Hi,
is it possible to define for ntp client functionality the ntp source address for the ntp requests? Like it is possible e.g. in Radius context.
Actually I am using version 7.7
Thx
Richard

More details: you have multiple public IPs from differents sources?

no, a little bit different. CPE is part of MPLS network. I have RFC1918 addresses for CE-PE link addresses and on LAN addresses as the customer needs. VRF is a closed private network. To managed CE I use public Loopback address. On PE I am doing route leaking from customer VRF to management VRF of public loopback addresses in one direction and management addresses (like NMS, NTP server, tacacs/radius...) in the other direction. Therefore from routing point of view only these loopbacks are reachable from management VRF
For Radius (user authentication) I was able to specify the source address (in our case loopback). For NTP I did not find this option. Doing a NAT for NTP traffic would be an option but not a nice way.
Thx
Richard

Hi,
no one dealing with same issue?
maybe someone knows if foreseen in future releases?
Thx
Richard

hello Richard,

i don't quite understand which service did you give to your customer, plain metro ether without internet last mile? or with the last mile?

and, if your service was a basic site to site private line, what are those radius and ntp for?

well, unless you are your customer transit point (carrier routing carrier, exchange point) , don't you think you gave yourself more work?

you already have route leaking, why don't you just let your customer get their own ntp?

Hi,
just saw that I did not submit my answer.
I think I am not generating more work for myself. We are running a lot of MPLS VPNs now with Cisco CE and there it is out of the box possible to declare the source interface of NTP traffic. Same for Radius, snmp, tftp, ftp, ....
As I have written only loopback addresses are reachable from all Mgmt Systems as in a private MPLS VPN it is up to the customer to choose the IP space. Therefore for mgmt reason dedicated Loopback addresses are used. All other addresses might overlap with other customers MPLS VPNs so it is only possible to leak theses Loopbacks to make them reachable for mgmt systems.
Therefore I asked if someone knows how to deal in such a case with NTP where I did not find the option to declare the source interface. maybe it is also foreseen in future to implement this.
regards Richard

Bump!

The best for me would be: Where the ipv4 address with the longest netmask is picked for ipv4 servers.
Where the ipv6 address with the longest netmask is picked for ipv6 servers.

Right now, the src-address appears to be an IP from a /30 link used to connect to an OSPF neighbor. That /30 block is not redistributed into OSPF (only needed to talk to the neighbor, don't want to clutter OSPF route table).

SOLVED!?!

I just came up with a work-around that seems to work great. Use an IPv6 NTP server! The MikroTik doesn't use LL, but a global IPv6 as the src-address.