[gentoo-user] NTP problem

[gentoo-user] NTP problem

[Anthony E. Caudel]

My system was off about 10 days and when I turned it back on, I began
getting these messages in my logwatch:

"Time Reset
   time stepped -0.133773
   time stepped -0.662954
   time stepped +0.271164
   time stepped +0.461200
   time stepped -0.787647
<snip>

 Time Reset 25 times (total: -1.239782 s  average: -0.049591 s)

 **Unmatched Entries**
 synchronized to 80.35.31.228, stratum 3
 synchronized to 80.35.31.228, stratum 4
<snip>
 synchronized to 80.35.31.228, stratum 4
 synchronized to 80.35.31.228, stratum 3
 Listening on interface wildcard, 0.0.0.0#123
 Listening on interface eth0, 192.168.1.100#123
 Listening on interface lo, 127.0.0.1#123
 kernel time sync status 0040"

I rebooted thinking it needed to stabilize but it still gets them. I
have ntp-client and ntpd both in the "default" runlevel.

This seems like an awful high number of resets.  Much more than I used
to get.

Tony
-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
   -- Benjamin Franklin
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Brandon Enright]

On Wed, 2006-02-22 at 01:32 -0600, Anthony E. Caudel wrote:
> My system was off about 10 days and when I turned it back on, I began
> getting these messages in my logwatch:
> 
> "Time Reset
>    time stepped -0.133773
>    time stepped -0.662954
>    time stepped +0.271164
>    time stepped +0.461200
>    time stepped -0.787647
> <snip>
> 
>  Time Reset 25 times (total: -1.239782 s  average: -0.049591 s)
> 
>  **Unmatched Entries**
>  synchronized to 80.35.31.228, stratum 3
>  synchronized to 80.35.31.228, stratum 4
> <snip>
>  synchronized to 80.35.31.228, stratum 4
>  synchronized to 80.35.31.228, stratum 3
>  Listening on interface wildcard, 0.0.0.0#123
>  Listening on interface eth0, 192.168.1.100#123
>  Listening on interface lo, 127.0.0.1#123
>  kernel time sync status 0040"
> 
> I rebooted thinking it needed to stabilize but it still gets them. I
> have ntp-client and ntpd both in the "default" runlevel.
> 
> This seems like an awful high number of resets.  Much more than I used
> to get.
> 
> Tony


Those are some pretty big jumps.  What does "ntpq -c peers" and "ntpq -c
rv" output?  Also, what are the first few lines (the restrict entries)
of your ntp.conf?

Brandon

-- 
Brandon Enright
UCSD ACS/Network Operations
bmenrigh@ucsd.edu

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Anthony E. Caudel]

Brandon Enright wrote:
> On Wed, 2006-02-22 at 01:32 -0600, Anthony E. Caudel wrote:
> 
>>My system was off about 10 days and when I turned it back on, I began
>>getting these messages in my logwatch:
>>
>>"Time Reset
>>   time stepped -0.133773
>>   time stepped -0.662954
>>   time stepped +0.271164
>>   time stepped +0.461200
>>   time stepped -0.787647
>><snip>
>>
>> Time Reset 25 times (total: -1.239782 s  average: -0.049591 s)
>>
>> **Unmatched Entries**
>> synchronized to 80.35.31.228, stratum 3
>> synchronized to 80.35.31.228, stratum 4
>><snip>
>> synchronized to 80.35.31.228, stratum 4
>> synchronized to 80.35.31.228, stratum 3
>> Listening on interface wildcard, 0.0.0.0#123
>> Listening on interface eth0, 192.168.1.100#123
>> Listening on interface lo, 127.0.0.1#123
>> kernel time sync status 0040"
>>
>>I rebooted thinking it needed to stabilize but it still gets them. I
>>have ntp-client and ntpd both in the "default" runlevel.
>>
>>This seems like an awful high number of resets.  Much more than I used
>>to get.
>>
>>Tony
> 
> 
> 
> Those are some pretty big jumps.  What does "ntpq -c peers" and "ntpq -c
> rv" output?  Also, what are the first few lines (the restrict entries)
> of your ntp.conf?
> 
> Brandon
> 
ntpq -c peers:

