[Pool] Upgrading NTP Certain Client Gets No Repsonse

JR Richardson hubguru at gmail.com
Tue Jan 13 22:00:38 UTC 2015

Hello All,

I've been using ntp with debian packages for many years without issue but I
recently upgraded a NTP server from Debian Lenny i386 with NTP version
4.2.4p4 [debian package 1:4.2.4p4+dfsg-8lenny3] to a Debian Wheezy amd64
with NTP version 4.2.6p5 [debian package 1:4.2.6.p5+dfsg-2+deb7u1].

The NTP server is central within my architecture with many, many servers
and devices hitting it for time sync, If I had to guess about 10-20 queries
a second continuously. Almost all devices maintained time sync through the
upgrade just fine, but I have some legacy device, Cisco 7940 SIP VoIP Phone
that does not get a response from the server after a few queries.

At first I thought it was a server performance issue or configuration
limiting queries but I ran through those scenarios and ensured
configuration was not the problem, enabled restrictions to ensure limiting
was working and then disabled limiting. I also tested with a ntp query tool
and slammed the server with a thousand queries in about 5 second and got a
proper response for every query sent.

I started looking at the wireshark captures and the queries from the cisco
phones were definitely hitting the server without a response. I tried to
enable debug mode in ntpd but it complained that debug flag was not
compiled in the binary. I then tried to compile ntp from latetest stable
4.2.8 source but it errors out with (undefined reference to
`arc4random_buf') so I'm not sure what to do next to identify the root
cause of why the newer ntp server will not respond to the cisco phone
request after 3 or 4 queries. I point the phones back to the old ntp server
and it responds without issue.

I can offer ntp.conf config and pcap of failed queries and good queries if
needed. Another thing I can mention is the Cisco phone query rate is every
10 minutes normal and if no response from the ntp server the phone query
rate jumps to every 10 seconds. The queries from the Cisco phone also have
no useful data set in the flags, all fields either '0' or 'NULL' except for
Originate Time Stamp which seems to be a month old or form JAN 1 1970.

Any guidance is appreciated.


JR Richardson
Engineering for the Masses

