[ntp:questions] How should an NTP server fail?

David Woolley david at ex.djwhome.demon.invalid
Sat Jun 5 09:13:18 UTC 2010

goofyzig wrote:
> Hi there.  A quick question about what to expect when it comes to NTP
> failures.  I configured a Meinberg NTP server (software-based server),

Meinberg don't do a software NTP Server, although they do do a Windows 
installer for the, University of Delaware, reference implementation of ntpd.

> had it working, serving time to the back-end hosts,  Reachability at
> 377 for its two NTP upstream time sources (internet NTP servers).
> Once configured, I wanted to see how the server failed.
> My expectation was that once Reachability went to zero, the server
> would stop serving time since it no longer has a source itself.  So I
> blocked port 123 UDP/TCP at the firewall, and sure enough,
> Reachability for the two upstream sources slowly wound down from 377
> to zero.  However, once Reachability got to zero, the Meinberg NTP

I think there have been bugs of that nature.  Which version of the ntpd 
code are you using?

> server CONTINUED to serve time, and CONTINUED to say that each of the
> two upstream servers were believable, as if it was still getting time
> from them (but it was not).  I confirmed the drops at the firewall.

Could you please include the ntpq peers, assoc and rv output.  You will 
  need to use the association id's in the rv sub-command to get details 
for the indvidual upstream servers.

Note that, if you have a local clock defined, which you should only do 
after due consideration, the server will never stop serving the time 
with a valid stratum.

> The Reachability was at zero, so I know the Meinberg software was not
> getting NTP time from anywhere.  Yet, it kept serving NTP time to its
> back-end hosts, and kept saying that ach of the two upstream servers
> were good (one colored green, the other yellow, with the * and the +
> signs next to them).   After 5 hours of zero Reachability, nothing
> changed.

That sounds like the ntpq peers output, although the standard ntpq 
doesn't colour code.
> So my question is:  how long does it take before the Meinberg server
> declares itself in a "failed" state and stop serving NTP?  Is that how
> it's supposed to work?  I looked all over the Meinberg site and could

As I said it is not Meiberg's ntpd implementation.  You want to use 

> not find any forum or literature regarding how the NTP server is
> expected to fail.  Maybe Im missing a setting?  Thanks for any
> help!!! :)

The correct behaviour is described in the draft NTP v4 RFC 

The output stratum should go to 16 before the reachability hits zero, 
and I'd also expect the sys.peer and selected flags to drop as well. 
However this is a fiddly area, and I'd have to double check the code and 
draft RFC.

More information about the questions mailing list