  remote         refid      st t when poll reach   delay   offset jitter
==============================================================================
*ntp3.usv.ro     .PPS.      1 u   70 1024  377  203.080    7.338   1.485

ntpq -rv:

assID=0 status=06a4 leap_none, sync_ntp, 10 events, event_peer/strat_chg,
version="ntpd 4.2.0a@1.1190-r Thu Dec  8 09:35:31 CST 2005 (1)"?,
processor="i686", system="Linux/2.6.15-gentoo-r1", leap=00, stratum=2,
precision=-20, rootdelay=203.080, rootdispersion=34.319, peer=35268,
refid=80.96.120.249,
reftime=c7a69e5a.a3227d02  Wed, Feb 22 2006  2:24:58.637, poll=10,
clock=0xc7a6a0b6.78a5bd94, state=4, offset=7.338, frequency=35.514,
noise=2.162, jitter=0.891, stability=64.582

ntp.conf:

restrict default nomodify nopeer
restrict 127.0.0.1

Tony
-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
   -- Benjamin Franklin
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Brandon Enright]

On Wed, 2006-02-22 at 02:41 -0600, Anthony E. Caudel wrote:
> Brandon Enright wrote:
> > On Wed, 2006-02-22 at 01:32 -0600, Anthony E. Caudel wrote:
> > 
> >>My system was off about 10 days and when I turned it back on, I began
> >>getting these messages in my logwatch:
> >>
> >>"Time Reset
> >>   time stepped -0.133773
> >>   time stepped -0.662954
> >>   time stepped +0.271164
> >>   time stepped +0.461200
> >>   time stepped -0.787647
> >><snip>
> >>
> >> Time Reset 25 times (total: -1.239782 s  average: -0.049591 s)
> >>
> >> **Unmatched Entries**
> >> synchronized to 80.35.31.228, stratum 3
> >> synchronized to 80.35.31.228, stratum 4
> >><snip>
> >> synchronized to 80.35.31.228, stratum 4
> >> synchronized to 80.35.31.228, stratum 3
> >> Listening on interface wildcard, 0.0.0.0#123
> >> Listening on interface eth0, 192.168.1.100#123
> >> Listening on interface lo, 127.0.0.1#123
> >> kernel time sync status 0040"
> >>
> >>I rebooted thinking it needed to stabilize but it still gets them. I
> >>have ntp-client and ntpd both in the "default" runlevel.
> >>
> >>This seems like an awful high number of resets.  Much more than I used
> >>to get.
> >>
> >>Tony
> > 
> > 
> > 
> > Those are some pretty big jumps.  What does "ntpq -c peers" and "ntpq -c
> > rv" output?  Also, what are the first few lines (the restrict entries)
> > of your ntp.conf?
> > 
> > Brandon
> > 
> ntpq -c peers:
> 
>   remote         refid      st t when poll reach   delay   offset jitter
> ==============================================================================
> *ntp3.usv.ro     .PPS.      1 u   70 1024  377  203.080    7.338   1.485
> 
> ntpq -rv:
> 
> assID=0 status=06a4 leap_none, sync_ntp, 10 events, event_peer/strat_chg,
> version="ntpd 4.2.0a@1.1190-r Thu Dec  8 09:35:31 CST 2005 (1)"?,
> processor="i686", system="Linux/2.6.15-gentoo-r1", leap=00, stratum=2,
> precision=-20, rootdelay=203.080, rootdispersion=34.319, peer=35268,
> refid=80.96.120.249,
> reftime=c7a69e5a.a3227d02  Wed, Feb 22 2006  2:24:58.637, poll=10,
> clock=0xc7a6a0b6.78a5bd94, state=4, offset=7.338, frequency=35.514,
> noise=2.162, jitter=0.891, stability=64.582
> 
> ntp.conf:
> 
> restrict default nomodify nopeer
> restrict 127.0.0.1
> 
> Tony


So from your output a couple issues stick out.  You're only peering with
one machine which generally doesn't work so well.  You're probably
better off just using ntpdate periodically if you are only going to
sample one server.

Also, the delay on the server you are polling is over 200 ms.  I'm not
sure where ntp3.usv.ro is located but it is over 260ms for me too.  With
this high network delay, slight network jitter can make your clock think
it is way off.  Your machine thinks it is 7.3 ms off.  If you had more
servers to peer with and *much* lower average delay between those
servers your clock would stabilize.  As it stands now, you clock
probably won't ever stabilize because your network is the primary source
of uncertainty.

