NTP via Load Balancer

unitrongroup · 11-18-2022 02:03 AM

I have cluster with two Debian servers on gcp. Both servers behave as ntp server. When I tried to use on my laptop ntpdate with IP of one of server it returns:

9 Nov 14:05:05 ntpdate[9406]: adjust time server IP offset -0.017810 sec

I would like to use gcp load balancer for ntp but it does not work. I tried command ntpdate LB_IP on my laptop and on different gcp server in same network and on both I got response "no server suitable for synchronization found". I use same LB for another application in cluster running on TCP port which works fine via LB.

LB for ntp has frontend UDP with public LB IP and port 123. Backend for instance group with both servers where I set port name mapping ntp 123. Health check is done via tcp port (gcp shows server healthy).

I see in wireshark on my laptop request without response. Request contains:

Source: 10.0.2.15
Destination: LB_IP
Protocol: UDP (17)
User Datagram Protocol, Src Port: 123, Dst Port: 123

Can anyone know why LB not response on UPD port 123?

EDIT:
I setup gcp load balancer mostly according URL https://cloud.google.com/load-balancing/docs/network/setting-up-network-backend-service#console_2 . I setup different only groups I have created "unmanaged instance group" where I choose our both servers which are in same region. I have created firewall rule allows UDP 123 for tag which is used on both servers (otherwise I would not connect directly from outside). Then created UDP LB with choice "from internet", choose region then I could select backend group, as healt check I used TCP port which runs on both servers, In frontend I selected LB IP and set ports (we have two UDP ports so I tried first multiple ports 123, 1885. Then I tried two frontends with single port and I tried to leave there only one frontend with single port 123 to check if could be issue two ports).

As I wrote I am able to get time directly from both servers but not through LB. We use on same LB one TCP port for another application and we are able to use it.

We have devices in field which synchronized time via our ntp domain and we would like to map this domain to our LB to we could have more than one ntp server due to availability.

Marvin_Lucero

Hi unitrongroup,

Needing additional details regarding your concern.

- Were you following any guides or documentation prior the setup? If yes, can you edit and share it to your question?

- What is your end goal in associating a load balancer to the NTP server?

unitrongroup

Hi @Marvin_Lucero

I added information to my post

Marvin_Lucero

According to the details that you've added, you are using a single LB. It would not not serve the purpose if the protocol changes from TCP to UDP. I recommend you create 2 load balancers: One IP address, forwarding rule, and backend service for the UDP traffic (123, 1885), and another internal IP address, forwarding rule, and backend service for TCP traffic. The same instance group can be added as a backend to both backend services.

unitrongroup

I already had separated TCP and UDP I think there is no chance to have it in one LB. But I tried to split UDP LB to two ones. For port 123 I use new IP but I got same result "no server suitable for synchronization found" on command "ntpdate LB_IP_2". If I tried ntpdate directly to each server in instance group I got right response. Connections on ports 1883 and 1885 via LB work.

I have now:

LB 1 - TCP: LB IP 1 port 1883, instance group 1
LB 2 - UDP: LB IP 1 port 1885, instance group 1
LB 3 - UDP: LB IP 2 port 123, instance group 1