[ntp:questions] Stratum 0 server rejected by clients

Dirk Langner dirkl at silexmedia.com
Thu Dec 14 15:57:40 UTC 2006


Hello everybody, 

We're facing a problem, that we have ntp-servers with synchronized
system time by an external clock. The ntp servers are now distributing
the (synchronized) time to all other servers. This works well at the
first time, the ntp-servers are seen as peers on most of the clients,
sanity checks are passed. But it seems that after a while the ntp
clients are going to reject all their servers due to not passing the
sanity checks, which means, that the time is not synchronized any more
on those systems.

The paper "Using NTP to Control and Synchronize System Clocks - Part
III" by Sun blueprints Online says in NTP Algorithms/Sanity Checks, step
6: "...that servers, which are not connected to a root time source, will
be ignored." So is this now the reason why the ntpclients are going to
reject the servers or am I missing something? And if so: is there any
chance to get the system time (which is synchronized - see below)
distributed via NTP?

Some words to the setup: 
Four ntp-servers ntpserver[1-4] are synchronized via serial lines to a
single external timesource. On these system a deamon (which does mainly
other things) adjusts the system time according to these serial signals
at least every 10 minutes. I can't switch to other / external ntp
servers, since I need this one and only time (broadcast environment) and
the servers are sitting on an isolated network. The external device is a
LTC timecode converted by a Miranda Littlered, the serial signals are
processed by a deamon, which is exclusively connected to the serial
port.

ntpserver1 8# more /etc/ntp.conf
# Generic ntp.conf file
#
# See documentation for more options
#
# add as many server as required
server 127.127.1.0
fudge 127.127.1.0 stratum 0 refid LTC1

broadcast 192.168.58.255 ttl 2

driftfile /etc/ntp.drift

# don't set local clock
disable ntp

This last setting is necessary to disable the setting of the system
clock by ntp, the system time of the ntp-server shall exclusively set by
the deamon. 

The ntp clients listen to only these servers.
ntpclient 14# more /etc/ntp.conf
# Generic ntp.conf file
#
# See documentation for more options
#
# add as many server as required
server ntpserver1 prefer
server ntpserver2
server ntpserver3
server ntpserver4

driftfile /etc/ntp.drift

# monitor no
# authenticate no
#
broadcastclient yes
# multicastclient

Especially if the ntp deamon is started on one ntp-server, this server
is picked up as a peer (or at least a candidate). 
ntpclient 3# ntpq
ntpq> pe
     remote           refid      st t when poll reach   delay   offset
jitter
========================================================================
======
*ntpserver1 .LTC1.           1 u   20   64  377    0.502  -32.966
0.258
+ntpserver2 .LTC1.           1 u   25   64  377    0.441  -32.922
0.155
+ntpserver3 .LTC1.           1 u   51   64  377    0.511  -33.044
0.224
-ntpserver4 .LTC1.           1 u   11   64  377    0.431  -33.129
0.098
ntpq> ass
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 49084  96f4   yes   yes  none  sys.peer   reachable 15
  2 49085  94f4   yes   yes  none  candidat   reachable 15
  3 49086  94f4   yes   yes  none  candidat   reachable 15
  4 49087  93f4   yes   yes  none   outlyer   reachable 15
ntpq> readvar
status=06f4 leap_none, sync_ntp, 15 events, event_peer/strat_chg,
version="ntpd 4.1.1 at 1.786 Wed Jan 19 14:18:56 PST 2005 (1)",
processor="IP35", system="IRIX646.5", leap=00, stratum=2, precision=-18,
rootdelay=0.502, rootdispersion=837.489, peer=49084,
refid=ntpserver1,
reftime=c92252a9.504955b4  Thu, Dec  7 2006  9:43:21.313, poll=6,
clock=c92252d4.4004102f  Thu, Dec  7 2006  9:44:04.250, state=4,
offset=-32.966, frequency=195.127, jitter=0.178, stability=0.127

ntpq> readvar 49084
status=96f4 reach, conf, sel_sys.peer, 15 events, event_reach,
srcadr=ntpserver1, srcport=123, dstadr=<ntpclient>,
dstport=123, leap=00, stratum=1, precision=-18, rootdelay=0.000,
rootdispersion=827.820, refid=LTC1, reach=377, unreach=0, hmode=3,
pmode=4, hpoll=6, ppoll=6, flash=00 ok, keyid=0, offset=-32.883,
delay=0.471, dispersion=0.943, jitter=0.083,
reftime=c92252b3.f02f0e0a  Thu, Dec  7 2006  9:43:31.938,
org=c92252ea.4a8997c3  Thu, Dec  7 2006  9:44:26.291,
rec=c92252ea.53041461  Thu, Dec  7 2006  9:44:26.324,
xmt=c92252ea.52e3821a  Thu, Dec  7 2006  9:44:26.323,
filtdelay=     0.47    0.50    0.51    0.48    0.48    0.51    0.49
0.51,
filtoffset=  -32.88  -32.97  -33.22  -33.26  -33.46  -33.51  -33.67
-33.86,
filtdisp=      0.01    0.98    1.96    2.90    3.86    4.82    5.77
6.73
ntpq>

After some time the servers are going to be rejected, although the
sanity checks are passed. The associations are going to be 

ntpclient 2# ntpq
ntpq> pe
     remote           refid      st t when poll reach   delay   offset
jitter
========================================================================
======
 ntpserver1 .LTC1.           1 u   44   64  377    0.033  88339.7
28.006
 ntpserver2 .LTC1.           1 u   48   64  377    0.064  88338.0
27.700
 ntpserver3 .LTC1.           1 u   59   64  377    0.059  88333.4
27.613
ntpq> ass
ind assID status  conf reach auth condition  last_event cnt
===========================================================
  1 60236  9034   yes   yes  none    reject   reachable  3
  2 60237  9034   yes   yes  none    reject   reachable  3
  3 60238  9034   yes   yes  none    reject   reachable  3
ntpq> readvar
status=00f4 leap_none, sync_unspec, 15 events, event_peer/strat_chg,
version="ntpd 4.1.1 at 1.786 Wed Jan 19 14:18:56 PST 2005 (1)",
processor="IP35", system="IRIX646.5", leap=00, stratum=16,
precision=-18, rootdelay=0.442, rootdispersion=4115.402, peer=0,
refid=ntpserver1,
reftime=c9249b12.cc18c5c9  Sat, Dec  9 2006  3:16:50.797, poll=4,
clock=c927cc57.727e846a  Mon, Dec 11 2006 13:23:51.447, state=2,
offset=0.000, frequency=-259.475, jitter=13.014, stability=213.142

(Note: I've removed the falseticker here)

Thanks for help, 
	Dirk

 
_______________________________________________________________________
  Dirk Langner						 Silex Media
GmbH
  E-Mail: dirkl at silexmedia.com		Tel.: +49 (0) 89 / 45 125 49-14




More information about the questions mailing list