For comparison, here is my ntpq -c rv output:

assID=0 status=06f4 leap_none, sync_ntp, 15 events,
event_peer/strat_chg,
version="ntpd 4.2.0a@1.1190-r Mon Oct 17 21:31:52 PDT 2005 (1)"?,
processor="i686", system="Linux/2.6.10-gentoo-r6", leap=00, stratum=2,
precision=-20, rootdelay=21.642, rootdispersion=41.662, peer=12542,
refid=132.249.20.88,
reftime=c7a70d4a.975935fc  Wed, Feb 22 2006 16:18:18.591, poll=10,
clock=0xc7a70dc0.a5847f56, state=4, offset=-0.007, frequency=-31.438,
noise=1.052, jitter=2.529, stability=3.132

Notice my offset is pretty marginal and rootdelay is rather low.  If you
can get your root delay down you should see your offset and stability
improve.

Brandon

-- 
Brandon Enright
UCSD ACS/Network Operations
bmenrigh@ucsd.edu

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Anthony E. Caudel]

Brandon Enright wrote:

> 
> So from your output a couple issues stick out.  You're only peering with
> one machine which generally doesn't work so well.  You're probably
> better off just using ntpdate periodically if you are only going to
> sample one server.
> 
> Also, the delay on the server you are polling is over 200 ms.  I'm not
> sure where ntp3.usv.ro is located but it is over 260ms for me too.  With
> this high network delay, slight network jitter can make your clock think
> it is way off.  Your machine thinks it is 7.3 ms off.  If you had more
> servers to peer with and *much* lower average delay between those
> servers your clock would stabilize.  As it stands now, you clock
> probably won't ever stabilize because your network is the primary source
> of uncertainty.
> 
> For comparison, here is my ntpq -c rv output:
> 
> assID=0 status=06f4 leap_none, sync_ntp, 15 events,
> event_peer/strat_chg,
> version="ntpd 4.2.0a@1.1190-r Mon Oct 17 21:31:52 PDT 2005 (1)"?,
> processor="i686", system="Linux/2.6.10-gentoo-r6", leap=00, stratum=2,
> precision=-20, rootdelay=21.642, rootdispersion=41.662, peer=12542,
> refid=132.249.20.88,
> reftime=c7a70d4a.975935fc  Wed, Feb 22 2006 16:18:18.591, poll=10,
> clock=0xc7a70dc0.a5847f56, state=4, offset=-0.007, frequency=-31.438,
> noise=1.052, jitter=2.529, stability=3.132
> 
> Notice my offset is pretty marginal and rootdelay is rather low.  If you
> can get your root delay down you should see your offset and stability
> improve.
> 
> Brandon
> 

Well, overnight it only reset twice; - some improvement!

Here is my complete ntp.conf:

------------------------------------------------------------
# NOTES:
#  - you should only have to update the server line below
#  - if you start getting lines like 'restrict' and 'fudge'
#    and you didnt add them, AND you run dhcpcd on your
#    network interfaces, be sure to add '-Y -N' to the
#    dhcpcd_ethX variables in /etc/conf.d/net

# Name of the servers ntpd should sync with
# Please respect the access policy as stated by the responsible person.
#server         ntp.example.tld         iburst

server pool.ntp.org

##
# A list of available servers can be found here:
# http://www.pool.ntp.org/
# http://www.pool.ntp.org/#use
# A good way to get servers for your machine is:
# netselect -s 3 pool.ntp.org
##

# you should not need to modify the following paths
driftfile       /var/lib/ntp/ntp.drift

#server ntplocal.example.com prefer
#server timeserver.example.org

# Warning: Using default NTP settings will leave your NTP
# server accessible to all hosts on the Internet.

# If you want to deny all machines (including your own)
# from accessing the NTP server, uncomment:
#restrict default ignore


# To deny other machines from changing the
# configuration but allow localhost:
restrict default nomodify nopeer
restrict 127.0.0.1


# To allow machines within your network to synchronize
# their clocks with your server, but ensure they are
# not allowed to configure the server or used as peers
# to synchronize against, uncomment this line.
#
#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
-------------------------------------------------------------------

Notice I'm using pool.ntp.org. I thought that picked a random server.
In any event, I restarted ntpd and it picked a different server.

ntpq -c peers is now:
------------------------------------------------------------------------------
remote          refid      st t when poll reach   delay   offset  jitter
==============================================================================
*Time2.Stupi.SE  .PPS       1 u   33   64  177  159.568   -4.188   5.881
------------------------------------------------------------------------------

We'll see how this works out.

