[ntp:questions] multicast configuration help

Danny Mayer mayer at ntp.isc.org
Thu Nov 30 15:17:03 UTC 2006


Collins Williams wrote:
> Hello Danny-
> 
>  Thanks for the help!  I have a few questions in-line
> 
>    Collins
> 
> On 11/23/06, *Danny Mayer* < mayer at ntp.isc.org
> <mailto:mayer at ntp.isc.org>> wrote:
> 
>     Collins wrote:
> 
>     > Can any one direct me as to how to get a client to listen to a
>     > multicast group address without sending any traffic?  I have attached
>     > the ntp.conf files for working and nono-working scenarios
>     >
> 
> 
> Is there a way to what I mentioned above?

Just disable authentication. Just be warned that means you accept any
multicast packet that you receive from any node sending multicast
packets, unless you restrict them.

>     > client: (Does not work)
>     > broadcastclient 224.0.1.1 <http://224.0.1.1> novolley
> 
>     This is invalid. broadcastclient can only take one optional argument -
>     novolley. The server, is in any case, multicasting so this won't
>     receive
>     packets anyway.
> 
> 
> I'm sorry for my ignorance but what form do the frames sent by the
> broadcast server take?

It's just an NTP packet with broadcast mode set.

> What is the source address?
> 
>> restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap

That makes no sense. You only restrict the source, not the destination.
If you know the source address you can restrict how or whether you
accept packets and respond to them (if appropriate).

>> disable auth
>> driftfile /etc/ntp/drift
>> broadcastdelay  0.008
> 
>     Do you know why you put this in? Do you have a measure of broadcast
>     delay?
> 
> 
> I believe someone did measure the path from our server to our client in
> our test environment
> 

I find that highly unlikely. I see people put in that value all the time.

>     > logfile /var/ntp.log
>     >
>     > client:(works)
>     > multicastclient          224.0.1.1
>     > restrict 224.0.1.1 mask 255.255.255.255 notrust nomodify notrap

Same as above, this is invalid.

> 
>     This should work.
> 
> > server:
> > restrict 124.101.91.221 nomodify notrap noquery

Does it really need to restrict this one system? Restrictions apply to
the sender of a packet not the recipient address.

> > server 127.127.1.0 #local clock
> > broadcast 224.0.1.1 ttl 5 #key 1 ttl 5

Why are you setting ttl to 5? That's a large number of hops. If it's the
local LAN only you are unlikely to need a ttl larger than 1. The ttl is
really a hop count rather than a ttl.

> > disable auth
> > driftfile /etc/ntp/drift
> > broadcastdelay  0.008

You don't need this on the server sending packets as it's not receiving
broadcast/multicast packets in your case.

> > authenticate no

This should be flagged as an error as there is no such configuration
command.

> > logfile /var/ntp.log
> > keys            /etc/ntp/keys

If you are not doing authentication you don't need this line.

> 
> So I guess the question I should be asking is how to configure the
> server  as a broadcast server? 

See above.

Danny




More information about the questions mailing list