[ntp:questions] Re: Problems with NTP
mayer at gis.net
mayer at gis.net
Wed Jan 19 23:21:25 UTC 2005
> I'm trying to set up an internal time-server to sync time across
> servers running time-critical apps. These servers don't need accurate
> time, they just all need to have the SAME time (to within about
> My first thought was to peer all the servers (which are an isolated
> network with no access to the internet OR our local intranet) and let
> them sort themselves out. Then it was decided that the clients that
> use these servers (which are on our intranet) need to have the same
> time as the servers.
> I built a Red Hat 9 Linux box (lets call it ELD-TERASTORE (ET) for
> that is it's name) and dual homed it to the isolated network
> and the intranet 10.202.0.0. I installed ntp on the box and set it to
> peer with our Domain Controller to get time (the DC gets time from a
> pair of GPS-based NTP boxes in the US). All this is internal, we have
> no open access to the internet.
> Here is my ntp.conf file on ET;
> server 10.202.200.15 prefer
> restrict default ignore
> restrict 10.202.200.15 noquery notrap
> restrict 127.0.0.1 nomodify
> restrict 126.96.36.199 mask 255.255.255.0 nomodify nopeer
> restrict 10.202.0.0 mask 255.255.0.0 nomodify nopeer
> driftfile /etc/ntp/drift
Why do you even have restrict lines? These are private internal
addresses. Are you trying to prevent other internal systems using
When you only have one server there is nothing to prefer.
> I have not had any experience of NTP before and I've only had time
> a brief look at the official documentation.
> Anyway, the servers in question can query my timerserver (ET) when
> ntpd service is first started. NTP on ET seems to track the time on
> the timeserver, but slowly becomes less and less accurate. Over the
> course of a day, it can drift out as much as 1-2s. At some point
> during this process, the NTP server becomes unavailable. I use
> every 10 minutes on the clients to get time from the server. This
> works fine for a while, then I start getting "no NTP server suitable
> for synchronisation found" errors.
Well what is it using for servers? If it's not using any it's own
clock will be suspect. If you only have one server then you have
problems as the clients can't assume that it's accurate and have
nothing to compare it to. There is a discussion in the twiki on
how to do isolated networks.
> When I check my logs, the clients are seeing the server as Stratum 16
> and bailing, but it works for a while first. I just don't get it.
> remote refid st t when poll reach delay
> eld-europedc1.e 10.1.216.131 2 u 49 64 377 0.294
> Anyone got any ideas?
It doesn't mean anything with just one server.
I'd recommend you use multicast (and upgrade to 4.2.0a) to serve
a large number of clients in a closed environment. That way they
will all receive NTP time packets at approximately the same time
and be very closely synched.
More information about the questions