Tony
-- 
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
   -- Benjamin Franklin
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Boyd Stephen Smith Jr.]

On Wednesday 22 February 2006 12:38, "Anthony E. Caudel" 
<acaudel@gt.rr.com> wrote about 'Re: [gentoo-user] NTP problem':
> Brandon Enright wrote:
> Well, overnight it only reset twice; - some improvement!
>
> Here is my complete ntp.conf:
> # Name of the servers ntpd should sync with
> # Please respect the access policy as stated by the responsible person.
> #server         ntp.example.tld         iburst
>
> server pool.ntp.org

This chooses a single random server from the pool to sync with, which is 
probably not /exactly/ what you want.

You have a few alternatives:
1) Change "server" to "servers".  Then, ntpd will use all the IPs 
associated with the domain name.  As part of the process of syncing it 
will invalidate peers that have long or volatile round-trip times.  It 
will, however, try to connect to 100s (IIRC) of IPs initially.

2) Use:
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

In this case, the daemon will only use the first address from each domain 
name.  <n>.pool.ntp.org (for n = 0-9, IIRC) resolves to the same addresses 
as pool.ntp.org, but the primary address you get back is different each 
time.  (I believe the <n>. prefix is an attempt to prevent local caching, 
which would be a problem if you just repeated your server line 3 times.)

You'll get better times syncing off multiple servers because the daemon can 
use some statistics to remove some of the network latency issues.  
However, you could still get a "bad draw" and get 3 servers far away from 
you.

3) Follow this comment from *your* .conf file:
> # A good way to get servers for your machine is:
> # netselect -s 3 pool.ntp.org

netselect is available from portage, and I think it's generally installed 
during your gentoo install as a dependency of mirrorselect.  In any case, 
you can use it to find 3 (or however many you want to use) servers close 
to you.

Unfortunately, with this method, if better peers are added to the pool, the 
network topology changes, or anything else to invalidate the quality of 
the peers you pick, ntpd won't be able to automagically pick better ones.

Also, for any of these options, you should note the geographic sub-pools 
that are available.  I use us.pool.ntp.org.  For (1) this will reduce the 
number of IPs initially connected to, for (2) it will increase the chance 
that you don't get a bad draw (because, generally, geographically closer 
is closer on the network), for (3) ... Well, actually for 3 you might as 
well pick the best ones from the entire pool.

-- 
Boyd Stephen Smith Jr.
bss03@volumehost.com
ICQ: 514984 YM/AIM: DaTwinkDaddy
-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] NTP problem

[Brandon Enright]

