[ntp:hackers] Re: NTP and leap-seconds

Tim Shoppa shoppa at trailing-edge.com
Sun Jul 2 17:42:14 UTC 2006

"David L. Mills" <mills at udel.edu> wrote:
> The usual behavior is that servers do not realize a leapsecond is 
> pending, either because they have not been told using ntpdc or the 
> radios or drivers do not implement the warning. So the code sifts from 
> among the (usually) three survivors of the mitigation algorithms and 
> sets the leap if one or more show leap. You suggestion would change that 
> to require two out of the three to set the leap. What if there are only 
> two survivors?

Now, if we have four stratum 2 server that each get time from 4
of 16 independent stratum 1's, and a hundred stratum 3 servers that
each get time from the four stratum 2's, AND a single stratum 1
mistakenly gives a leapsecond pending for a while, then a single stratum
2 will get "infected" and then you can end
up with a hundred stratum 3's thinking that there's a leapsecond pending
as a result of a single mistaken stratum 1.

> The most reliable and secure solution to the false alarm problem is to 
> run Autokey and use the leapsecond table as distributed from the primary 
> servers.

It may be profitable to distribute this table without having to resort
to Autokey etc. Not that Autokey is bad or even difficult but it's not
commonly set up.


More information about the hackers mailing list