[ntp:questions] The libntp resumee...

David Woolley david at ex.djwhome.demon.co.uk.invalid
Fri Sep 5 21:50:39 UTC 2008

Kay Hayen wrote:
> External NTPs <-> 2 entry hosts <-> 8 other hosts.
> And iburst and minpoll=maxpoll=5 to improve the results.

If these External NTPs really are external, i.e. not owned by you, do 
not do this without explicit permission from their owners.  There is a 
real risk of countermeasures if you don't.  These may result in poor 
time or no time.  Generally polling with anything less than the default 
MINPOLL and MAXPOLL can be considered abusive and polling with a MAXPOLL 
less than the default MINPOLL will trigger countermeasures in any system 
configure to apply them.

> Currently we observe that both entry hosts can both become restricted due to 
> large offsets on other hosts, so they become restricted and that will make 
> the software refuse to go on. Ideally that would not happen.

I've never triggered countermeasures (kiss of death), but I have a 
feeling that that is what you will observe on an NTP client that is too 
old to recognize the warning it will get from the server.

If you are not subject to countermeasures, you have something very very 
broken if you reach the 1000s drop dead point.  You should be worried, 
but it can happen legitimately, if you exceed the 128ms step threshold.
> I will try to formulate questions:
> When the other hosts synchronize to the entry hosts of our system, don't the 
> other hosts ntpd know when and how much these entry hosts changed their time 
> due to input? 

You seem to be under the misapprehension that ntpd makes step changes on 
each measurement.  It actually makes slow adjustments to effective 
frequency and rate of change of frequency based on s signficant number 
of preceding measurements (Unruh: I'm over-simplifying both the 8 step 
filter and the low pass loop filter here).

> Would NTP would be more robust if we would configure routing on the entry 
> hosts, so that they can all speak directly with the external NTPs on their 
> own?

Ask permission from the owners of the external hosts before doing this, 
as it increases the load you impose. Also, it is likely to result in 
larger offsets between machines.
> Is the use of ntpdate before starting ntpd recommended and/or does the iburst 
> option replace it?

ntpdate is deprecated.  -g is the nearest equivalent function in ntpd.

More information about the questions mailing list