Re: [ntp:questions] NTP over redundant peer links, undetected loops
Richard B. Gilbert rgilber...@comcast.net wrote in message news:zbsdneivucyrrafunz2dnuvz_oodn...@giganews.com... [...] This won't solve the OP's problem as I understand it. But this time, that's not the OP's or his problem's fault. RFC-1918 prescribes three address families for private networks: 192.168.1.X 172.16.X.Y 10.X.Y.Z It does not. Please stop treating Dave Hart as an idiot and spend some productive time rereading RFC1918. While you're at it, find out about CIDR and see if you can figure out that the three ranges are really 192.168.W.X (not just .1.X), 172.16-31.X.Y (not just 172.16), and 10.X.Y.Z. At least you got that last one right. Randomising which subrange you use _does_ solve these routing problems most of the time, just like generating a random host id does solve the undetected loop problem _most of the time_. My home network is on 192.168.27/24. I took the number from my street address. My brother (independently!) picked 53 for his network, by the same mechanism[0]. We have an OpenVPN tunnel between those networks. We have no routing problems. Groetjes, Maarten Wiltink [0] And when they renumbered his house, he renumbered his network. Okay, I wouldn't have done that. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] NTP over redundant peer links, undetected loops
On Feb 17, 9:01 am, Maarten Wiltink maar...@kittensandcats.net wrote: My home network is on 192.168.27/24. I took the number from my street address. My brother (independently!) picked 53 for his network, by the same mechanism[0]. We have an OpenVPN tunnel between those networks. We have no routing problems. [0] And when they renumbered his house, he renumbered his network. Okay, I wouldn't have done that. I've taken the same approach a couple of times at different addresses with 192.168.address.0/24. I also have a VPN going with my brother. Sadly, his employer requires security software that requires he use 192.168.1.0/24 for his home network to be able to VPN in to work. As a workaround, I've sometimes subnetted a hotel 192.168.1.0/24 hotel address, claiming 192.168.1.2 and using netmask 192.168.1.252, so that when I VPN all but the first few addresses of my brother's network are visible. Cheers, Dave Hart ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] tardisnt unexpected WAN access
On Mon, Feb 16, 2009 at 9:13 PM, Mike -- Email Ignored m_d_berger_1...@yahoo.com wrote: Thanks for this information; I just e-mailed them. The reason I use Tardis is that I found that the WinXP ntp capability ran too infrequently, and the time drifted too much. I saw no way to change alter the WinXP time capability, and Tardis is a quick and easy solution. If you're using Windows Time Service, you probably want to specify ,0x8 after your NTP server name or IP address. By default, it uses a fixed poll interval of one hour, and contacts the server time.windows.com. The ,0x8 directs w32time to make a standard client-mode association, and adjust the polling frequency as needed. I generally observe offsets of 16 ms or less with that configuration (16ms is essentially the limit of w32time's precision). See http://technet.microsoft.com/en-us/library/cc773263.aspx for more information if you choose to go that route. As Danny said, the reference implementation of ntp will be more precise, and he linked to Meinberg's excellent simple Windows installer for ntpd in a previous message. -- RPM ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] NTP over redundant peer links, undetected loops
On Mon, Feb 16, 2009 at 9:38 PM, Richard B. Gilbert rgilber...@comcast.net wrote: RFC-1918 prescribes three address families for private networks: 192.168.1.X 172.16.X.Y 10.X.Y.Z A quibble, but that is incorrect information. The actual RFC 1918 address spaces are larger: 10.0.0.0- 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) -- RPM ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] Problem using ntp autokey with the trusted ce rtificate identity s scheme
Alain, The stime.pdf has been updated as an Internet Draft and in has been in the pipeline for some years, but has not yet appeared as an RFC. There are some minor differences, but probably do not affect you. I don't know what you mean by indirect client,; you probably mean a client with a cretificate trail to a trusted host. No problem with that. My best advice is to use the development version and the documentation included. The release version is all mixed up with file versions that well might be incompatible. The development version documentation has been substantially rewritten and the configuration is much simpler. There are examples involving multiple nested trust groups that probably apply to your design. Dave Bartholome, Alain wrote: In my opinion, a trust group consists of direct and indirect clients. I would like to get the correct definition. Let met give you the two arguments on which I base my understanding: In the ntp-keygen documentation, I read this sentence: 1) --Trusted Hosts and Secure Groups --As described on the Authentication Options page, an NTP secure group --consists of one or more low-stratum THs as the root from which all other --group hosts derive synchronization directly or indirectly. 2) In the stime.pdf documentation , the Figure 13: Trusted certificate (TC) scheme on page 42 and the Appendix E3 would let me think that indirect clients are permitted. I would like to have your understanding. Cordially Alain BARTHOLOMÉ -Message d'origine- De : questions-bounces+alain.bartholome=eads@lists.ntp.org [mailto:questions-bounces+alain.bartholome=eads@lists.ntp.org] De la part de Steve Kostecke Envoyé : vendredi 13 février 2009 03:58 À : questions@lists.ntp.org Objet : Re: [ntp:questions]Problem using ntp autokey with the trusted ce rtificate identity s scheme On 2009-02-11, Bartholome, Alain alain.barthol...@eads.com wrote: I have 3 systems, serverT1 which is trusted, server2 not trusted connected to serverT1 and server3 not trusted connected to server2. I want to have one group with one trusted host serverT1. A trust group consists of one server and its direct clients. So for you to have one trust group server2 and server3 must be clients of serverT1. Can you tell me what makes the OP to set up a chain of 2 trust groups? Your current NTP architecture is two trust groups. The first trust group has serverT1 as its server and server2 as its only client member. The second trust group has server2 as its server and server3 as its only client member. As I read in the release documentation, a secure group in a subnet in which the non trusted hosts derive synchronization directly or indirectly. It seems that with the release version, with the trusted certificate the non trusted hosts derive synchronization directly only. Is that right? Not as I understand NTP Authentication (based on my reading of stime.pdf). ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] tardisnt unexpected WAN access
On Tue, 17 Feb 2009 03:24:03 +, Danny Mayer wrote: [...] While it is natural to ask questions about tardis here I don't remember the last time anyone asked anything here about the product. There have been lots of complaints about tardis's bad behavior at one time but I believe all of those have been corrected. Except for the unexpected WAN attempt, TARDIS has been working fine on my Win2k system for years. Having said that I would guess that there is something wrong with your DNS lookup. [...] Not a DNS problem. There are no DNS servers on my LAN. The local NTP server is defined in the hosts file. You are better off installing the free Windows version of ntp reference implementation in which case you would get lots of answers here. Why pay for something that you can get for free and for that matter is far better even on Windows? Check out Meinberg's installer here: http://www.meinberg.de/english/sw/ntp.htm and you will never look back. I don't remember whether I paid for it; I think that they have a free download. As for far better, while I have no experience with the product you mention, my general experience with Windows would not lead me to expect anything to be far better. Danny Mike. ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] tardisnt unexpected WAN access
On 2009-02-17, Mike -- Email Ignored m_d_berger_1...@yahoo.com wrote: On Tue, 17 Feb 2009 03:24:03 +, Danny Mayer wrote: You are better off installing the free Windows version of ntp reference implementation in which case you would get lots of answers here. Why pay for something that you can get for free and for that matter is far better even on Windows? Check out Meinberg's installer here: http://www.meinberg.de/english/sw/ntp.htm and you will never look back. I don't remember whether I paid for it; I think that they have a free download. If you have questions about TardisNT's behavior the best source of answers is the author of that software. Most of the people who frequent this news-group use NTP from www.ntp.org. As for far better, while I have no experience with the product you mention, The link that Danny posted is for a Windows port of The NTP Reference Implementation from www.ntp.org. The NTP Reference Implementation is the original implementation of NTP. It has been in active development for over 20 years. More information is available at http://www.ntp.org/ and http://support.ntp.org/ -- Steve Kostecke koste...@ntp.org NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
[ntp:questions] ntpd on embedded risc
I have a small embedded linux machine. Moxa UC-7112 Plus that I want to use as NTP server. http://www.moxa.com/product/UC-7110-LX.htm Its has MOXA ART ARM9 32-bit 192 MHz processor CPU. Here are statistics I collected after using it a bit. This is using gpsd 2.33 to collect NMEA, PPS. remote refid st t when poll reach delay offset jitter == +SHM(0) .NMEA. 0 l8 16 3770.000 -21.691 7.812 *SHM(1) .PPS.0 l1 16 3770.000 -17.105 7.81 ntpq cv status=0101 clk_noreply, last_clk_noreply, device=SHM/Shared memory interface, timecode=, poll=54, noreply=78, badformat=0, baddata=0, fudgetime1=0.000, stratum=0, refid=PPS, flags=0 ntpq rv status=09e4 leap_none, sync_telephone, 14 events, event_peer/strat_chg, version=ntpd 4@1.786 Tue Sep 11 19:14:27 CDT 2007 (1), processor=armv4tl, system=Linux2.6.9-uc0, leap=00, stratum=1, precision=-7, rootdelay=0.000, rootdispersion=32.592, peer=4253, refid=PPS, reftime=cd44982f.b9359791 Tue, Feb 17 2009 9:58:07.723, poll=4, clock=cd449838.649a9973 Tue, Feb 17 2009 9:58:16.392, state=4, offset=-13.494, frequency=142.853, jitter=7.908, stability=4.197 r...@moxa:~# cat /proc/cpuinfo Processor: ARM922Tid(wb) rev 1 (v4l) BogoMIPS: 76.59 Features: swp half thumb CPU implementer: 0x66 CPU architecture: 4 CPU variant: 0x0 CPU part: 0x526 CPU revision: 1 Cache type: VIVT write-back Cache clean: cp15 c7 ops Cache lockdown: format B Cache format: Harvard I size: 16384 I assoc: 2 I line length: 16 I sets: 512 D size: 16384 D assoc: 2 D line length: 16 D sets: 512 Some gpsd messages in case : gpsd: = GPS: $GPZDA,020012.000,17,02,2009,,*58 gpsd: carrier-detect on /dev/ttyM1 changed to 0 gpsd: carrier-detect on /dev/ttyM1 changed to 1 gpsd: ntpshm_pps: precision -6 ntp.conf server 127.127.28.0 minpoll 4 maxpoll 4 fudge 127.127.28.0 time1 0.411 refid NMEA server 127.127.28.1 minpoll 4 maxpoll 4 prefer fudge 127.127.28.1 refid PPS I am curious if the platform is the limitation, or if there are things that can be done to make this work well as a NTP server, because now the accuracy is unacceptable. Ideas? ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
[ntp:questions] handling falseticker
Hallo, I have the following configuration Stratum 0 configuration: 1 x Stratum 0 (DCF Clock) -- 1 x Stratum 1 (let's give it the IP 10.1.1.1) 1 x Stratum 0 (GPS Clock) -- 1 x Stratum 1 (let's give it the IP 10.1.1.2) I do not have (for security policy) the possibility to give any other alternative (extern) time source to the Stratum 2 Servers. This means that my Stratum 2 Servers have only 2 servers. Obviously this configuration is not falseticker save. I have a monitoring active which warns me if the time offset between the 2 Stratum 1 server gets bigger than a fixed limit. In such a situation anyway the NTP daemon on the Stratum 2 servers would mark one of the 2 Stratum 1 servers as a falseticker and ignore the time coming from it. Since there are only 2 Stratum 1 server to choose from the voting decision do not really apply, in such a way that the decision that the NTP on the Stratum 2 servers take upon ops! there is a falseticker. Which one is falseticker? is rather casual (I guess). Say they mark the server 10.1.1.1 as falseticker. remote refid === *10.1.1.1 .GPS. x10.1.1.2 .DCF. 127.127.1.1.LOCL. At this point I will get a warning from my monitoring, I will check manually with an external source which time really is and have a look to the decision that NTP on the Stratum 2 Server took. Say I realize that the decision taken is wrong: the 10.1.1.1 is not the false ticker, the true false ticker is 10.1.1.2 What should I do? I mean is there a way to force NTP on the fly to change it's mind? I have in mind something like a command line saying force to trust server 10.1.1.1 (which simultaneously automatically will imply then ignore 10.1.1.2 since this means it is the true falseticker)? == to force the following switch remote refid === x10.1.1.1 .GPS. *10.1.1.2 .DCF. 127.127.1.1.LOCL. Sure I could reconfigure ntp.conf with a prefer on the 10.0.0.1 server, and restart the daemon (would it work? I guess so), but I do not really like it, I find it to permanent. thanks ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
[ntp:questions] Regarding Primary/Secondary NTP setup
Hi, I have 2 sites with similar setup, each with its own NTP server. Both sites are connected so each site´ clients will use the other site´s NTP server as secondary. The NTP primary/secondary will use 2 other stratum 1 servers to sync with. A requirement is that traffic to secondary server is only sent when primary is unreachable. My question is if simply configuring the client´s primary using server X.X.X.X prefer in ntp.conf will accomplish this? If I understand it right ntp needs to query all servers in the server list to compute which one is the most reliable? I guess this could be OK if this querying is done very rarely. Also, since there shouldn´t be any traffic between the sites, the primary and secondary will not sync with each other, is this a bad idea? Thanks for any suggestions... Regards Goran ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions
Re: [ntp:questions] ntpd on embedded risc
cnm3...@gmail.com (Christopher Mire) writes: I have a small embedded linux machine. Moxa UC-7112 Plus that I want to use as NTP server. http://www.moxa.com/product/UC-7110-LX.htm Its has MOXA ART ARM9 32-bit 192 MHz processor CPU. Here are statistics I collected after using it a bit. This is using gpsd 2.33 to collect NMEA, PPS. a bit means what? Remember that ntpd takes 1 hour to cut the error by half. Thus unless you ran this for more than 10 hours, these offsets mean nothing. remote refid st t when poll reach delay offset jitter == +SHM(0) .NMEA. 0 l8 16 3770.000 -21.691 7.812 *SHM(1) .PPS.0 l1 16 3770.000 -17.105 7.81 ntpq cv status=0101 clk_noreply, last_clk_noreply, device=SHM/Shared memory interface, timecode=, poll=54, noreply=78, badformat=0, baddata=0, fudgetime1=0.000, stratum=0, refid=PPS, flags=0 ntpq rv status=09e4 leap_none, sync_telephone, 14 events, event_peer/strat_chg, version=ntpd 4@1.786 Tue Sep 11 19:14:27 CDT 2007 (1), processor=armv4tl, system=Linux2.6.9-uc0, leap=00, stratum=1, precision=-7, rootdelay=0.000, rootdispersion=32.592, peer=4253, refid=PPS, reftime=cd44982f.b9359791 Tue, Feb 17 2009 9:58:07.723, poll=4, clock=cd449838.649a9973 Tue, Feb 17 2009 9:58:16.392, state=4, offset=-13.494, frequency=142.853, jitter=7.908, stability=4.197 r...@moxa:~# cat /proc/cpuinfo Processor: ARM922Tid(wb) rev 1 (v4l) BogoMIPS: 76.59 Features: swp half thumb CPU implementer: 0x66 CPU architecture: 4 CPU variant: 0x0 CPU part: 0x526 CPU revision: 1 Cache type: VIVT write-back Cache clean: cp15 c7 ops Cache lockdown: format B Cache format: Harvard I size: 16384 I assoc: 2 I line length: 16 I sets: 512 D size: 16384 D assoc: 2 D line length: 16 D sets: 512 Some gpsd messages in case : gpsd: = GPS: $GPZDA,020012.000,17,02,2009,,*58 gpsd: carrier-detect on /dev/ttyM1 changed to 0 gpsd: carrier-detect on /dev/ttyM1 changed to 1 gpsd: ntpshm_pps: precision -6 ntp.conf server 127.127.28.0 minpoll 4 maxpoll 4 fudge 127.127.28.0 time1 0.411 refid NMEA server 127.127.28.1 minpoll 4 maxpoll 4 prefer fudge 127.127.28.1 refid PPS I am curious if the platform is the limitation, or if there are things that can be done to make this work well as a NTP server, because now the accuracy is unacceptable. Ideas? ___ questions mailing list questions@lists.ntp.org https://lists.ntp.org/mailman/listinfo/questions