Re: [ntp:questions] Running NTP servers with different time offsets relative to some common "root" server?
Hi Tobias, sorry for the late reply. Your email via the mailing list just arrived in my mailbox. Tobias Gierke wrote: > Hi everyone, > > I'm facing a NTP-relateded challenge at work and hope that somebody on > this list has maybe solved a similar problem already: > > - Our product is a system consisting of multiple components that may or > may not run on the same host and all parts require time synchronization > at all times because we're processing timestamped measurement data A basic question is: Which accuracy is required for your application? > - Our application does a lot of heavy computation triggered at the start > of every minute (by crond) > - Since a lot of different application versions are deployed in the > field and customers are slow to upgrade, we need to test many different > versions of our application in our lab > - To ease hardware requirements for testing we run all those different > versions of our application inside virtual machines, currently all > synced to the same NTP server The next question is: Which virtualization software do you use? How accurately the system time can be synchronized depends strongly on the type and version of the virtualization software. > - Since all those VMs are synchronized to the same server, all cron jobs > on those VMs kick in at the same time, overloading the VM host periodically Yes, and the the VMs can easily loose time. > I already looked into a simple solution (like being able to pass some > magic "--offset XX seconds" option to ntpd) but it seems there is no > such thing. There is no such thing when you specify remote NTP servers. It is possible, however, to specify a time offset for hardware reference clocks (i.e. server 127.127.x.y). > > So my current idea is to > > 1.) have 4 different time servers that each are offset from all the > others by 15 seconds (so server #1 would have offset 00 seconds, server > #2 would have offset 15 seconds, etc.) > 2.) configure those servers with ULC w/ PPS and hook-up the same PPS to > all 4 servers OR have one PPS source for each server and have all of > them sync to a common source (like a DCF77 time signal) > > My problems are with the second step: I don't have a PPS source, I only > have a Meinberg DCF600 USB > (https://www.meinbergglobal.com/english/products/usb-dcf77-clock.htm), > but I couldn't find any documentation on how to use it as a PPS source > only (and ignore the actual "time" part of the synchronization). Actually, the DCF600USB doesn't provide a 1 PPS output by default because the accuracy derived from the standard DCF77 AM signal is anyway about a few milliseconds only. You get this level of accuracy also via the driver software, and unlike with GPS receivers an additional 1 PPS signal doesn't significantly improve the accuracy in this case. > Furthermore I don't really want to buy 3 more of those clocks if I can > help it (especially considering the fact that we might need even more > different "time domains" as the number of VMs increases). The DCF600USB provides a 1 PPS signal internally, which can be easily made available to the outside world. If you want you can give me a phone call so we can discuss how you could do this. Please find my phone number below. Regards, Martin -- Martin Burnicki Senior Software Engineer MEINBERG Funkuhren GmbH & Co. KG Email: martin.burni...@meinberg.de Phone: +49 5281 9309-414 Linkedin: https://www.linkedin.com/in/martinburnicki/ Lange Wand 9, 31812 Bad Pyrmont, Germany Amtsgericht Hannover 17HRA 100322 Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung Websites: https://www.meinberg.de https://www.meinbergglobal.com Training: https://www.meinberg.academy ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 06/25/19 19:35, William Unruh wrote: On 2019-06-25, Chris wrote: ... Thanks again for the replies. Did a bit of digging this morning and find that the 1pps sync stuff has been done before. Well, many years ago in fact and more or less how I had visualised it - ntp data augmented by the 1 pps signal. Several pointers to the way forward and it's also supported in the FreeBSD kernel, using either a pin on a serial or parallel port for the 1 pps. Probably go for the parallel port, as that avoids the hardware to convert 1 pps ttl to rs232 levels. Except most serial ports actually used on computers handle ttl levels just fine. True, but would not rely on that sort of hack for anything serious, as it won't have good noise immunity for what is a nS scale timing signal. The 1pps from the gps is at ttl or cmos level on a different piece of kit in another box. A diff line driver and receiver might be the best way, though that would need a bit more hardware. Devil is in the detail as usual, but just need to get it working to start with. Stratum 1 says nothing about accuracy. You could have stratum 1 come off smoke signals and have an accuracy of minutes, and