[ntp:questions] Three NTP servers, one strange IP-address in 'refid'

Sander Smeenk ssmeenk at freshdot.net
Tue Apr 1 18:21:32 UTC 2014


Quoting Brian Utterback (brian.utterback at oracle.com):

> >I can't find this IP, or any hostname resolving to this IP, in any of
> >my configs. So i'm inclined to go with David Woolley's comment:
> >'refids are opaque'. Opaque as that remark may be. ;-))
> The IP is coming from somewhere. When David said they are opaque he
> means in general. The refid is overloaded and has different
> interpretations under different circumstances and sometimes ntpq can
> get confused about what circumstances are currently in effect.

I'm still under the impression this is the case here, too. I ran
tcpdumps on the three nodes, not a single packet was logged while you
would expect to see a few if indeed it is uses as a sys.peer on any of
the systems. Also, as stated, the IP resolves to some DSL connection in
the US and doesn't appear to provide any NTP services.


> It would be helpful if you posted the whole "peers" output,
> particularly for dns2 and dns3.

The 'peers' output doesn't differ anything from the lpeers output.
Unobscured 'peers' output for the three follows:
(not sure why i obfuscated it in the first place)

| -- dns1 --
|      remote           refid      st t when poll reach   delay   offset  jitter
| ==============================================================================
| *tt52.ripe.net   .PPS.            1 u  197 1024  377    0.493   -0.528   0.411
| +tt12.ripe.net   .GPS.            1 u  950 1024  377   13.158    0.287   0.451
| -ntp3.tdc.fi     .PPS.            1 u 1061 1024  377   41.182    0.919   0.424
|  dns2.dns.dmz.bi 172.2.53.81      2 u  421 1024  277    0.882   -0.418   0.362
|  dns3.dns.dmz.bi 172.2.53.81      2 u  547 1024  376    1.227   -0.577   0.386
| +tt52.ripe.net   .PPS.            1 u  973 1024  377    0.549   -0.547   0.470
| 
| 
| -- dns2 --
|      remote           refid      st t when poll reach   delay   offset  jitter
| ==============================================================================
| *tt52.ripe.net   .PPS.            1 u 1040 1024  377    0.381   -0.007   0.044
| +tt12.ripe.net   .GPS.            1 u  977 1024  377   12.842    0.700   0.101
| -ntp3.tdc.fi     .PPS.            1 u  304 1024  377   40.986    1.476   0.079
|  dns1.dns.dmz.bi 172.2.53.81      2 u  508 1024  376    0.928    0.441   0.399
|  dns3.dns.dmz.bi 172.2.53.81      2 u  768 1024  376    1.030    0.250   0.206
| +tt52.ripe.net   .PPS.            1 u  911 1024  377    0.384    0.005   0.056
| 
| 
| -- dns3 --
|      remote           refid      st t when poll reach   delay   offset  jitter
| ==============================================================================
| *tt52.ripe.net   .PPS.            1 u    6 1024  377    0.653   -0.231   0.116
| +tt12.ripe.net   .GPS.            1 u  941 1024  377   13.249    0.608   0.149
| -ntp3.tdc.fi     .PPS.            1 u  221 1024  377   41.527    1.345   0.107
|  dns1.dns.dmz.bi 172.2.53.81      2 u  470 1024  377    1.161    0.544   0.382
|  dns2.dns.dmz.bi 172.2.53.81      2 u  101 1024  377    1.012   -0.241   0.178
| +tt52.ripe.net   .PPS.            1 u  742 1024  377    0.454   -0.266   0.224

Publicly reachable as ntp{1,2,3}.bit.nl.


Please note! The last three lines in the output of each server
correspond to the 'peer ...' lines in the configuration:
For example dns1 has:
peer 172.17.130.32
peer 172.17.130.33
peer ntp4.bit.nl (== tt52.ripe.net)


The IP shows up again in 'rv' output, f.e. on dns1/ntp1:
| ntpq> rv
| associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,
| version="ntpd 4.2.6p3 at 1.2290-o Tue Jun  5 20:12:08 UTC 2012 (1)",
| processor="x86_64", system="Linux/3.2.0-57-generic", leap=00, stratum=2,
| precision=-23, rootdelay=0.662, rootdisp=31.985, refid=172.2.53.81,
| reftime=d6e5793c.d1bbd451  Tue, Apr  1 2014 19:43:24.819,
| clock=d6e57d27.39cb719b  Tue, Apr  1 2014 20:00:07.225, peer=33335,
| tc=10, mintc=3, offset=-0.412, frequency=61.081, sys_jitter=0.222,
| clk_jitter=0.207, clk_wander=0.041

Since dns1/ntp1 lpeers output shows its sys.peer(*) is tt52.ripe.net
(ntp4.bit.nl, as configured) that would be the suspect for reporting
the 172.2.53.81 IP.

But the GPS-device which is connected to tt52 runs with gpsd and ntpd
uses the '127.127.tt.uu' IP-address as 'server' in the config:

| root at ntp4:~# grep 127.127 /etc/ntp.conf
| server 127.127.28.1 prefer true
| fudge 127.127.28.1 flag4 0 refid PPS
|
| root at ntp4:~# ntpq -c peers
|      remote           refid      st t when poll reach   delay   offset  jitter
| ==============================================================================
| *SHM(1)          .PPS.            0 l   42   64  377    0.000    0.000  0.001
|
| root at ntp4:~# ntpq -c rv
| associd=0 status=0415 leap_none, sync_uhf_radio, 1 event, clock_sync,
| version="ntpd 4.2.6p3 at 1.2290-o Tue Jun  5 20:12:08 UTC 2012 (1)",
| processor="x86_64", system="Linux/3.2.0-39-generic", leap=00, stratum=1,
| precision=-23, rootdelay=0.000, rootdisp=1.828, refid=PPS,
| reftime=d6e57fb1.5756107e  Tue, Apr  1 2014 20:10:57.341,
| clock=d6e57fed.a6aa0b12  Tue, Apr  1 2014 20:11:57.651, peer=49025, tc=6,
| mintc=3, offset=0.000, frequency=-19.384, sys_jitter=0.001,
| clk_jitter=0.001, clk_wander=0.000

The IP is not on ntp4 either. I haven't tcpdumped for the IP on ntp4
yet, but i would suspect it to return nothing as well.


Thanks for all the thoughts!!

-Sndr.
-- 
| This statement is false!
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2


More information about the questions mailing list