Anthony E. Caudel wrote:
> Brandon Enright wrote:
> 
> >
> > So from your output a couple issues stick out.  You're only peering with
> > one machine which generally doesn't work so well.  You're probably
> > better off just using ntpdate periodically if you are only going to
> > sample one server.
> >
> > Also, the delay on the server you are polling is over 200 ms.  I'm not
> > sure where ntp3.usv.ro is located but it is over 260ms for me too.  With
> > this high network delay, slight network jitter can make your clock think
> > it is way off.  Your machine thinks it is 7.3 ms off.  If you had more
> > servers to peer with and *much* lower average delay between those
> > servers your clock would stabilize.  As it stands now, you clock
> > probably won't ever stabilize because your network is the primary source
> > of uncertainty.
> >
> > For comparison, here is my ntpq -c rv output:
> >
> > assID=0 status=06f4 leap_none, sync_ntp, 15 events,
> > event_peer/strat_chg,
> > version="ntpd 4.2.0a@1.1190-r Mon Oct 17 21:31:52 PDT 2005 (1)"?,
> > processor="i686", system="Linux/2.6.10-gentoo-r6", leap=00, stratum=2,
> > precision=-20, rootdelay=21.642, rootdispersion=41.662, peer=12542,
> > refid=132.249.20.88,
> > reftime=c7a70d4a.975935fc  Wed, Feb 22 2006 16:18:18.591, poll=10,
> > clock=0xc7a70dc0.a5847f56, state=4, offset=-0.007, frequency=-31.438,
> > noise=1.052, jitter=2.529, stability=3.132
> >
> > Notice my offset is pretty marginal and rootdelay is rather low.  If you
> > can get your root delay down you should see your offset and stability
> > improve.
> >
> > Brandon
> >
> 
> Well, overnight it only reset twice; - some improvement!
> 
> Here is my complete ntp.conf:
> 
> ------------------------------------------------------------
> # NOTES:
> #  - you should only have to update the server line below
> #  - if you start getting lines like 'restrict' and 'fudge'
> #    and you didnt add them, AND you run dhcpcd on your
> #    network interfaces, be sure to add '-Y -N' to the
> #    dhcpcd_ethX variables in /etc/conf.d/net
> 
> # Name of the servers ntpd should sync with
> # Please respect the access policy as stated by the responsible person.
> #server         ntp.example.tld         iburst
> 
> server pool.ntp.org
> 
> ##
> # A list of available servers can be found here:
> # http://www.pool.ntp.org/
> # http://www.pool.ntp.org/#use
> # A good way to get servers for your machine is:
> # netselect -s 3 pool.ntp.org
> ##
> 
> # you should not need to modify the following paths
> driftfile       /var/lib/ntp/ntp.drift
> 
> #server ntplocal.example.com prefer
> #server timeserver.example.org
> 
> # Warning: Using default NTP settings will leave your NTP
> # server accessible to all hosts on the Internet.
> 
> # If you want to deny all machines (including your own)
> # from accessing the NTP server, uncomment:
> #restrict default ignore
> 
> 
> # To deny other machines from changing the
> # configuration but allow localhost:
> restrict default nomodify nopeer
> restrict 127.0.0.1
> 
> 
> # To allow machines within your network to synchronize
> # their clocks with your server, but ensure they are
> # not allowed to configure the server or used as peers
> # to synchronize against, uncomment this line.
> #
> #restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
> -------------------------------------------------------------------
> 
> Notice I'm using pool.ntp.org. I thought that picked a random server.
> In any event, I restarted ntpd and it picked a different server.
> 
> ntpq -c peers is now:
> --------------------------------------------------------------------------
> ----
> remote          refid      st t when poll reach   delay   offset  jitter
> ==========================================================================
> ====
> *Time2.Stupi.SE  .PPS       1 u   33   64  177  159.568   -4.188   5.881
> --------------------------------------------------------------------------
> ----
> 
> We'll see how this works out.
> 
> Tony

I can't speak for others but my experience with pool.ntp.org has been very
poor.  Some of the servers are close by and low latency and others are in
far off lands.

You may want to see if you can peer with a local university, military base,
ISP, or company in addition to pool.ntp.org.  There is a lot to say for
reliable average latency over your list of peers.  Adding a few more will
really help out.

Brandon

-- 
Brandon Enright
UCSD ACS/Network Operations
bmenrigh@ucsd.edu

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] NTP problem

[Boyd Stephen Smith Jr.]

On Wednesday 22 February 2006 13:13, "Brandon Enright" <bmenrigh@ucsd.edu> 
wrote about 'RE: [gentoo-user] NTP problem':
> Anthony E. Caudel wrote:
> I can't speak for others but my experience with pool.ntp.org has been
> very poor.  Some of the servers are close by and low latency and others
> are in far off lands.

I've never had a problem, but I use one of the geographic sub-pools.

> You may want to see if you can peer with a local university, military
> base, ISP, or company in addition to pool.ntp.org.  There is a lot to
> say for reliable average latency over your list of peers.  Adding a few
> more will really help out.

That's true.  Also, many ISPs run an NTP server and it's either poorly (or 
purposely not) advertised.  Check ntp.<your isp here> to see if it'll peer 
with you, since it'll probably be about as close as you can get network 
wise.  Heck, they don't advertise it (AFAICT) but the first upstream IP 
from my cable modem has an ntpd listening and you definitely can't get any 
closer than that.