a stratum 7 have an accuracy of usec. All it indicates is how many steps the time server is from a hardware time source. It says nothing about how good that time source is, or how good the connection is between servers. The docs i've looked at seem to say that stratum 1 is generally assumed to be caesium or gps, though the number of links would affect it. Just trying work it out so what appears on the net is as good as the standard it refers to... Chris ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 06/21/19 15:48, Jakob Bohm wrote: On 21/06/2019 15:14, Thomas Laus wrote: On 2019-06-21, David Woolley wrote: On 21/06/2019 12:26, Thomas Laus wrote: Will either isolation solution have direct access to the computer CPU? The GPS clock will need the ability to directly adjust the frequency of the CPU to achieve expected results for a Stratum 1 serve I'm not aware of anything in ntpd that directly adjusts the CPU frequency and there generally isn't any fine grained way of doing that. ntpd normally works by adjusting how many cycles of a fixed frequency represent a certain time period, and that is a software operation. I guess that I should have stated this reply a little differently. I meant to say that ntpd will need direct access to the hardware that it runs on. That means a hardware serial port for pulse per second and the running system clock frequency. The ntpd program does not perform well when running on a virtual machine nor in a isolated security environment similar to a freebsd jail. My advice to the original poster is to get ntpd running as a stratum 1 source and then connect it to the internet with the fewest number of inter- mediate hops in between. I doubt that this is possible if the Stratum 1 time source can be connected through any buffer device to the internet and still serve Stratum 1 time. The deeper problem here is that the NTP protocol doesn't clearly distinguish between a stratum 2 server running dozens of low quality hops from it's time sources and a stratum 2 server that sits a single hop from a solid stratum 1 source. On the other hand, a GPS, WWVB or other radio clock isn't really a stratum 1, as it receives remote time over a non-NTP protocol, so that sort of cancels out the stratum 2 reported due to the stacking. Running the Internet-exposed ntp server in a bastion host separate from the difficult-to-upgrade old hardware makes perfect sense, and an ntpd server without same machine precision time sources only needs the permissions to use port 123 and to adjust the local clock (including it's speed) via the various privileged system calls. Running the computer clocks in such a bastion host from a quality crystal rather than a cheap ceramic oscillator would also help reduce time errors, but this is in the hardware buying phase and not a detail typically provided by computer vendors. I suspect the ntp servers run by national time services and synced to their reference Cs and maser clocks are also receiving the time via some kind of internal network, either ntp with stratum fudge, PTP low latency Ethernet distribution or an amplified low latency coax distribution of the 1Hz or 10MHz reference (the latter would be most precise and offer no data channel for a compromised server to attack the actual clock). Enjoy Jakob Thanks for all the replies. I guess the next thing to do is to build a working system, then evaluate to see how it can be improved. All the kit is in the same rack and with dedicated hardware interfaces, network latency shouldn't be a problem. This is effectively a real time requirement, so any code running needs to be consistent in terms of response time to minimise jitter on the timing. Need to get a feel for acceptable delay and response times, so will look to see what others have done in the past. I like the idea of using a 1 pps signal from the gps for fine tuning. Rough time and date via the network ntp and the 1pps to fine tune it. That could maintain the stratum 1 timing quality, as the 1pps is generally within 10's of nS of UTC, but need to look into how ntpd would handle that and also how to introduce that into the system. Already use an ex telco gps for a lab frequency standard, but of course, frequency != time of day. A dedicated embedded solution might be the best bet, but other options might include a cheap netgear router to provide the isolation, as it would only be handling ntp packets at low and consistent system and network load. Nothing is ever as easy as it seems, as usual... Chris ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 06/25/19 10:52, David Taylor wrote: On 25/06/2019 01:33, Chris wrote: [] Thanks for all the replies. I guess the next thing to do is to build a working system, then evaluate to see how it can be improved. All the kit is in the same rack and with dedicated hardware interfaces, network latency shouldn't be a problem. This is effectively a real time requirement, so any code running needs to be consistent in terms of response