Re: [ntp:questions] Time slew doesn't seem to work
[EMAIL PROTECTED] (Hal Murray) writes: OK, so there was no magic in that 500PPM limit. Is there a difference between the tick size adjustment and the frequency adjustment (CPU-counter-to-time conversion factor). Limiting the slew rate to something like that means that software that is timing things with code like: grab time, do something, grab time, subtract gets a sane answer if it happens to be running while somebody adjusts the time. Do you know any code that cares if that is wrong by 10% (which would be 10PPM) Ie, is 10% error insane? Is 1% (1PPM)? Ie, .05% seems a bit extreme for that. -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] [Q] Why do many time servers time out on queries from ntpq -p?
Maurice Volaski wrote: I've been trying the peers command in ntpq on a number of time servers and finding that for as many that do respond, there are about an equal number that do not. An example of a failing response is: ntpq host sundial.columbia.edu current host set to hickory.cc.columbia.edu ntpq peers hickory.cc.columbia.edu: timed out, nothing received ***Request timed out I can reproduce identical successes and failures from 3 computers running different OSs on independent networks. These I've tried work just fine: timex.cs.columbia.edu time.euro.apple.com lain.ziaspace.com ntp.nblug.org ntp1.cs.wisc.edu clock1.unc.edu But these time out: sundial.columbia.edu time.apple.com morose.quex.org ntp.sycharlutheran.org ntp.bytestacker.com ntp1.kansas.net All of the above were tested and gave the same results on kennedy1.aecom.yu.edu (Linux with ntpq [EMAIL PROTECTED]) fluxsoft.com (FreeBSD with ntpq 4.2.0-a) ool-45766590.dyn.optonline.net (Mac OS X with ntpq [EMAIL PROTECTED]) If the server operator has 'noquery' specified in the default restriction it will prevent the server from responding to ntpq and ntpdc. Interestingly, I actually wrote a script that uses 'ntpq -pn' to randomly query client entries in my ntp_clients_stats log file. I've found that only about one percent respond on average. Dennis -- Dennis Hilberg, Jr. \ timekeeper(at)dennishilberg(dot)com NTP Server Information: \ http://saturn.dennishilberg.com/ntp.php ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Ntp in peer configuration
On 2008-04-09, Ginni Misra [EMAIL PROTECTED] wrote: I am trying to use NTP in peer configuration. In a time island. 5. All machines on the network should have a common notion of time (offset not larger than 20ms) - not necessarily the 'correct' time(no need of getting time from external servers) NTP synchronizes clocks to a _common_ _time_ _base_. The time base that is customarily used is UTC. UTC is ubiquitous (e.g. available via the Internet, GPS, GPS over CMDA, HF Radio, ATCS dialup) and is relatively inexpensive compared to the cost of generating a local time base of similar stability. So, to solve the above, I configured the 1st machine on the network with reference clock as LOCL. So, when the 2nd device comes up, ntpdate is successful. However, this introduces additional complexity like: 2 You're doing this the hard way. An Orphan mesh (or web) is the preferred way to handle your situation; assuming that you are using NTP 4.2.x. Orphan mode is enabled by adding the following line to the ntp.conf of all of your systems: tos orphan 5 Then you need to choose the mode for your mesh: unicast, broadcast, or multicast. Each system in the mesh needs to be configured to poll all of the other systems. You may wish to consult the following news-group articles for configuration information: https://lists.ntp.org/pipermail/hackers/2007-March/002809.html http://www.mail-archive.com/questions@lists.ntp.org/msg00986.html Those articles do not address setting up a unicast (conventional client/server) mesh. If you just have a small number of systems this may be the the easiest solution as it avoids configuring NTP authentication. Each system in a 4 node mesh could have an ntp.conf which looks like this: ---8X--- driftfile /path/to/drift.file tos orphan 5 server A iburst server B iburst server C iburst server D iburst ---8X--- Make sure that ntpd is started with '-g' so that the initial time can make an unlimited step. -- Steve Kostecke [EMAIL PROTECTED] NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: Greetings, I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. Details as follows: [EMAIL PROTECTED] etc]# ntpq -p remote refid st t when poll reach delay offset jitter == wireless.org.au .INIT. 16 u- 25600.0000.000 0.000 pond.thecave.ws .INIT. 16 u- 25600.0000.000 0.000 cust6381.nsw01. .INIT. 16 u- 25600.0000.000 0.000 core.narx.net .INIT. 16 u- 25600.0000.000 0.000 *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 0.001 The logs don't seem to indicate a problem: If the reach column is 0, then you are not seeing the remote servers. You should see 377. Look for a network or connectivity issue. Can you ping the remote servers? Ask them an NTP query like: ntpq -p wirelss.org.au By the way, that query doesn't work for me, so are you sure that server is running NTP? Do you have permission to access it? You might be better off with pool servers: 0.pool.ntp.org 1.pool.ntp.org Cheers, David ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Ntp in peer configuration
