[ntp:questions] NTP Sync Issues

Richard B. Gilbert rgilbert88 at comcast.net
Sun Jun 8 12:15:08 UTC 2008


Adam Johnson wrote:
> We have 3 sites and we are experiencing some strange problems in one of
> the sites. We use NTP to keep the servers in time and this works fine
> for 2 of the sites but in one of the site we get these errors in the log
> 
> ntpd[30062]: synchronized to server, stratum 3
> ntpd[30062]: no servers reachable
> ntpd[30062]: synchronized to server, stratum 3
> ntpd[30062]: time reset +2.119167 s
> ntpd[30062]: synchronized to server, stratum 3
> 
> For some reason the servers in that site seems to drop back between 2
> and 3 seconds behind the other sites for no apparent reason. Both the
> other sites work without any problem. We have run a packet capture at a
> working site and at the site with the problems and we dont see any
> differences other than the server becoming unsychronized frequently. We
> have checked the main firewall and that is not blocking access and the
> local firewalls are disabled. All our sites are connected via a
> dedicated link and I have tried connecting to ntp servers in the other
> sites and the problem persists. It looks like something local keeps
> changing the time but I can figure out what.
> 
>  
> 
> The ntp.conf is the same for all sites except the servers are different.
> I have tried using burst and iburst but that hasnt worked.
> 
>  
> 
> # Permit time synchronization with our time source, but do not
> 
> # permit the source to query or modify the service on this system.
> 
> restrict default kod nomodify notrap nopeer noquery
> 
> restrict -6 default kod nomodify notrap nopeer noquery
> 
>  
> 
> # Permit all access over the loopback interface.  This could
> 
> # be tightened as well, but to do so would effect some of
> 
> # the administrative functions.
> 
> restrict 127.0.0.1
> 
> restrict -6 ::1
> 
>  
> 
> server ipAddres iburst
> 
> restrict networkAddress mask networkMask
> 
> server ipAddres iburst
> 
> restrict networkAddress mask networkMask
> 
>  
> 
> driftfile /var/lib/ntp/drift
> 
> 
> Any help would be greatly appreciated.
> 
> Thanks

If the above accurately describes the REAL configuration, you have 
exactly two upstream servers which is the worst possible configuration!
When the two disagree, which one should NTPD believe?

Four servers are the minimum for a robust configuration.  Five, seven, 
and nine are the remaining "magic" numbers.  Few sites actually need 
more than four or five upstream servers.

DO NOT use burst!  Burst was a special purpose hack intended for sites 
that connect to a server by telephone two or three times a day.  Iburst 
is good.  Burst, except in the special circumstances it was designed for 
places a heavy and unwarranted load on its servers!




More information about the questions mailing list