time to minimise jitter on the timing. Need to get a feel for acceptable delay and response times, so will look to see what others have done in the past. I like the idea of using a 1 pps signal from the gps for fine tuning. Rough time and date via the network ntp and the 1pps to fine tune it. That could maintain the stratum 1 timing quality, as the 1pps is generally within 10's of nS of UTC, but need to look into how ntpd would handle that and also how to introduce that into the system. Already use an ex telco gps for a lab frequency standard, but of course, frequency != time of day. A dedicated embedded solution might be the best bet, but other options might include a cheap netgear router to provide the isolation, as it would only be handling ntp packets at low and consistent system and network load. Nothing is ever as easy as it seems, as usual... Chris Chris, would one or more of these help? http://www.leobodnar.com/shop/index.php?main_page=product_info_id=272 No OS to get in the way. Thanks, neat looking box, but already have the gps ntp servers. The question was how to maintain the stratum one accuracy while going through a firewall device to the net. looks like all the hard work has been done though. Open source comes to the rescue yet again... Chris ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 06/25/19 11:34, William Unruh wrote: On 2019-06-25, Chris wrote: On 06/21/19 15:48, Jakob Bohm wrote: On 21/06/2019 15:14, Thomas Laus wrote: On 2019-06-21, David Woolley wrote: On 21/06/2019 12:26, Thomas Laus wrote: Will either isolation solution have direct access to the computer CPU? The GPS clock will need the ability to directly adjust the frequency of the CPU to achieve expected results for a Stratum 1 serve I'm not aware of anything in ntpd that directly adjusts the CPU frequency and there generally isn't any fine grained way of doing that. ntpd normally works by adjusting how many cycles of a fixed frequency represent a certain time period, and that is a software operation. I guess that I should have stated this reply a little differently. I meant to say that ntpd will need direct access to the hardware that it runs on. That means a hardware serial port for pulse per second and the running system clock frequency. The ntpd program does not perform well when running on a virtual machine nor in a isolated security environment similar to a freebsd jail. My advice to the original poster is to get ntpd running as a stratum 1 source and then connect it to the internet with the fewest number of inter- mediate hops in between. I doubt that this is possible if the Stratum 1 time source can be connected through any buffer device to the internet and still serve Stratum 1 time. The deeper problem here is that the NTP protocol doesn't clearly distinguish between a stratum 2 server running dozens of low quality hops from it's time sources and a stratum 2 server that sits a single hop from a solid stratum 1 source. On the other hand, a GPS, WWVB or other radio clock isn't really a stratum 1, as it receives remote time over a non-NTP protocol, so that sort of cancels out the stratum 2 reported due to the stacking. Running the Internet-exposed ntp server in a bastion host separate from the difficult-to-upgrade old hardware makes perfect sense, and an ntpd server without same machine precision time sources only needs the permissions to use port 123 and to adjust the local clock (including it's speed) via the various privileged system calls. Running the computer clocks in such a bastion host from a quality crystal rather than a cheap ceramic oscillator would also help reduce time errors, but this is in the hardware buying phase and not a detail typically provided by computer vendors. I suspect the ntp servers run by national time services and synced to their reference Cs and maser clocks are also receiving the time via some kind of internal network, either ntp with stratum fudge, PTP low latency Ethernet distribution or an amplified low latency coax distribution of the 1Hz or 10MHz reference (the latter would be most precise and offer no data channel for a compromised server to attack the actual clock). Enjoy Jakob Thanks for all the replies. I guess the next thing to do is to build a working system, then evaluate to see how it can be improved. All the kit is in the same rack and with dedicated hardware interfaces, network latency shouldn't be a problem. This is effectively a real time requirement, so any code running needs to be consistent in terms of response time to minimise jitter on the timing. Need to get a feel for acceptable delay and response times, so will look to see what others have done in the past. I like the idea of using a 1 pps signal from the gps for fine tuning. Rough time and date via the network ntp and the 1pps to fine tune it. That could maintain the stratum 1 timing quality, as the 1pps is generally within 10's of nS of UTC, but need to look into how ntpd Well, yes and no. That may be when