NTP Time server

stathej · January 24, 2024, 10:51am

Hello I am trying to use a RBM11G as an NTP time server for some remoate Siemens PLC’s, I know that the time supplied will not be exact but it will be close enough for this application

I have configured the RBM with no firewall, DHCP is turned on to serve addresses in the range 178.118.85.1~50
I have attached a GPS to the RBM which is receiving the time and correctly setting the RBM clock to this.
My problem appears to be getting this time served out on the local Lan, NTP server setting below

/system/ntp/server> print
enabled: yes
broadcast: yes
multicast: yes
manycast: yes
broadcast-addresses: 178.118.85.2
vrf: main
use-local-clock: yes
local-clock-stratum: 3
auth-key: none

None of the attached PLC’s can see an NTP server at 178.118.85.2 or have I miss understood how to setup the NTP server. I have tried using NTP-Check which confirms there is no server at the address.
Any help in correctly configuring this would be appreciated.

Jotne · January 24, 2024, 12:23pm

Not sure if you should put anything in the broad cast address.
Here is my settings and works fine for all my devices.

 /system/ntp/server/print
              enabled: yes
            broadcast: yes
            multicast: yes
             manycast: yes
  broadcast-addresses: 
                  vrf: main
      use-local-clock: no
  local-clock-stratum: 5
             auth-key: none

tihovsky · January 24, 2024, 8:29pm

Most devices allow only unicast NTP server use, so try to use the address of the router as the NTP time server IP for test.
Also try to define accept rule in Ip Firewall Filter, input chain, protocol UDP, destination-port 123, and in-interface to whichever is router LAN interface.
This should make things work but you could use this to test it easily: https://www.ntp-time-server.com/ntp-software/ntp-check.html

Further advice is to avoid using local clock on the Mikrotik router, as it doesn’t have a battery to keep clock when turned off.
So Mikrotik clock resets to 1970 after each power on, until rotuer’s sntp client is syncronized to the external ntp clock source (you can see this in the log).
Could be better if you use CHR on a virtual server having real-time quartz clock supported by the battery, though with virtualization jitter is bigger and it has some of it’s own issues.

Depending on how reliable is your Internet connection on site, and if the actual time is more important or basic device event-time syncronization…
you could use this script in scheduler on startup, which would eliminate Mikrotik providing bad time to it’s ntp clients immediately after reboot.
Not my script, so credits are due but I hope you find this useful.

{

Assure no stale time served after router reboot until synced

/system ntp server set enabled=no
:log info “System time not synchronized after Boot, disabling ntp server”
:global SMTPstatus [/system ntp client get status]
while condition=($SMTPstatus!=“synchronized”) do={
delay 60s;
:global SMTPstatus [/system ntp client get status]
}
:log info “System time synchronized after Boot, enabling ntp server”
/system ntp server set enabled=yes;
}

vingjfg · January 25, 2024, 8:59am

Can you double check the broadcast-address? It doesn’t look like a broadcast address at all.

vingjfg · January 25, 2024, 9:56am

Also and to check, what is the IP of your RBM11G on that network? You mention the .2 but that would make it right in your DHCP pool.

Jotne · January 25, 2024, 10:39am

That is why I think you can just remove it and it will use bc address for local subnet, eks 178.118.85.255 (if its a c net)

vingjfg · January 25, 2024, 11:34am

I just tried: if you set broadcast=yes without specifying any broadcast-addresses, nothing happens. It doesn’t work with 255.255.255.255. My local subnet is 192.168.2.0/24, so I also tried 192.168.255.255 without success - it has to be 192.168.2.255.

Mystique · January 25, 2024, 3:37pm

maybe this will help..

ip cloud does an ntp sync for devices without an rtc (https://help.mikrotik.com/docs/display/ROS/Cloud#Cloud-Updatetime)

Then I hijack outbound ntp requests for clients..

/ip/cloud/print
update-time: yes

/system/ntp/client/print
enabled: yes
mode: unicast
servers: 192.168.88.254
vrf: main
freq-drift: 3.767 PPM
status: synchronized
synced-server: 192.168.88.254
synced-stratum: 4
system-offset: 1.865 ms

/ip/firewall/nat/print where dst-port~“123”
Flags: X - disabled, I - invalid; D - dynamic
5 chain=dstnat action=dst-nat to-addresses=192.168.88.254 to-ports=123 protocol=udp src-address=!192.168.88.254 in-interface=bridge dst-port=123 log=no log-prefix=“”

root@gk41 ~ [255]# ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 4096
link/ether 84:47:09:1c:09:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.88.254/24 scope global eth0
valid_lft forever preferred_lft forever

root@gk41 ~# chronyc -n clients | wc -l
44
\

Chrony has great details/information if you are having issues..