Okay, that looks really weird. Just the rate of the packets seems very
off, only 10s of milliseconds between packets.
The system whose IP address ends in b900::1:1 doesn't like it. The
second packet it sends is a KOD packet that is complaining about the
high rate of packets, and then it shuts down and refuses to respond
anymore.
Packets 2 and 3 of the trace are the same packet, but with the hop count
decremented from 56 to 51.
Actually, on closer inspection, of the 24 packets in the trace
transmitted by 823d:1b13, they are all duplicates of only two packets.
The same two packets are looping around your network, with the hop count
going down by 5 each time, until they hit zero and are dropped.
Now, I grant that which ones are sending client, server, and symmetric
active and symmetric passive is odd, but until you fix the looping,
there is no telling what is causing that. It might be an artifact of the
looping.
On 5/19/2013 5:28 AM, Joe the Shmoe wrote:
On 18/05/2013 20:10, Brian Utterback wrote:
On 5/18/2013 3:14 AM, Joe the Shmoe wrote:
[...]
This is non-intuitive and arguably incorrect according to the RFC, but
it is the programmed behavior. There was a time when all Windows
clients used symmetric active mode, so to work around that ntpd with
nopeer configured responded with symmetric active mode packets but did
not mobilize the association. I don't know if they still use symmetric
active by default. Perhaps this should be revisited.
Thank you for your explanations. I now understand the reason. Having
made some tests after my question here, there is effectively a
difference with a real symmetric passive which is shown by the 'peer'
command of ntpdc or ntpq (= an association is mobilized?), while here
hopefully that sort of "faked symmetric" exchanges on network side, do
not show with that same command. I guess, one cannot introduce false
time information to my server that way, if for example, the "symmetric
client" spoofs a stratum 1 server.
- Other symmetric active requests come from the server itself toward one
of the 5 configured hosts. But the server only makes use of "server" in
the configuration (no "peer" statement). This occurs after a first NTP
client request to that configured host which get answered by two NTP
server from the configured host.
Can you post the traces? I am not sure I follow.
An extract of such NTP exchanges (wireshark capture) is available at:
ftp host: edrusb.is-a-geek.org
login: nobody
password: ntp
Brian.
Regards,
Joe.
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