a certain point inthe transition of the pps signal occurs (although youwoillo have to be really careful about the line from the gps to the computer, and the terminations of the lines. Also that tends to be the corrected time (for the sawtooth running). Also it is really hard to get your computer to process the signal to 0ns. A more resonable estimate is 1microsecond Taking intoaccunt the computer's interrupt latency, time to read system time, etc. To do better is going to take a lot of work. Note the gps ALSO delivers the seconds information in the gps time signal. (Ie labelling the seconds). would handle that and also how to introduce that into the system. Already use an ex telco gps for a lab frequency standard, but of course, frequency != time of day. A dedicated embedded solution might be the best bet, but other options might include a cheap netgear router to provide the isolation, as it would only be handling ntp packets at low and consistent system and network load. Nothing is ever as easy as it seems, as usual... Depends on what you want out of the system, or rather what you need. No point is spending months and tens of thousands of dollars when all you really need is resultion to the second. Chris Hi, Thanks again for the replies. Did a bit of digging
Re: [ntp:questions] Time server question
On 21/06/2019 15:14, Thomas Laus wrote: On 2019-06-21, David Woolley wrote: On 21/06/2019 12:26, Thomas Laus wrote: Will either isolation solution have direct access to the computer CPU? The GPS clock will need the ability to directly adjust the frequency of the CPU to achieve expected results for a Stratum 1 serve I'm not aware of anything in ntpd that directly adjusts the CPU frequency and there generally isn't any fine grained way of doing that. ntpd normally works by adjusting how many cycles of a fixed frequency represent a certain time period, and that is a software operation. I guess that I should have stated this reply a little differently. I meant to say that ntpd will need direct access to the hardware that it runs on. That means a hardware serial port for pulse per second and the running system clock frequency. The ntpd program does not perform well when running on a virtual machine nor in a isolated security environment similar to a freebsd jail. My advice to the original poster is to get ntpd running as a stratum 1 source and then connect it to the internet with the fewest number of inter- mediate hops in between. I doubt that this is possible if the Stratum 1 time source can be connected through any buffer device to the internet and still serve Stratum 1 time. The deeper problem here is that the NTP protocol doesn't clearly distinguish between a stratum 2 server running dozens of low quality hops from it's time sources and a stratum 2 server that sits a single hop from a solid stratum 1 source. On the other hand, a GPS, WWVB or other radio clock isn't really a stratum 1, as it receives remote time over a non-NTP protocol, so that sort of cancels out the stratum 2 reported due to the stacking. Running the Internet-exposed ntp server in a bastion host separate from the difficult-to-upgrade old hardware makes perfect sense, and an ntpd server without same machine precision time sources only needs the permissions to use port 123 and to adjust the local clock (including it's speed) via the various privileged system calls. Running the computer clocks in such a bastion host from a quality crystal rather than a cheap ceramic oscillator would also help reduce time errors, but this is in the hardware buying phase and not a detail typically provided by computer vendors. I suspect the ntp servers run by national time services and synced to their reference Cs and maser clocks are also receiving the time via some kind of internal network, either ntp with stratum fudge, PTP low latency Ethernet distribution or an amplified low latency coax distribution of the 1Hz or 10MHz reference (the latter would be most precise and offer no data channel for a compromised server to attack the actual clock). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 2019-06-21, David Woolley wrote: > On 21/06/2019 12:26, Thomas Laus wrote: >> Will either isolation solution have direct access to the computer >> CPU? The GPS clock will need the ability to directly adjust the >> frequency of the CPU to achieve expected results for a Stratum 1 >> serve > > I'm not aware of anything in ntpd that directly adjusts the CPU > frequency and there generally isn't any fine grained way of doing that. > ntpd normally works by adjusting how many cycles of a fixed frequency > represent a certain time period, and that is a software operation. > I guess that I should have stated this reply a little differently. I meant to say that ntpd will need direct access to the hardware that it runs on. That means a hardware serial port for pulse per second and the running system clock frequency. The ntpd program does not perform well when running on a virtual machine nor in a isolated security environment similar to a freebsd jail. My advice to the original poster is to get ntpd running as a stratum 1 source and then connect it to the internet with the fewest number of inter- mediate hops in between. I doubt that this is possible if the Stratum 1 time source can be connected through any buffer device to the internet and still serve Stratum 1 time. -- Public Keys: PGP KeyID = 0x5F22FDC1 GnuPG KeyID = 0x620836CF ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Time server question
