Skip to main content

Use Case - NTP over Anycast Using Network Edge

Consider this use case for handling large NTP-only service distribution across a network domain. This use case describes the steps and topology that you could use to configure Anycast for NTP using high availability and redundancy features with Network Edge and an Amazon Web Services (AWS) connection.

Network Edge-side Configuration

  1. Configure routers – A pair of Network Edge routers (Cisco CSR 1000V) in the Equinix Fabric are configured for redundancy through the Equinix Customer portal.

    1. From the Equinix Customer portal, click Network Edge > Create Virtual Device > With a Redundant Device > Cisco CSR 1000V.
    2. Select Metro and add your License information and Configurations Type (Equinix-Configured or Self-Configured).
    3. Select the Devices’ Resource, Software, License Throughput, Names, and number of Interfaces.
    4. Add user credentials and create your access list for the devices.

  2. Create connections – The routers are connected to the Precision Timing network, and IP addresses are assigned to the timing instances using these values.

    Primary ConnectionSecondary Connection
    Additional Buyer Options
    IP address 110.10.130.1010.10.130.10
    IP address 210.10.130.1110.10.130.11
    Gateway interface10.10.130.110.10.130.2
    Network mask255.255.255.0255.255.255.0

    1. Configure two gateways, one per device.

    2. Configure the IP addresses of your routers’ respective interfaces in the same network, and test connectivity to the IP addresses of the timing instances using ping.

    3. If you plan to use an access list, you must permit the IP addresses of the timing instances and the NTP port of 123.

    4. Create a Loopback_0 interface as the routers’ router-id and Border Gateway Protocol (BGP) update source, using the same IP address on both Network Edge routers.

    5. Configure both routers as the NTP time server, and make your Loopback_1 interface into your NTP source. Also, add your timing instance IP addresses as your NTP sources.

  3. Create a connection between the two redundant devices:

    1. In the Network Edge device menu, go to Additional Services and create a Device Link.
    2. Add both Network Edge devices to the group to create a link between them.

  4. Configure the IP addresses for the respective interfaces, and test connectivity.

  5. Set up reachability for the BGP configuration:

    1. To create reachability between the routers Loopbacks_0, configure an Interior Gateway Protocol (IGP) on the routers. These examples shows the Open Shortest Path First (OSPF) as the IGP.

    2. Configure the Bidirectional Forwarding Detection (BFD) to detect outages quickly and converge faster.

  6. Create two separate connections to your physical routers, switch, or firewall.

    1. Configure IP addresses and IGP plus BFD on your physical routers, switch, or firewall.

    2. Configure the respective configuration on the Network Edge redundant routers.

  7. Configure BGP on the Network Edge routers and your physical routers, switch, or firewall.

    1. BGP configuration on NE Router_1 – Advertise loopback_1 as your NTP source.

    2. BGP configuration on NE Router_2 – Advertise loopback_1 as your NTP source.

    3. BGP configuration on your physical router – Advertise loopback_1 as your NTP source.

    4. Check the BGP table to verify that Loopback_1 of both Network Edge routers is on your physical router.

    5. Configure this IP address as the NTP source on your physical routers, switch, or firewall:

      ntp server 172.16.1.1 maxpoll 4

High Availability Configuration

In the Anycast topology for Network Edge, the loopback interface on the Network Edge device is used as the NTP source to the client network. If connectivity from the primary Network Edge router to the precision timing source is lost, the route from the timing client to the precision timing source is no longer available.

The high availability solution described below automatically monitors and detects the connectivity to the NTP source. With this solution, the loopback interface will be shut down if connectivity is lost, then brought back up when connectivity is restored.

This solution for the Cisco CSR 1000v router uses a combination of IP SLA and event manager.

Create three IP SLA instances:

  • NE_1

  • NE_2

Connecting to Amazon Web Services (AWS)

To connect to AWS, the physical router from your configuration might connect to the virtual router pair, and to AWS through another interface of the same physical router. But if you use a Network Edge virtual router as your Edge router and your AWS connection, then the BGP configuration requires a small difference.

When you configure the Network Edge router through the Network Edge portal, the default configuration creates the vrfcloud address family on the router:

address-family ipv4 vrfcloud

You must create your neighbor relationships and advertisements under this address family.

  1. From the Network Edge device dashboard on the Equinix Customer portal, click Create Connection.

  2. Click Connect to a Service Provider, then select AWS.

  3. In AWS Direct Connect, click Create Connection.

  4. Click Create a Connection to AWS Direct Connect.

    The next page displays the source and destination options for your connection.

  5. On the left side of the page, the location and device type of your Network Edge virtual device is selected. On the right side, select the Destination for your AWS region, then click Next.

  6. In the next page, enter the following information:

    • Virtual Connection Name
    • AWS Account ID
    • Interface Selection – The interface from which you want to create the AWS connection

  7. Select the connection speed.

  8. Log into your AWS account, and navigate to Direct Connect Dashboard > Connections. Click the connection order and accept it.

  9. In your AWS account, navigate to Direct Connect Dashboard > Create a Virtual Interface. Bind it to the connection that you just created on Equinix Fabric and accepted in your AWS account.

    1. Enter the required information.

    2. Bind the virtual interface to the connection and the Direct Connect Gateway for your Virtual Private Cloud (VPC).

  10. In the Additional Settings, add the peering interfaces and your AWS VGW BGP AS number.

    After a few minutes, your BGP status displays as up.

Network Edge-related BGP Configuration

This configuration is set up under the address-family ipv4 vrfcloud:

1  | address-family ipv4 vrf cloud
2  |   network 10.12.12.0 mask 255.255.255.0
3  |   neighbor 10.0.0.10 remote-as 64512
4  |   neighbor 10.0.0.10 activate
5  |   neighbor 10.0.0.11 remote-as 64512
6  |   neighbor 10.0.0.11 activate
7  |   neighbor 10.29.29.2 remote-as 64521
8  |   neighbor 10.29.29.2 password 7 <08047C7A...>
9  |   neighbor 10.29.29.2 activate
10 | exit-address-family

Advertise your VPC CIDR as a local route in your AWS VPC routing table, and you'll receive the NTP Anycast IP address 172.16.1.1.