steveosgood
Contributor
Contributor

NSX-T as Internal NTP Server?

Hi All,

First post - please be nice.  I have been in the field a long time, and like to think I am pretty good at Google, which is most of the reason this is my first post.

Short question - Can any component of NSX-T serve NTP internally to the environment?

I am in the process of developing our NSX firewall policies, and realized everything in our environment (approaching 1000 VMs) is pointed at a physical Microsemi NTP Server (obviously outside of the NSX environment).  In the interest of saving North/South bandwidth across the Edges, I am looking for a way to keep as much traffic inside, or outside, NSX as possible.  Hoping to find a way for an NSX component to sync to the Microsemi, then act as a server for the rest of the environment.  I've done this with physical routers at remote sites in the past to save WAN traffic, seems we should be able to do the same with newer solutions.

Thanks in advance!

-Steve

0 Kudos
2 Replies
Sreec
VMware Employee
VMware Employee

Hi Steve,

               Having a physical NTP server is fine, it gives us additional protection assuming they are not placed in the same chassis or rack. Do you have any drift currently reported in the setup? Having a single NTP is certainly not a good design. Ideally, we should have highly available Internal NTP servers(It can be virtual, physical, or a combination) which can sync with external NTP sources as well. NTP traffic will not impact N-S bandwidth (Edges) assuming there are redundant uplinks with a minimum of 2x10G connectivity(Management Uplinks), Routed connections are using different interfaces and they are not the ones Syncing with NTP. That being said, NSX-T Manager requires NTP settings that synchronize it with the rest of the environment( not limited to Edges), just ensure that NTP configurations are consistent on all the integrated solutions in the stack. 

Cheers,
Sree | CKA|CKAD|VCIX-3X| VCAP-4X| VExpert 5x
0 Kudos
mauricioamorim
VMware Employee
VMware Employee

You cannot use an NSX component as an NTP server. What you can do to keep most of the NTP traffic inside NSX is have on or more VMs serve as NTP server for your virtual environment while only these NTP server VMs synchronise to physical NTP server.

Although I would not worry about NTP traffic going through the edges as this is quite low.

0 Kudos