On 2019-06-20, Chris wrote: > Have a couple of surplus gps based ntp servers that have been > used for time sync in the lab for few years. They are on a UPS > with several hours backup and seems like a good idea to use > them to contribute to the ntp global network. > > Don't want to expose them directly to the net, so plan to > isolate them, either via a Solaris zone or > FreeBSD jail. This will have 2 network interfaces, ntp subnet > facing and the other to internet via the firewall. The ntp > side will run ntp client, internet side runs ntp server. > Will either isolation solution have direct access to the computer CPU? The GPS clock will need the ability to directly adjust the frequency of the CPU to achieve expected results for a Stratum 1 server. > Question is, will such an intermediate machine degrade the > time served, or will it still be reported as a stratum 1 > source. Seems a waste otherwise. > > ntpq -p currently reports: > > remote refid st t when poll reach delay offset disp >= > *chronos .GPS. 1 u 23 64 377 0.18 -0.0180.03 > +nts100.GPS. 1 u 21 64 377 0.46 -0.0710.08 > That looks like a good billboard and should make a good S1 time server if you can resolve your concerns about making it available as an internet host. Tom -- Public Keys: PGP KeyID = 0x5F22FDC1 GnuPG KeyID = 0x620836CF ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] Running NTP servers with different time offsets relative to some common "root" server?
Hi everyone, I'm facing a NTP-relateded challenge at work and hope that somebody on this list has maybe solved a similar problem already: - Our product is a system consisting of multiple components that may or may not run on the same host and all parts require time synchronization at all times because we're processing timestamped measurement data - Our application does a lot of heavy computation triggered at the start of every minute (by crond) - Since a lot of different application versions are deployed in the field and customers are slow to upgrade, we need to test many different versions of our application in our lab - To ease hardware requirements for testing we run all those different versions of our application inside virtual machines, currently all synced to the same NTP server - Since all those VMs are synchronized to the same server, all cron jobs on those VMs kick in at the same time, overloading the VM host periodically I already looked into a simple solution (like being able to pass some magic "--offset XX seconds" option to ntpd) but it seems there is no such thing. So my current idea is to 1.) have 4 different time servers that each are offset from all the others by 15 seconds (so server #1 would have offset 00 seconds, server #2 would have offset 15 seconds, etc.) 2.) configure those servers with ULC w/ PPS and hook-up the same PPS to all 4 servers OR have one PPS source for each server and have all of them sync to a common source (like a DCF77 time signal) My problems are with the second step: I don't have a PPS source, I only have a Meinberg DCF600 USB (https://www.meinbergglobal.com/english/products/usb-dcf77-clock.htm), but I couldn't find any documentation on how to use it as a PPS source only (and ignore the actual "time" part of the synchronization). Furthermore I don't really want to buy 3 more of those clocks if I can help it (especially considering the fact that we might need even more different "time domains" as the number of VMs increases). Any ideas? Thanks in advance, Tobias ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] Time server question
Have a couple of surplus gps based ntp servers that have been used for time sync in the lab for few years. They are on a UPS with several hours backup and seems like a good idea to use them to contribute to the ntp global network. Don't want to expose them directly to the net, so plan to isolate them, either via a Solaris zone or FreeBSD jail. This will have 2 network interfaces, ntp subnet facing and the other to internet via the firewall. The ntp side will run ntp client, internet side runs ntp server. Question is, will such an intermediate machine degrade the time served, or will it still be reported as a stratum 1 source. Seems a waste otherwise. ntpq -p currently reports: remote refid st t when poll reach delay offset disp = *chronos .GPS. 1 u 23 64 377 0.18 -0.0180.03 +nts100.GPS. 1 u 21 64 377 0.46 -0.0710.08 Thanks, Chris ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
