlan10 P0 10.10.10.240.ntp > 10.10.10.10.ntp: v3 sym_act strat 0 poll 10 prec -6

 

14:12:10.706130 802.1Q vlan10 P0 10.10.10.10.ntp > 10.10.10.240.ntp: v3 sym_pas strat 3 poll 10 prec -16 (DF) [tos 0x10]

 

 

 

So if you wanted to monitor, you could edit the DNS script as Denny suggested, using ntpq or ntpdc and cut out the stratum value to get a positive check for stratum=X, or a negative check for stratum!=16.

Can the default ICMP do the trick. but in the first place why do you need to load balance a NTP server?

The main reason to load balance NTP server (in my case) is to let apps teams, network teams, etc. know 1 IP address for their setup. They don't need to change their setup, even the NTP server(s) downed or replaced with the new IP addresses. You can start with http://devcentral.f5.com/Wiki/default.aspx/AdvDesignConfig/DNSMonitorUsingNSLookup.html and replace "nslookup..." line with "ntpdate -q $node_ip | grep adjust > /dev/null 2>&1"

Posted By Danny Trinh on 06/08/2009 2:47 PM

and replace "nslookup..." line with "ntpdate -q $node_ip | grep adjust > /dev/null 2>&1"

I found (at least on v10.0.1) that it was better to check on the exit errorlevel to see if a node was responding correctly.

 
 "ntpdate -q $node_ip" 
 status=$? 
 

It's also advisable to use simple persistence across NTP nodes rather than RR etc. NTP clients typically send 3 requests in quick succession, you want all of these to arrive at the same host to avoid jitter which will make your client untrust the source.