-- 
Boyd Stephen Smith Jr.
bss03@volumehost.com
ICQ: 514984 YM/AIM: DaTwinkDaddy
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] ntp problem

[Bruno Lustosa]

Hello. I'm running ntpd as server on one of my machines, and it keeps
itself in sync with 6 time servers around the globe. The
synchronization works very well.
The problem is when I try to get the other machines on the network to
sync themselves with this one server. Most of them are running linux
(kernel 2.6.x), but some are still running windows.
Some machines can sync fine, and some don't. All of them can reach the
server (same network), and there is no firewall at all.
This is the output I get from ntpq on the machines that don't work:

ntpq> peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6 716.379
ntpq> assoc

ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 15036  9064   yes   yes  none    reject   reachable  6

The only differences between this one and another machines where it's
working fine are the status code (it varies a bit) and the condition
(instead of reject, sys.peer).
The ntp.conf for all machines have just:

server 192.168.7.1

which is the ip address of the time server in question.
I don't know the internals of ntp. What can be wrong in my configuration?

Thanks

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[krzaq]

On 8/23/05, Bruno Lustosa <bruno.lists@gmail.com> wrote:
> Hello. I'm running ntpd as server on one of my machines, and it keeps
> itself in sync with 6 time servers around the globe. The
> synchronization works very well.
> The problem is when I try to get the other machines on the network to
> sync themselves with this one server. Most of them are running linux
> (kernel 2.6.x), but some are still running windows.
> Some machines can sync fine, and some don't. All of them can reach the
> server (same network), and there is no firewall at all.
> This is the output I get from ntpq on the machines that don't work:
> 
> ntpq> peers
>      remote           refid      st t when poll reach   delay   offset  jitter
> ==============================================================================
>  timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6 716.379
> ntpq> assoc
> 
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 15036  9064   yes   yes  none    reject   reachable  6
> 
> The only differences between this one and another machines where it's
> working fine are the status code (it varies a bit) and the condition
> (instead of reject, sys.peer).
> The ntp.conf for all machines have just:
> 
> server 192.168.7.1
> 
> which is the ip address of the time server in question.
> I don't know the internals of ntp. What can be wrong in my configuration?

I am no NTP expert, but there may be nothing wrong with your configuartion.
NTP is a complex protocol. The machine has decided not to sync
with the requested server. It thinks that the provided server is inacurate (the
machine's internal clock is more acurate).

Leave it running a couple of days and then see what happens.

The whole idea is to calculate the drift of the machines internal
clock. NTP will
not trust specified timeservers blindly.

Frankly I think that ntp works best with several timeservers.
If you want your local machines to blindly set the date to your local timeserver
try nptdate instead.

-- 
Regards
Karol Krzak

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

On 8/23/05, krzaq <krzakers@gmail.com> wrote:
> I am no NTP expert, but there may be nothing wrong with your configuartion.
> NTP is a complex protocol. The machine has decided not to sync
> with the requested server. It thinks that the provided server is inacurate (the
> machine's internal clock is more acurate).

Yes, I know it's a complex protocol. However, I didn't put the local
clock (fudge?) on the configuration, hoping it would only take the
time server into account.

> Leave it running a couple of days and then see what happens.

I am leaving them and seeing.
Funny thing, my machine, which was in sync yesterday, is not in sync
anymore today. The offset starts increasing and increasing until it's
several minutes in difference.
I've read something about ntp requiring CONFIG_SECURITY=y and
CONFIG_SECURITY_CAPABILITIES=y on kernel 2.6. They are both activated
on my machine.

> The whole idea is to calculate the drift of the machines internal
> clock. NTP will
> not trust specified timeservers blindly.
> 
> Frankly I think that ntp works best with several timeservers.

Yes, I could put all those time servers on all config files, but is
this the best approach for a network? I thought I could let one of
them synchronize to several servers, and let all others synchronize
from this one. The jitter is minimum, as they are on the same network.

> If you want your local machines to blindly set the date to your local timeserver
> try nptdate instead.

This is what I'm trying to avoid. ntpd is a cleaner solution, as it
records the clock drift instead of just updating the clock every X
hours. In fact, most 'cron solutions' I see are ugly workarounds.

Thanks for the reply.