Ginni Misra wrote: I am trying to use NTP in peer configuration. No. You are trying to use NTP in an orphaned configuration, which has never had any parents! NTP was not designed for that, although recent additions (ophan mode) make it just about workable. Timed was designed for that, so you should be investigating that. PS. Please restrict your lines to about 70 characters or use a user agent that that specifies format=flowed (these will automatically restrict the lengths of the lines, but a compatible user agent will merge and re-wrap then appropriately). ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Linux 11-minute mode (RTC update)
On Thursday, April 10, 2008 at 18:02:38 +0100, Maciej W. Rozycki wrote: This holds the clock for up to a second I am not sure what you mean Anyway I experimented a little: This doesn't seem to work as I hoped. And it can even lock the clock, requiring a oscillator reset. :-( The idea was about the RTC_SET flag (bit #7 of register B). It suspends clock updates, without any effect on the oscillator nor PIE. I was hoping it would delay next updates by as long as it was asserted. But no: the next update is either skipped, or happens at the usual time. Serge. -- Serge point Bets arobase laposte point net ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Time slew doesn't seem to work
Do you know any code that cares if that is wrong by 10% (which would be 10PPM) Ie, is 10% error insane? Is 1% (1PPM)? Ie, .05% seems a bit extreme for that. I used to do a lot of performance measurements. For the stuff I was doing, 10% is easy to spot. 1% is borderline. -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 That is not a standard version number. Who allocated the @1.1570-o part of the version number? You may be better off getting support from them. (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. That's because no (valid) replies have been received from any of them. The two common causes of this are over-aggressive restrict lines and firewalls. I think your restrict lines may be OK, but I'd suggest confirming that it works without any. Using pool servers limits your ability to use restrict and the defaults must permit your client to use any times it receives. Another possibility is that they have restrict kod set on the servers, and you are using multiple clients and NAT, in a way that causes the rate limits to be exceeded. People often overlook the Linux iptables firewall. You should run ntpq rv on the associations from your servers, to see if they are responding, but the responses are being rejected, and if so why. You should also try running tcpdump, etc., at appropriate places on the network to find out if they are getting blocked at some point. My ntp.conf file is out of thebox with the exception of the external time servers Whose box? I believe the official box doesn't have a configuration file in it. # Permit time synchronization with our time source, but do not # permit the source to query or modify the service on this system. Note this answers the recent question about ntpq peers not working! # Undisciplined Local Clock. This is a fake driver intended for backup # and when no outside source of synchronized time is available. This description is incomplete, and, in my view, no out of the box configuration should have these lines enabled. They should only be enabled on servers and only if you understand the risks. However, that is not an issue here. server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Linux 11-minute mode (RTC update)
On Wednesday, April 9, 2008 at 18:18:15 +, Unruh wrote: But when one is advising someone, one must assume that they have at least the typical if not the worst condition That's not false... How in the world did you the power off drift to 5 significant figures? With two hwclock --systohc and awk over one real night, from halt to soon after restart. I can't guarantee the 3rd decimal, though. Each night has its own temperature. Serge. -- Serge point Bets arobase laposte point net ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Why do many time servers time out on queries from ntpq -p?
