Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Timing and Synchronization Guide Network Time Protocol NTP Concepts

Timing and Synchronization Guide

keyboard_arrow_up
close
keyboard_arrow_left
Timing and Synchronization Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

NTP Time Servers

date_range 10-Jan-25
arrow_backward
arrow_forward

The IETF defined the Network Time Protocol (NTP) to synchronize the clocks of computer systems connected to each other over a network. Most large networks have an NTP server that ensures that time on all devices is synchronized, regardless of the device location. If you use one or more NTP servers on your network, ensure you include the NTS server addresses in your Junos OS configuration.

When configuring the NTP, you can specify which system on the network is the authoritative time source, or time server, and how time is synchronized between systems on the network. To do this, you configure the router, switch, or security device to operate in one of the following modes:

  • Client mode—In this mode, the local router or switch can be synchronized with the remote system, but the remote system can never be synchronized with the local router or switch.

  • Symmetric active mode—In this mode, the local router or switch and the remote system can synchronize with each other. You use this mode in a network in which either the local router or switch or the remote system might be a better source of time.

    Symmetric active mode can be initiated by either the local or the remote system. Only one system needs to be configured to do so. This means that the local system can synchronize with any system that offers symmetric active mode without any configuration whatsoever. However, we strongly encourage you to configure authentication to ensure that the local system synchronizes only with known time servers.

  • Broadcast mode—In this mode, the local router or switch sends periodic broadcast messages to a client population at the specified broadcast or multicast address. Normally, you include this statement only when the local router or switch is operating as a transmitter.

  • Server mode—In this mode, the local router or switch operates as an NTP server.

    In NTP server mode, the Junos OS supports authentication as follows:

    • If the NTP request from the client comes with an authentication key (such as a key ID and message digest sent with the packet), the request is processed and answered based on the authentication key match.

    • If the NTP request from the client comes without any authentication key, the request is processed and answered without authentication.

Configure NTP Time Server and Time Services

When you use NTP, configure the router or switch to operate in one of the following modes:

  • Client mode

  • Symmetric active mode

  • Broadcast mode

  • Server mode

Configure the Router or Switch to Operate in Client Mode

To configure the local router or switch to operate in client mode, include the server statement and other optional statements at the [edit system ntp] hierarchy level:

content_copy zoom_out_map
[edit system ntp]
server address <key key-number> <version value> <prefer>; 
authentication-key key-number type type value password;
trusted-key[key-numbers];

Specify the address of the system acting as the time server. You must specify an address, not a hostname.

To include an authentication key in all messages sent to the time server, include the key option. The key corresponds to the key number you specify in the authentication-key statement, as described in .

By default, the router or switch sends NTP version 4 packets to the time server. To set the NTP version level to 1, 2, or 3, include the version option.

If you configure more than one time server, you can mark one server preferred by including the prefer option.

The following example shows how to configure the router or switch to operate in client mode:

content_copy zoom_out_map
[edit system ntp]
authentication-key 1 type md5 value "$ABC123";
server 10.1.1.1 key 1 prefer;
trusted-key 1;

Configure the Router or Switch to Operate in Symmetric Active Mode

To configure the local router or switch to operate in symmetric active mode, include the peer statement at the [edit system ntp] hierarchy level:

content_copy zoom_out_map
[edit system ntp]
peer address <key key-number> <version value> <prefer>;

Specify the address of the remote system. You must specify an address, not a hostname.

To include an authentication key in all messages sent to the remote system, include the key option. The key corresponds to the key number you specify in the authentication-key statement.

By default, the router or switch sends NTP version 4 packets to the remote system. To set the NTP version level to 1, 2 or 3, include the version option.

If you configure more than one remote system, you can mark one system preferred by including the prefer option:

content_copy zoom_out_map
 peer address <key key-number> <version value> prefer;

Configure the Router or Switch to Operate in Broadcast Mode

To configure the local router or switch to operate in broadcast mode, include the broadcast statement at the [edit system ntp] hierarchy level:

content_copy zoom_out_map
[edit system ntp]
broadcast address <key key-number> <version value> <ttl value>;

Specify the broadcast address on one of the local networks or a multicast address assigned to NTP. You must specify an address, not a hostname. If the multicast address is used, it must be 224.0.1.1. Multicast protocols PIM and IGMP should be enabled on the NTP client facing interfaces in order to facilitate the device to transmit NTP packets over multicast address 224.0.1.1. Run the following commands to do so:

content_copy zoom_out_map
set protocols igmp interface <interface_name> static group 224.0.1.1
set protocols pim rp local address <interface_ip>
set protocols pim interface <interface_name> mode sparse-dense
Note:

NTP over multicast is not supported within the routing instance on the device.

To include an authentication key in all messages sent to the remote system, include the key option. The key corresponds to the key number you specify in the authentication-key statement.

By default, the router or switch sends NTP version 4 packets to the remote system. To set the NTP version level to 1, 2, or 3, include the version option.

Configure the Router or Switch to Operate in Server Mode

In server mode, the router or switch acts as an NTP server for clients when the clients are configured appropriately. The only prerequisite for “ server mode” is that the router or switch must be receiving time from another NTP peer or server. No other configuration is necessary on the router or switch.

When configuring the NTP service in the management VRF (mgmt_junos), you must configure at least one IP address on a physical or logical interface within the default routing instance and ensure that this interface is up in order for the NTP service to work with the mgmt_junos VRF.

To configure the local router or switch to operate as an NTP server, include the following statements at the [edit system ntp] hierarchy level:

content_copy zoom_out_map
[edit system ntp]
authentication-key  key-number type type value password;
server address <key key-number> <version value> <prefer>; 
trusted-key [key-numbers];

Specify the address of the system acting as the time server. You must specify an address, not a hostname.

To include an authentication key in all messages sent to the time server, include the key option. The key corresponds to the key number you specify in the authentication-key statement.

By default, the router or switch sends NTP version 4 packets to the time server. To set the NTP version level to 1,or 2, or 3, include the version option.

If you configure more than one time server, you can mark one server preferred by including the prefer option.

The following example shows how to configure the router or switch to operate in server mode:

content_copy zoom_out_map
[edit system ntp]
authentication-key 1 type md5 value "$ABC123";
server 192.168.27.46 prefer;
trusted-key 1;

Starting unos OS Evolved release version 24.2R1, the following options are added to configure the NTS feature:

content_copy zoom_out_map
[edit system ntp]
 nts 
{
       local-certificate <certificate-id of local certificate>;
	trusted-ca (trusted-ca-group <trusted ca-group name> | trusted-ca-profile <ca-profile name>);
}

[edit system ntp server <server>]
 nts remote-identity 
{
 	hostname <FQDN of server>;
 	distinguished-name (container <container-string> | wildcard <wild-card string>);
}

Related Documentation

arrow_backward PREVIOUS Network Time Protocol
NEXT arrow_forward NTP Authentication Keys
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top