[ntp:questions] Re: Questions and ruminations regarding NTPD 4 config and XP's bad behavior.

mayer at gis.net mayer at gis.net
Wed Jan 19 22:52:11 UTC 2005


elickd at one.net wrote:
> I should have added that I'm so concerned about the XP machines
showing
> up as stratum 4 servers is because our entire NTP server "chain"
> appears to have enough instability that our stratum 3 servers may
have
> the chance to drop to stratum 4 and start peering with them.
>
That's most unlikely. Either they use servers or peers. If they peer
they must be at the same stratum level.

> The ntp1-4 boxes are constantly changing which of the stratum 2
servers
> they're syncing with.  The two stratum 2 servers appear to be doing
the
> same with the stratum 2 servers.  I have seen the stratum 3's drop to
> 4, sync with rogue machines in the network, .etc.
>

If this is being done with Microsoft's SNTP, it's broken and you
should avoid using it.

> Normally I wouldn't be bothered with the s3 servers peering with
> eachother, except that none of them ever seem to sync with the s2
> servers on the same network; their offset forever hunts back and
forth
> as they dance around in a sync loop of sorts.  Also, from time to
time,
> I'll see both of our stratum 2 and a couple stratum 3 servers
> simulataneously drop to 16 from time to time; with their clocks
fudged
> to 10, all hell breaks loose.
>
16 means that you are not getting any valid packets from it. Things
shouldn't go crazy just because it can't synch to anything. It will
just use the current time adjustment settings and continue until it
it regains connectivity.

> The best I can tell is that because we only have 2 stratum 2 servers,
> the s3 servers can never "decide" which is accurate and therefore
waver
> about.  I suspect the stratum 2 servers are behaving the same way if
> they truely only have 2 stratum 1 sources as well.
>

You don't have S3 servers, per se, you have clients of s2 servers
(maybe). You never use just two. Use at least 3 and preferably 4.

> The SCO machines I have to maintain (which use ntpdate for time
> updates, unfortunately) get bad information at random and wind up
with
> massive time errors.
>
Why are you using ntpdate instead of ntpd? It's not keeping their
clocks accurate.

> The bottom line is that our ntp servers are keeping a very large list
> of XP boxes as machines to peer with; this is unacceptable.
>

Servers only keep lists of clients for tracking purposes and you
shouldn't be peering with the XP boxes just providing time service.

> Mind you, I do not have the authority to make changes, so I must
> persuade others to change things; in this context, simple fixes are
> best.  Telling them that our entire NTP system is a turd and we need
to
> implement full authentication won't garner much assistance.
>

It's not authentication that's your problem it's the design of
your NTP network.

Danny
> Doug




More information about the questions mailing list