[j-nsp] NTP Reflection

Tue Jan 14 07:04:54 EST 2014

But due to another ridiculous way of implementing that, the Juniper KB article suggests to also allow:
<router-loopback-address>;
and not only your favorite ntp servers...

Because if you don't do it, you'll obtain some nice "Server Timeout" if you want to issue a "show ntp status" or "show ntp associations".
So:
- Junos doesn't use 127.0.0.1 to locally communicate with ntpd
- In you filters you're obliged to manually authorize internal private IP traffic used by the CLI and that doesn't even leave the RE

Another fine design...

-- 
Olivier

Le 14 janv. 2014 à 03:10, John Kristoff <jtk at cymru.com> a écrit :

> On Tue, 14 Jan 2014 12:38:12 +1100
> Mark Tees <marktees at gmail.com> wrote:
> 
>> Can we get detailed lo0 filters listed too please?
> 
> Hi Mark,
> 
> While I'll defer to Juniper for their recommendations, we've had this
> for some time (scroll down to the Juniper section):
> 
>  <http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html>