Instant On - Wireless

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

OK - I guess nobody else has seen this before. I will contact tech support.

------------------------------
Jeffrey Hochberg
------------------------------

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

I don't see this problem with my AP22, I hand out my router IP as an ntp server via DHCP, looks like you don't as it's going off site.

A packet capture with a reboot of ap-1:-

You can configure the Palo-Alto to hand out the NTP server.
------------------------------
Andy K
------------------------------

Original Message:
Sent: 01-08-2023 08:50 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

OK - I guess nobody else has seen this before. I will contact tech support.

------------------------------
Jeffrey Hochberg

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

I am also seeing this.  I've tried to reply with a very detailed example, but it seems that it's "stuck in moderation."

------------------------------
Curtis Johnson
------------------------------

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

I've noticed the very same thing in my network.  I have 2 AP25s, and DNS requests coming from those devices account for more that 50% of my network.  In the last 24 hours, I have seen over 34,000 DNS requests per AP!!  Something is definitely not right here.  As an (outdated) ACMP holder, this isn't my first rodeo with Aruba gear, but I've never seen this.  What is going on, Aruba?? Here is what they are doing:

AP25 #1:

​AP25 #2:

Top 15 domains for AP25 #1 a​nd #2:

​​

------------------------------
Curtis Johnson
------------------------------

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

Did anyone ever get an answer / solution to this?  My AP25 is doing the exact same thing.  Right now, it's responsible for 57% of all DNS requests on my network, making approximately 35,000 requests per day.

------------------------------
Troy Willson
------------------------------

Original Message:
Sent: 01-06-2023 07:47 PM
From: CJ39
Subject: APs Issuing Tons of NTP Timesync Requests

I've noticed the very same thing in my network.  I have 2 AP25s, and DNS requests coming from those devices account for more that 50% of my network.  In the last 24 hours, I have seen over 34,000 DNS requests per AP!!  Something is definitely not right here.  As an (outdated) ACMP holder, this isn't my first rodeo with Aruba gear, but I've never seen this.  What is going on, Aruba?? Here is what they are doing:

AP25 #1:

​AP25 #2:

Top 15 domains for AP25 #1 a​nd #2:

​​

------------------------------
Curtis Johnson

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

Hi Troy,

We recommend you reach out to the support team about your concern. https://www.arubainstanton.com/contact-support/

------------------------------
Aruba Instant On Communications
------------------------------

Original Message:
Sent: 03-31-2023 10:39 AM
From: TW6
Subject: APs Issuing Tons of NTP Timesync Requests

Did anyone ever get an answer / solution to this?  My AP25 is doing the exact same thing.  Right now, it's responsible for 57% of all DNS requests on my network, making approximately 35,000 requests per day.

------------------------------
Troy Willson

Original Message:
Sent: 01-06-2023 07:47 PM
From: CJ39
Subject: APs Issuing Tons of NTP Timesync Requests

I've noticed the very same thing in my network.  I have 2 AP25s, and DNS requests coming from those devices account for more that 50% of my network.  In the last 24 hours, I have seen over 34,000 DNS requests per AP!!  Something is definitely not right here.  As an (outdated) ACMP holder, this isn't my first rodeo with Aruba gear, but I've never seen this.  What is going on, Aruba?? Here is what they are doing:

AP25 #1:

​AP25 #2:

Top 15 domains for AP25 #1 a​nd #2:

​​

------------------------------
Curtis Johnson

Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH

Hey Jeff,

I spoke with my team and we would like to have you reach out to our support team. https://www.arubainstanton.com/contact-support/

------------------------------
Aruba Instant On Communications
------------------------------

Original Message:
Sent: 12-20-2022 05:01 PM
From: jeffh
Subject: APs Issuing Tons of NTP Timesync Requests

Hello!

I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.

I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...

It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.

Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?

I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.



Thanks in advance!

------------------------------
JeffH