[j-nsp] NTP Reflection
Chris Morrow
morrowc at ops-netman.net
Tue Jan 14 10:13:02 EST 2014
On 01/14/2014 09:19 AM, Chris Adams wrote:
> Once upon a time, Olivier Benghozi <olivier.benghozi at wifirst.fr> said:
>> Because if you don't do it, you'll obtain some nice "Server Timeout" if you want to issue a "show ntp status" or "show ntp associations".
>> So:
>> - Junos doesn't use 127.0.0.1 to locally communicate with ntpd
>> - In you filters you're obliged to manually authorize internal private IP traffic used by the CLI and that doesn't even leave the RE
>>
>> Another fine design...
>
> Seems like a good case for a commit script to auto-build the filter
> rule from configured NTP servers and configured loopback addresses.
set policy-options prefix-list local-interfaces apply-path \
"interfaces <*> unit <*> family inet address <*>"
set policy-options prefix-list local-v6-interfaces apply-path \
"interfaces <*> unit <*> family inet6 address <*:*>"
More information about the juniper-nsp
mailing list