[ntp:questions] Re: Questions and ruminations regarding NTPD 4 config and XP's bad behavior.

Richard B. Gilbert rgilbert88 at comcast.net
Sat Jan 15 01:45:15 UTC 2005

elickd at one.net wrote:

>I should have added that I'm so concerned about the XP machines showing
>up as stratum 4 servers is because our entire NTP server "chain"
>appears to have enough instability that our stratum 3 servers may have
>the chance to drop to stratum 4 and start peering with them.
>The ntp1-4 boxes are constantly changing which of the stratum 2 servers
>they're syncing with.  The two stratum 2 servers appear to be doing the
>same with the stratum 2 servers.  I have seen the stratum 3's drop to
>4, sync with rogue machines in the network, .etc.
>Normally I wouldn't be bothered with the s3 servers peering with
>eachother, except that none of them ever seem to sync with the s2
>servers on the same network; their offset forever hunts back and forth
>as they dance around in a sync loop of sorts.  Also, from time to time,
>I'll see both of our stratum 2 and a couple stratum 3 servers
>simulataneously drop to 16 from time to time; with their clocks fudged
>to 10, all hell breaks loose.
>The best I can tell is that because we only have 2 stratum 2 servers,
>the s3 servers can never "decide" which is accurate and therefore waver
>about.  I suspect the stratum 2 servers are behaving the same way if
>they truely only have 2 stratum 1 sources as well.
>The SCO machines I have to maintain (which use ntpdate for time
>updates, unfortunately) get bad information at random and wind up with
>massive time errors.
>The bottom line is that our ntp servers are keeping a very large list
>of XP boxes as machines to peer with; this is unacceptable.
>Mind you, I do not have the authority to make changes, so I must
>persuade others to change things; in this context, simple fixes are
>best.  Telling them that our entire NTP system is a turd and we need to
>implement full authentication won't garner much assistance.
Well, try to start by configuring the stratum two servers to use a 
minimum of three stratum one servers; four is very much better than 
three!  Ideally the stratum two servers should not be using the same set 
of stratum one servers; each server should have at least one unique 
source.   Next, having two stratum two servers is a poor idea.  One is 
okay, three are good and four are better still.    The three or four 
servers should peer with each other.

Usable stratum one servers can be very hard to find; there are a couple 
of hundred public stratum one servers but most of them will be so far 
away as to render them more or less useless!  The servers closest to you 
in net space may be badly overloaded.  If you are forced to use network 
servers, select servers with low round trip delays.

One possible solution is to operate your own stratum one server; $300 -- 
$500 US will buy a GPS timing receiver and antenna.   If you can site 
the antenna where it will have an unobstructed view of the entire sky 
you have a solid source of time and a stratum one server of your very own.

I question the need for stratum three servers.  Unless your network has 
several thousand nodes requiring time service, I'd suggest configuring 
all clients to get time from all three or four of the stratum two servers.

As long as your Windows XP boxes are at a stratum higher than your 
servers, they are not peering with your servers!    Peer n: "A person 
who has equal standing with another as in rank, class, or age." (The 
American Heritage Dictionary, Second College Edition).   Peering between 
NTP servers does not just happen; peers must configure each other as 
peers and only servers at the same stratum are eligible!!!

If you cannot persuade the rest of the world to reform and if you have 
the $300--500 US to spend, you can set up your own stratum one server 
and ignore them!  Build and configure NTP on your SCO boxes and point 
them to your very own stratum one server!

More information about the questions mailing list