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Uwe Thiem]

On 23 August 2005 13:36, Bruno Lustosa wrote:
> Hello. I'm running ntpd as server on one of my machines, and it keeps
> itself in sync with 6 time servers around the globe. The
> synchronization works very well.
> The problem is when I try to get the other machines on the network to
> sync themselves with this one server. Most of them are running linux
> (kernel 2.6.x), but some are still running windows.
> Some machines can sync fine, and some don't. All of them can reach the
> server (same network), and there is no firewall at all.
> This is the output I get from ntpq on the machines that don't work:
>
> ntpq> peers
>      remote           refid      st t when poll reach   delay   offset 
> jitter
> ===========================================================================
>=== timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6
                    ^^^^^^^^^^^^^^^
This isn't 192.158.7.1.

> 716.379 ntpq> assoc
>
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 15036  9064   yes   yes  none    reject   reachable  6
>
> The only differences between this one and another machines where it's
> working fine are the status code (it varies a bit) and the condition
> (instead of reject, sys.peer).
> The ntp.conf for all machines have just:
>
> server 192.168.7.1

This one should be the only peer of your inside boxes, no?

Uwe

-- 
95% of all programmers rate themselves among the top 5% of all software 
developers. - Linus Torvalds

http://www.uwix.iway.na (last updated: 20.06.2004)
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

On 8/23/05, Uwe Thiem <uwix@iway.na> wrote:
> timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6
>                     ^^^^^^^^^^^^^^^
> This isn't 192.158.7.1.

Yes, I know. This is the external reference ntp server used by the
timeserver, not by the client. This ip is on the server's ntp.conf.

> > server 192.168.7.1
> 
> This one should be the only peer of your inside boxes, no?

Yes, it's the only one.

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

RE: [gentoo-user] ntp problem

[Michael Kintzios]

> -----Original Message-----
> From: Bruno Lustosa [mailto:bruno.lists@gmail.com] 
> Sent: 23 August 2005 15:30
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] ntp problem
> 
> 
> On 8/23/05, Uwe Thiem <uwix@iway.na> wrote:
> > timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6
> >                     ^^^^^^^^^^^^^^^
> > This isn't 192.158.7.1.
> 
> Yes, I know. This is the external reference ntp server used by the
> timeserver, not by the client. This ip is on the server's ntp.conf.
> 
> > > server 192.168.7.1
> > 
> > This one should be the only peer of your inside boxes, no?
> 
> Yes, it's the only one.

Have you set all the internal clients up as stratum 3, your internal
server as stratum 2 and your external reference timeservers as stratum
1?
-- 
Regards,
Mick

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

On 8/23/05, Michael Kintzios <michaelkintzios@lycos.co.uk> wrote:
> Have you set all the internal clients up as stratum 3, your internal
> server as stratum 2 and your external reference timeservers as stratum
> 1?

No, but do I have to do this manually?
It seems ntp can discover the stratum of the servers by itself.
I have put all the servers I was using in my local server in one
workstation, and am monitoring it now. It seems it's always picking
one of them as peer, though it varies a lot.

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[kashani]

Bruno Lustosa wrote:
> Hello. I'm running ntpd as server on one of my machines, and it keeps
> itself in sync with 6 time servers around the globe. The
> synchronization works very well.
> The problem is when I try to get the other machines on the network to
> sync themselves with this one server. Most of them are running linux
> (kernel 2.6.x), but some are still running windows.
> Some machines can sync fine, and some don't. All of them can reach the
> server (same network), and there is no firewall at all.
> This is the output I get from ntpq on the machines that don't work:
> 
> ntpq> peers
>      remote           refid      st t when poll reach   delay   offset  jitter
> ==============================================================================
>  timeserver     217.160.252.229  3 u   26   64  377    0.214  46927.6 716.379
> ntpq> assoc
> 
> ind assID status  conf reach auth condition  last_event cnt
> ===========================================================
>   1 15036  9064   yes   yes  none    reject   reachable  6
> 
> The only differences between this one and another machines where it's
> working fine are the status code (it varies a bit) and the condition
> (instead of reject, sys.peer).
> The ntp.conf for all machines have just:
> 
> server 192.168.7.1
> 
> which is the ip address of the time server in question.
> I don't know the internals of ntp. What can be wrong in my configuration?

