[ntp:questions] The libntp resumee...
david at ex.djwhome.demon.co.uk.invalid
Fri Sep 5 21:50:39 UTC 2008
Kay Hayen wrote:
> External NTPs <-> 2 entry hosts <-> 8 other hosts.
> And iburst and minpoll=maxpoll=5 to improve the results.
If these External NTPs really are external, i.e. not owned by you, do
not do this without explicit permission from their owners. There is a
real risk of countermeasures if you don't. These may result in poor
time or no time. Generally polling with anything less than the default
MINPOLL and MAXPOLL can be considered abusive and polling with a MAXPOLL
less than the default MINPOLL will trigger countermeasures in any system
configure to apply them.
> Currently we observe that both entry hosts can both become restricted due to
> large offsets on other hosts, so they become restricted and that will make
> the software refuse to go on. Ideally that would not happen.
I've never triggered countermeasures (kiss of death), but I have a
feeling that that is what you will observe on an NTP client that is too
old to recognize the warning it will get from the server.
If you are not subject to countermeasures, you have something very very
broken if you reach the 1000s drop dead point. You should be worried,
but it can happen legitimately, if you exceed the 128ms step threshold.
> I will try to formulate questions:
> When the other hosts synchronize to the entry hosts of our system, don't the
> other hosts ntpd know when and how much these entry hosts changed their time
> due to input?
You seem to be under the misapprehension that ntpd makes step changes on
each measurement. It actually makes slow adjustments to effective
frequency and rate of change of frequency based on s signficant number
of preceding measurements (Unruh: I'm over-simplifying both the 8 step
filter and the low pass loop filter here).
> Would NTP would be more robust if we would configure routing on the entry
> hosts, so that they can all speak directly with the external NTPs on their
Ask permission from the owners of the external hosts before doing this,
as it increases the load you impose. Also, it is likely to result in
larger offsets between machines.
> Is the use of ntpdate before starting ntpd recommended and/or does the iburst
> option replace it?
ntpdate is deprecated. -g is the nearest equivalent function in ntpd.
More information about the questions