[ntp:questions] Re: NTP clients not syncing up to servers?

Danny Mayer mayer at ntp.isc.org
Wed Oct 12 03:38:21 UTC 2005


Ted Beatie wrote:
> Tom, thank you for the in-depth reply.
> 
> 
>>If ntpd finds an offset of more than 1000 seconds, it will
>>terminate itself unless "-g" is present on the ntpd command
>>line. In that case, it will make one such adjustment and will
>>terminate itself if a second such adjustment is required.
> 
> 
> I'm confused then;
> 
>   server-04:~# ps aux|grep ntpd
>   root     389  0.0  0.1  2328 2320 ?      SL   Jun13   0:05 /usr/sbin/ntpd -g
> 
> This instance of ntpd has been running since Jun13.  Shouldn't it have
> terminated by now?  (not that I want it to terminate..  what I want is
> for it to say, "ok upstream server, I think you're on crack, but I'm
> going to believe you anyway.")
> 

A look at the code seems to indicate that it exits if it exceeds the 
panic threshold unless -g is used but it only does it if it actually 
sets the clock. If the clock never gets set it will never trigger the 
condition and it will continue. I think that it never synchronized.

> 
>>Also make sure that each ntpd instance has at least 4
>>reliable, consistent, and _working_ lower-stratum servers
>>configured before you even start ntpd for the first time.
> 
> 
> What if we can't guarantee that?  The docs certainly seem to say that
> the more the better, but that only one is actually required.  Some of
> our deployments have public internet access, in which case, we can
> populate the ntp.conf file on the gateway machines with as many servers
> as we'd like.  But a fair number of our deployments don't have outbound
> internet access, and have only one internal NTP server, if even that.
> And yet, we still want at a minimum, for all of our machines to be in sync.
> 

You can guarantee that if you have control of your own machines.

> 
>>In any case, you should make no judgments about whether
>>ntpd is working properly or not until it has been running
>>for several hours, sometimes 2 days or more on a previously
>>unitialized system.
> 
> 
> This is also a problem.  Given our situation, the gateways and servers
> all get powered on at roughly the same time.  Ideally, what we would
> like is for the servers to sync up to the gateways, no matter what they
> think of the accuracy of them, just so that they are all in sync.  Then,
> if the gateways themselves get more reliable information, from internal
> or external upstream servers, that the whole system asjusts accordingly.
> 

Ted, I think that you should reverse the design of your NTP server layout.

Start with your own systems that you have total control over and set 
them up to point to stratum 1 servers that you own. Setting up your own
refclock is fairly straightforward. If you cannot do that for some 
reason then set them up to point to a bunch of internet stratum 2 
servers and get them synchronized. Then set up your gateways and portals 
to point to these servers and make sure that these are synchronized to 
your servers. This shouldn't be too hard. Then have the storage servers 
point to your gateways. Don't bother with  the customers' own NTP 
servers since you can't depend on what they are or how they're set up.

Do all this one step at a time and make sure that each piece is working 
before you take the next step.

Danny
> 		  --ted
> 
> --
> Ted Beatie                         Permabit, Inc.             ted at permabit.com
> Sr. Systems Engineer       One Kendall Sq, Cambridge, MA       +1-617-995-9317
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 




More information about the questions mailing list