[ntp:questions] NTP 4.2.6p3 multicast server not visible in orphan peer to peer mode?

Wu, Bailey Bailey.Wu at thalesgroup.com.au
Wed Apr 6 00:27:52 UTC 2011


My setting for clients and server are very similar to those below. but the HPUX clients seem to only see two servers at a time (instead of 4 as would be expected). I'm also noticing that some solaris clients are not able to ntpdate to the servers.

Here's my ntp config files.

Server1
------------------------
tinker stepout 192
broadcast 224.0.1.1 ttl 4
driftfile /var/ntp/ntp.drift
tos orphan 3

Server2
-----------------------
tinker stepout 192
broadcast 224.0.1.1 ttl 4
driftfile /var/ntp/ntp.drift
tos orphan 3
server Server1 true maxpoll 6 iburst

HPUX1 (This client only sees 2 Server2 sources and nothing from Server1, this client runs ntp 3.5f)
------------------------
driftfile /etc/ntp.drift
manycastclient 224.0.1.1

HPUX2 (This client only sees 2 Server2 sources and nothing from Server1, this client runs ntp 3.5f)
------------------------
driftfile /etc/ntp.drift
manycastclient 224.0.1.1

Solaris1 (this client cannot ntpdate to Server1, Server2 is rejected as a source, ntpq flash=800 peer_loop)
------------------------
server Server1 true iburst maxpoll 6
server Server2 true iburst maxpoll 6
driftfile /var/ntp/ntp.drift

there are a few other solaris clients with the same config files and same problems.


I originally had the following restrict options for the servers:
restrict -4 default kod notrap nomodify noquery
restrict <interface1> mask <mask1>
restrict <interface2> mask <mask2>
restrict 127.0.0.1
restrict ::1

I removed those restrict option because I though ntpd would then just default to allow everything. 
Can anyone explain why I'm seeing the problems with these config files??


-----Original Message-----
From: questions-bounces+bailey.wu=thalesgroup.com.au at lists.ntp.org [mailto:questions-bounces+bailey.wu=thalesgroup.com.au at lists.ntp.org] On Behalf Of E-Mail Sent to this address will be added to the BlackLists
Sent: Tuesday, 5 April 2011 7:41 PM
To: questions at lists.ntp.org
Subject: Re: [ntp:questions] NTP 4.2.6p3 multicast server not visible in orphan peer to peer mode?

On 4/3/2011 6:30 PM, Wu, Bailey wrote:
> I have an isolated ntp network with 2 servers running
>  ntp 4.2.6p3. Clients run various other version of ntp.
> My problem is to do with the servers and 2 HPUX multicast client.
> The 2 servers are setup in orphan mode and are peer'd
>  with each other. While running server 1 will eventually
>  synchronise with server 2, which I guess must have the
>  better clock.
> In addition the servers are BOTH configured as multicast
>  servers to output via two network interfaces.
> The HPUX clients are connected to both the servers
> (all interfaces), so I would think the HPUX clients
>  would see 4 sources of multicast, but they do not.
> If server 1 synchronises with server 2 then the HPUX
>  clients will only see 2 server 1 sources and vice
>  versa if server 2 is sync'd with server 1.
> This means when one of the servers goes down the HPUX
>  clients are not able to select another source to
>  synchronise with.
>
> My question is whether ntp in orphan peer to peer mode will automatically disable one of the servers multicast if it is the primary server? The HPUX clients have ntp 3.5f.

I'm running 4.2.7p128 on a doz M$ Win and a few Linux.
 They all see & use each other each other via manycast,
  {even more so when they are routinely isolated from the internet,
    (but not each other, for the most part)}.

  Config(s) {at the moment, in general}:

# ---------|---------|---------| Organization NTP Clients
setvar access_policy = "NTP Manycast / Multicast LAN Client" default

statsdir /var/log/ntpstats/
driftfile /var/lib/ntp/ntp.drift
keys /etc/ntp/ntp.keys
trustedkey 1

restrict -4 default limited kod nomodify notrap
restrict 127.0.0.1
restrict -6 default limited kod nomodify notrap
restrict ::1
restrict 224.0.1.1 mask 255.255.255.255 nomodify
restrict source nomodify

tos floor 2 cohort 1 orphan 11

manycastserver 224.0.1.1
manycastclient 224.0.1.1 key 1 preempt prefer
multicastclient 224.0.1.1 key 1 preempt prefer
broadcastclient

# Organization NTP Servers
server margo.anitech-systems.net key 1 iburst preempt prefer minpoll 9 # 8min
...

# UpStream ISP Stratum 2 Servers
server ntpB.isp.invalid iburst minpoll 11 # 30min

# OS Vendor Servers
server ntp.os.invalid iburst minpoll 12 # 1hr

# Regional NTP Pool Servers
server us.pool.ntp.org iburst preempt minpoll 10 # 15min




# ---------| Organization NTP Servers, add to the above client config
setvar access_policy = "via pool.ntp.org / Multicast Server" default

tos minsane 4 minclock 6 maxclock 20 floor 1 cohort 1 orphan 11

# Other Stratum 2 Servers
server ntp1.other.invalid iburst minpoll 10 # 15min
server ntp2.other.invalid iburst minpoll 10 # 15min

# Other Stratum 1 Servers
server ntpA.isp.invalid iburst minpoll 10 # 15min
server ntp.nist.invalid iburst minpoll 10 # 15min





I intentionally didn't use pool e.g
 pool us.pool.ntp.org iburst preempt minpoll 10 # 15min
  as I didn't want them spinning up more than 1 from the pool,
  rather them filling in up to maxclock with manycasts.

-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.

_______________________________________________
questions mailing list
questions at lists.ntp.org
http://lists.ntp.org/listinfo/questions



DISCLAIMER:---------------------------------------------------------------------------
This e-mail transmission and any documents, files and previous e-mail messages
attached to it are private and confidential. They may contain proprietary or copyright
material or information that is subject to legal professional privilege. They are for
the use of the intended recipient only.  Any unauthorised viewing, use, disclosure,
copying, alteration, storage or distribution of, or reliance on, this message is
strictly prohibited. No part may be reproduced, adapted or transmitted without the
written permission of the owner. If you have received this transmission in error, or
are not an authorised recipient, please immediately notify the sender by return email,
delete this message and all copies from your e-mail system, and destroy any printed
copies. Receipt by anyone other than the intended recipient should not be deemed a
waiver of any privilege or protection. Thales Australia does not warrant or represent
that this e-mail or any documents, files and previous e-mail messages attached are
error or virus free.
--------------------------------------------------------------------------------------




More information about the questions mailing list