That offset looks rather large. NTP really wants to make constant small 
changes, not a single huge change. This is why the ntpd setup allows for 
an immediate sync via ntpdate before starting the daemon. To fix this 
I'd shut down ntpd, run ntpdate 192.168.7.1, and then start ntpd again.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

On 8/23/05, kashani <kashani-list@badapple.net> wrote:
> That offset looks rather large. NTP really wants to make constant small
> changes, not a single huge change. This is why the ntpd setup allows for
> an immediate sync via ntpdate before starting the daemon. To fix this
> I'd shut down ntpd, run ntpdate 192.168.7.1, and then start ntpd again.

That's what I did yesterday before leaving work. It synced with
ntpdate, and I left ntpd running. Today, the offset was like that.
That's what I don't understand.

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[krzaq]

On 8/23/05, Bruno Lustosa <bruno.lists@gmail.com> wrote:
> On 8/23/05, kashani <kashani-list@badapple.net> wrote:
> > That offset looks rather large. NTP really wants to make constant small
> > changes, not a single huge change. This is why the ntpd setup allows for
> > an immediate sync via ntpdate before starting the daemon. To fix this
> > I'd shut down ntpd, run ntpdate 192.168.7.1, and then start ntpd again.
> 
> That's what I did yesterday before leaving work. It synced with
> ntpdate, and I left ntpd running. Today, the offset was like that.
> That's what I don't understand.
Hmmmm...
If you specify one timeserver, ntp cannot tell which clock is drifting
away (local
or remote). Ntpd trusts the local clock more than the remote one.
Large offsets cause ntpd to discard 192.168.7.1 as reliable timesource.
Try adding on this one machine more time servers and observe what will happen.

-- 
Regards
Karol Krzak

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

On 8/23/05, krzaq <krzakers@gmail.com> wrote:
> Hmmmm...
> If you specify one timeserver, ntp cannot tell which clock is drifting
> away (local
> or remote). Ntpd trusts the local clock more than the remote one.
> Large offsets cause ntpd to discard 192.168.7.1 as reliable timesource.
> Try adding on this one machine more time servers and observe what will happen.

I have another network of servers that are on a hosting company. I'll
set up ntpd on one of those machines and let the internal machines get
in sync with these 2 servers and see what happens.
I guess I have lots of things to learn about ntp's internals.

Thanks

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[Bruno Lustosa]

Just as a sidenote. My machine is running dhcpcd, and it sometimes
overwrites /etc/ntp.conf for some reason, even though I have
'dhcpcd_eth0="-N"' on /etc/conf.d/net.
I don't know how to make dhcpcd leave /etc/ntp.conf alone OR make it
write a correct ntp.conf (without a bunch of 'restrict' lines).

-- 
Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
Network Administrator/Web Programmer | ICQ: 1406477
Rio de Janeiro - Brazil              |

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] ntp problem

[W.Kenworthy]

try 'dhcpcd_eth0="-dRNDt 5"'

ntp will refuse to sync if it sees too much drift/too much time
difference between itself and the upstream.  Its not overly verbose in
telling you this however.

add "tinker panic 0" as the first line to each ntp.conf (inc your
server)

Its also a good idea to add a default fallback server to each ntp.conf
(inc the server)

"fudge 127.127.1.0 stratum 7"
"server 127.127.1.0"

10 is a good fallback stratum as an unlocked clock is 16, but due to
local config issues (I think) I set mine to 7 - now I cant remember why
so have to go investigate it ... dont forget to document why you do
things!

BillK


On Tue, 2005-08-23 at 11:28 -0300, Bruno Lustosa wrote:
> Just as a sidenote. My machine is running dhcpcd, and it sometimes
> overwrites /etc/ntp.conf for some reason, even though I have
> 'dhcpcd_eth0="-N"' on /etc/conf.d/net.
> I don't know how to make dhcpcd leave /etc/ntp.conf alone OR make it
> write a correct ntp.conf (without a bunch of 'restrict' lines).
> 
> -- 
> Bruno Lustosa, aka Lofofora          | Email: bruno@lustosa.net
> Network Administrator/Web Programmer | ICQ: 1406477
> Rio de Janeiro - Brazil              |
> 

-- 
gentoo-user@gentoo.org mailing list