On Apr 12, 12:29 am, Steve Kostecke [EMAIL PROTECTED] wrote: The server operator has set a 'noquery' restriction. I'll try to pre-emptively answer the next question, whcih is likely to be why would they do that? The answer is security. On our network, we follow the principle of least privelege. That is, we enable or allow only that which is required to perform a particular function, and nothing else. Some people call this a default deny permissions model. ntpq can leak information about your internal network structure that could be useful to an attacker. It is also another bit of network- enabled code that could have buffer overflows or other vulnerabilites. ntp (the protocol) functions just fine with without mode 6/7 queries enabled, so they are disabled. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
[EMAIL PROTECTED] wrote: Greetings, I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. Details as follows: [EMAIL PROTECTED] etc]# ntpq -p remote refid st t when poll reach delay offset jitter == wireless.org.au .INIT. 16 u- 25600.0000.000 0.000 pond.thecave.ws .INIT. 16 u- 25600.0000.000 0.000 cust6381.nsw01. .INIT. 16 u- 25600.0000.000 0.000 core.narx.net .INIT. 16 u- 25600.0000.000 0.000 *LOCAL(0).LOCL. 10 l3 64 3770.0000.000 0.001 The logs don't seem to indicate a problem: The problem should be clear from the above ntpq -p banner!! None of the servers you have configured have responded to requests sent by your system! Can you ping these servers and get a response? Do you have a firewall that is blocking Port 123? BTW, if you didn't wait at least 30 minutes between starting ntpd and getting the ntpq banner, you wasted your time! Ntpd generally requires about that much time to figure out exactly what time it is and to beat your clock into submission. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: I have ntpd installed (ntpq [EMAIL PROTECTED] Mon Jun 4 15:13:06 UTC 2007 That is not a standard version number. Really? On my system running 4.2.5p54 built from sources downloaded from www.ntp.org I see: $ ntpq -crv 0 version assID=0 status=0654 leap_none, sync_ntp, 5 events, event_peer/strat_chg, version=ntpd [EMAIL PROTECTED] Fri Jun 22 14:26:20 UTC 2007 (2) Who allocated the @1.1570-o part of the version number? ntp.org You may be better off getting support from them. I believe he's in the right place. (1) and running but the time on the ntp host does not appear to be synching with the nominated external time references. Any assistance much appreciated. That's because no (valid) replies have been received from any of them. The two common causes of this are over-aggressive restrict lines and firewalls. I think your restrict lines may be OK, They are. but I'd suggest confirming that it works without any. It won't. Using pool servers limits your ability to use restrict and the defaults must permit your client to use any times it receives. They do. Another possibility is that they have restrict kod set on the servers, and you are using multiple clients and NAT, in a way that causes the rate limits to be exceeded. If that were the case you would see .KOD. in the ntpq peers billboard. People often overlook the Linux iptables firewall. Port 123/UDP must be open to receive packets from the remote time servers. -- Steve Kostecke [EMAIL PROTECTED] NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
In article [EMAIL PROTECTED], Richard B. Gilbert [EMAIL PROTECTED] writes: Richard BTW, if you didn't wait at least 30 minutes between starting ntpd Richard and getting the ntpq banner, you wasted your time! Ntpd generally Richard requires about that much time to figure out exactly what time it is Richard and to beat your clock into submission. Which is why we recommend using 'iburst', as with a good drift file ntpd will have everything ready to go in about 11 seconds' time. -- Harlan Stenn [EMAIL PROTECTED] http://ntpforum.isc.org - be a member! ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
Harlan Stenn wrote: Why do you have a local refclock configured? Because he's using an out of the box configuration. That, is probably the main reason that people have them configured. You really need to ask the people who put in the box, but I suspect they don't know, either. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, David Woolley [EMAIL PROTECTED] wrote: Harlan Stenn wrote: Why do you have a local refclock configured? Because he's using an out of the box configuration. That, is probably the main reason that people have them configured. You really need to ask the people who put in the box, but I suspect they don't know, either. The problem here is that the distribution does not contain a decent assortment of example configuration files for common configurations. So the OS distributors/aggregators/vendors each cobble together their own one size fits all configuration file. -- Steve Kostecke [EMAIL PROTECTED] NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
The problem here is that the distribution does not contain a decent assortment of example configuration files for common configurations. So the OS distributors/aggregators/vendors each cobble together their own one size fits all configuration file. But does a local refclock make sense in a typical setup? Does the wiki have a good collection of examples? and the discussion that goes with them? How much effort would it take to make one? Would it make sense to encourage distributions to include a URL at the top of their prototype config file? -- These are my opinions, not necessarily my employer's. I hate spam. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem with time synchronisaton
On 2008-04-12, Richard B. Gilbert [EMAIL PROTECTED] wrote: BTW, if you didn't wait at least 30 minutes between starting ntpd and getting the ntpq banner, you wasted your time! Nonsense. After only two polls you can see if your ntpd is able to contact the remote time servers. You don't need to wait 30 minutes for that. As ntpd continues to poll you can see if a step was required or if the clock is being steered in the right direction . Ntpd generally requires about that much time to figure out exactly what time it is and to beat your clock into submission. That's not the issue here. -- Steve Kostecke [EMAIL PROTECTED] NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions