Re: [ntp:questions] Question on how to Slew time in NTP (David Woolley)
"Richard B. Gilbert" wrote in message news:c5-dnee6pqwdtnftnz2dnuvz_o2dn...@giganews.com... [] Is this something relatively new? ISTR that it still took about thirty minutes to get a reasonable facsimile of the correct time even when restarting with a good drift file. I wish I could draw a graph here. Since I can't, I'll try to describe it. Start with an error of twenty or thirty seconds, mad dash to correct the error, followed by overshoot, and ringing. Ringing decays slowly. If I were at the controls, I'd be tapping the brakes as we approach zero error! I would try a recent NTP with configuration parameters appropriate to the environment you're using, with a valid drift file. A 20s error should be corrected by a step, followed by fine adjustments. I'm not talking microsecond offsets, though. Cheers, David ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Large variation in NTP synchronization time
"Joe Smithian" wrote in message news:CA+pp-gKn-z-XmvbyqJ_ZOSz2YKAE+Ng_5iRRkQ0NDXrCL=8...@mail.gmail.com... Hi all, I've written a test script to test all the symmetric and autokey authentication key types and algorithms. The scripts waits for a delay time after restarting ntpd and then runs the "ntpq -c as" command to see if '*' has appeared beside the server name.The problem is that the synchronization time varies from about 20 seconds to more than 15 minutes, even when using -burst and -iburst options for a private ntp server! What are the minimum, average and maximum synchronization times? Is there a faster way to verify synchronization? Thanks Joe Joe, I would verify sync with "ntpq -p". On my systems, I would expect to see a "*" almost immediately after starting NTP, and if I didn't see it within (say) 20 seconds I would investigate. However, I'm not using any authentication. I hope that helps. Cheers, David ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Configure FreeBSD or Linux to use stepping clock?
On Thu, Dec 15, 2011 at 07:50:08PM +, Dave Hart wrote: > Dr. Mills raised the possibility privately that either FreeBSD or > Linux might be reconfigured to use a more primitive clock that steps > once per millisecond or less. If possible and I am able to accomplish > it, my testing of these bug 2037 fuzzing changes would be greatly > assisted. On Linux, you could set a different kernel clocksource. Perhaps to jiffies or pit, if available. Check these files: /sys/devices/system/clocksource/clocksource0/current_clocksource /sys/devices/system/clocksource/clocksource0/available_clocksource Why not degrade the resolution of the clock directly in ntp sources? In get_systime(): GET_SYSTIME_AS_TIMESPEC(&ts); ts.tv_nsec /= 100; ts.tv_nsec *= 100; -- Miroslav Lichvar ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Configure FreeBSD or Linux to use stepping clock?
E-Mail Sent to this address will be added to the BlackLists wrote: Dave Hart wrote: Linux might be reconfigured to use a more primitive clock that steps once per millisecond or less. Linux Kernel 2.4 used 100 Hz and 2.6 increased it to 1000 Hz? They still read the time to the full CTC resolution, so had precisions corresponding to something more like a microsecond. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] How to verify Autokey Identity Schemes?
Hi Steve,
I am posting my questions again in text format. I hoe you can read it this time.
Thank you for your comments. I tried ntpq -c "rv assID flags" command,
it shows the
Identity Scheme that the server supports regardless of what identity
scheme has been installed on the client.
Here are the result of my experiments:
Server Identity scheme | ntpq -c "rv assID flags"
-|--
IFF | 0x417f21
GQ | 0x417f41
IFF and GQ | 0x417f61
"rv assID flags" returns the same value whether I install IFF
parameters, or GQ parameters or none on the client. So my question
again is that how can I verify that IFF or GQ schemes are actually
working?
Association flag shows auth is 'ok' whether I install an Identity
Scheme on the client or not, so it's not an indication that IFF or GQ
is actually being used.
BTW, I found two problems in this
document:http://support.ntp.org/bin/view/Support/ConfiguringAutokey
In sections 6.7.2.5 and 6.7.3.6:
ntp-keygen -T -q `awk '/crypto pw/ { print $3 }' wrote:
>
> Hi Steve,
>
> Thank you for your comments. I tried ntpq -c "rv assID flags" command, it
> shows the
> Identity Scheme that the server supports regardless of what identity scheme
> has been installed on the client.
> Here are the result of my experiments:
>
> Server Identity scheme | ntpq -c "rv assID flags"
> -|--
> IFF | 0x417f21
> GQ | 0x417f41
> IFF and GQ | 0x417f61
>
> "rv assID flags" returns the same value whether I install IFF parameters, or
> GQ parameters or none on the client. So my question again is that how can I
> verify that IFF or GQ schemes are actually working?
>
> Association flag shows auth is 'ok' whether I install an Identity Scheme on
> the client or not, so it's not an indication that IFF or GQ is actually being
> used.
>
> BTW, I found two problems in this
> document:http://support.ntp.org/bin/view/Support/ConfiguringAutokey
>
> In sections 6.7.2.5 and 6.7.3.6:
> ntp-keygen -T -q `awk '/crypto pw/ { print $3 }'
> '-q' option for updatuing keys doesn't work, '-p'works; is this a typo
> in the document?
>
> [root@myserver]# ntp-keygen -T -q `awk '/crypto pw/ { print $3 }'
> Using OpenSSL version 90802f
> Using host myserver group myserver
> Corrupt file ntpkey_host_myserver or wrong key myserver
> error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
>
> Regards
>
> Joe
>
>
>
> On Tue, Dec 13, 2011 at 10:55 AM, Steve Kostecke wrote:
>>
>> On 2011-12-12, Joe Smithian wrote:
>>
>> > I have configured my NTP server and client to use Autokey with IFF
>> > Identity scheme and it's working, client synchronizes to my servers.
>> > It synchronizes with and without copying the IFF parameter to the
>> > client. So I'm wondering if IFF identity scheme is actually being
>> > used; How can I verify that?
>>
>> By checking the association flags.
>>
>> Please see
>> http://support.ntp.org/bin/view/Support/ConfiguringAutokey#Section_6.7.4.
>>
>> --
>> Steve Kostecke
>> NTP Public Services Project - http://support.ntp.org/
>>
>> ___
>> questions mailing list
>> questions@lists.ntp.org
>> http://lists.ntp.org/listinfo/questions
>
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] How to verify Autokey Identity Schemes?
On 2011-12-16, Joe Smithian wrote: > I tried ntpq -c "rv assID flags" command, it shows the Identity Scheme > that the server supports regardless of what identity scheme has been > installed on the client. NTP Authentication is used to authenticate the server to the client. So you need to look at the flags on the client. -- Steve Kostecke NTP Public Services Project - http://support.ntp.org/ ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
