[ntp:questions] Clarification Required about NTP

Danny Mayer mayer at ntp.isc.org
Fri Feb 6 13:26:23 UTC 2009


Dave Hart wrote:
>> *Clarification Required is*  On this situation whether i need to restart
>> the ntp ser
>> ver or it will automatically
>> take care NTP Server IP Address changes
> 
> It depends.  Older versions of ntpd listen on all interfaces
> automatically by not binding the listening UDP 123 socket to a
> particular address.

This is not correct. ntpd binds to all addresses even on older versions
of ntpd v4.

  Newer ntpd, at least on some platforms,
> enumerates interfaces/addresses and listen (or don't) on each
> individually, watching for addresses' interfaces to come up or go down
> and adjusting.

See above. For those addresses marked disabled ntpd will accept the
packet on the interface and throws it away but it will always listen and
receive the packets.

  The -U <seconds> command liine option configures the
> timeout between scans for interface changes.  You may have ntpd syslog
> messages telling you which addresses it is binding to:
> 
> 5 Feb 02:23:37 ntpd.exe[6224]: Listening on interface #0 wildcard,
> 0.0.0.0#123 Disabled
> 5 Feb 02:23:37 ntpd.exe[6224]: Listening on interface #1 Loopback
> Interface 1, 127.0.0.1#123 Enabled
> 5 Feb 02:23:37 ntpd.exe[6224]: Listening on interface #2 IP Interface
> 2, 192.168.1.2#123 Enabled
> 
>> and if its takes automatically
>> then how much
>> time its take to sync with configured ntp Server
> 
> If your ntpd is listening on specific addresses you can use the -U
> <seconds> command liine option which configures the timeout between
> scans for interface changes.
> 
> But I would suggest you step back and reconsider your time
> synchronization tree design.  ntpd clients keep state about the
> servers they are configured to use, though the servers do not keep
> state about the clients.  While it is possible to configure a single
> IP address which is moved around in a fault-tolerant way between
> servers as your time source, it does not make sense in my opinion.
> Clients would have no way to know the servers have handed off the IP.

The real problem is far worse. An address that moves from server to
server is resulting in NTP packets with different and unrelated clock
information since they are coming from different servers. It will cause
ntpd to see the packets as unreliable (I'm using a polite term here) and
mark the server as a poor provider of NTP packets. We won't even talk
about what this would do to autokey. BTW I wouldn't describe this IP
address as being fault-tolerant, at least for NTP; it's actually the
opposite for NTP.

Danny

> Instead, consider configuring all three servers fixed IPs as time
> sources in each client.  Four would be even better, as it would allow
> the clients to detect a "falseticker" server by comparing with the
> others.  The traffic and CPU load of ntp are quite marginal, and the
> clients would handle the selection of time source automatically using
> normal NTP algorithms.  Save the fancy failover for applications that
> can benefit from it.
> 
> Cheers,
> Dave Hart



More information about the questions mailing list