Configure Network Edge Devices as Timing Gateways

Before you create a connection to the Precision Timing network, you must configure Network Edge virtual devices to act as gateways for Precision Time services. The following sections describe high-level steps for configuring Network Edge devices.

Considerations

  • Network Edge is supported only for the NTP protocol with Enterprise service.

  • When you configure your Equinix Precision Time connection, be sure to add an IP value for your gateway interface. This value will be assigned to the virtual firewall interface that connects to the Precision Time network.

Configure a Network Edge Firewall or Router as a Timing Gateway

This diagram shows an Equinix Precision Time configuration that uses a Network Edge firewall or router as the timing Gateway. The customer side connects over Equinix Fabric.

Configure a Network Edge Firewall as a Timing Gateway

Note: Before you begin, you must spin up a virtual Network Edge firewall.

You can use SSH to configure your firewall:

  1. Assign the gateway IP address from your Precision Time connection to the respective interface.

  2. Based on the Network Edge firewall, create address groups for the timing sources and your LAN devices.

  3. Configure the LAN-facing interface of the firewall.

  4. Create the required access for your LAN network to the Precision Time sources.

Alternatively, you can use the Palo Alto interface to set up your firewall gateway, as described in this example:

  1. In the Palo Alto interface, navigate to Network > Interfaces. Select the interface that you want to configure.

  2. Select Interface Type > Layer3.

  3. In the IP section, add your IP address and assign it as the gateway for your timing network.

  4. Configure the Palo Alto zones by navigating to Config > New Zone > Security Zone > define a name. Click Ok.

  5. Create a policy for access from the client to the timing server.

  6. Provide access to ICMP packets and NTP service for the EPT client from the EPT_CLIENT zone to the timing servers in the ept (timing server's) zone.

Configure a Network Edge Router as a Timing Gateway

Note: Before you begin, you must spin up a virtual Network Edge firewall.

You can use SSH to configure your router:

  1. Assign the gateway IP address from your Precision Time connection to the respective interfaces on each Network Edge virtual router.

  2. If you are adding an access control list (ACL), be sure to permit both Equinix Precision timing servers' IP addresses and the NTP port 123.

  3. Configure the IP addresses of the Equinix Precision timing servers as your NTP source.

  4. Configure the LAN-facing interface of the Network Edge router towards your network.

  5. Ensure that this network can be reached by the rest of your network through dynamic or static routing.

  6. If you are advertising your timing network (the gateway interface) in an Interior Gateway Protocol (IGP), ensure that this interface is passive. This will prevent sending hello messages towards the Equinix Precision timing servers.

  7. You can make the router into your NTP timing server, or you can route your clients to the Equinix Precision timing network.

For command examples, see the following procedure.

Use SSH to Configure a Network Edge Router as a Timing Gateway

Note: Before you begin, you must spin up a virtual Network Edge firewall.

You can use SSH to configure your router:

  1. Assign the gateway IP address from your Precision Time connection to the respective interface on the Network Edge virtual router.

  2. If you are adding an ACL, be sure to permit the Equinix Precision timing server's IP address and the NTP port 123.

  3. Configure the IP address of the Precision timing server to be your NTP source.

  4. Configure the LAN-facing interface of the NE routers towards your network.

  5. Ensure that this network can be reached by the rest of your network through dynamic or static routing.

  6. If you are advertising your timing network (the gateway interface) in an Interior Gateway Protocol (IGP), ensure that this interface is passive. This will prevent sending hello messages towards the Equinix Precision timing server.

  7. You can make the router into your NTP timing server, or you can route your clients to the Equinix Precision Time network. To advertise a unique IP address as the NTP source to your network, consider the Anycast NTP solution.

After your Network Edge virtual device is configured, you can connect to the Precision timing network. See Order Precision Time with Quick Connect to set up a connection.

Configure a Network Edge SD-WAN as a Timing Gateway

Note: Before you begin this procedure, you must spin up a virtual Network Edge SD-WAN. To provision a Cisco SD-WAN device, see Provision Cisco cEdge SD-WAN in CLI Template Mode. This device is used as an example in the configuration steps below.

Sample Configuration of Cisco SD-WAN Device

Create a VMware SD-WAN Edge instance:

  • Device configuration – Self-configured

  • Licensing – Bring your own license (BYOL)

  • Device Resources – 2 Cores, 4 GB memory

  • Software Package – DNA Advantage

  • Software Version – 17.03.03

  • Device Name – Test_device

  • Activation Key – <key>

  • Root password – <password>

  • Interfaces – 8 Interfaces Default

  • Device Status Notifications – test_user@equinix.com

Create the Connection

Use the Equinix Fabric portal to provision a Precision Time service connection from the SD-WAN device to the Precision Time NTP service location. See Order Precision Time with Quick Connect.

Cisco Router Configuration

Set these options to configure the router:

  • config-transaction – Enters configuration mode

  • ntp server – Sets Cisco CSR as a time server

  • commit – Saves the changes

  • show ntp association – Displays NTP association information

Additional Guidelines

  • Assign the gateway IP address from your Precision Time connection to the respective interfaces on each Network Edge virtual SD-WAN instance.

  • To add an access control list (ACL), you must permit both the Equinix Precision Timing servers' IP addresses and the NTP port 123.

  • Configure the IP addresses of the Precision Timing servers to be your NTP source.

  • Configure the LAN-facing interface of the Network Edge SD-WAN device towards your network.

  • Ensure that this network can be reached by the rest of your network through dynamic or static routing.

  • If you are advertising your timing network (the gateway interface) in an Interior Gateway Protocol (IGP), ensure that this interface is passive. This prevents sending hello messages towards the Equinix Precision timing servers.

  • You can make the device into your NTP timing server, or you can route your clients to the Precision Timing network.