[ntp:questions] what is refid in ntpq -pn

Hans Mayer hans.mayer.08 at gmail.com
Sat May 13 19:46:28 UTC 2017



On 7 May 2017, at 00:12, Steven Sommars <stevesommarsntp at gmail.com> wrote:
> If using the IPv6 address family, it is the first four octets of the MD5 hash of the IPv6 address.

OK, now I understand, this makes sense. I am using dual stack on my application server as well as on all ntp server. And I am using DNS names in ntp.conf. I see similar refid's because all my application server have identical 4 ntp upstream server.

But hard to verify. Has somebody a tool to convert an IPv6 in usual notation to change into  32 hex-chars without ":" character ? 

On 8 May 2017, at 06:50, Brian Inglis <Brian.Inglis at SystematicSw.ab.ca> wrote:
>	ntpq -wp localhost remotehost

Many thanks. This I didn't know. It's similar to "ntptrace" but more detailed. 

On 9 May 2017, at 09:35, Harlan Stenn <stenn at ntp.org> wrote:
> If you're trying to backtrace the timing chain, use 'ntpq -c apeers' and then feed the association ID to: 
> ntpq -c 'rv XXXX'
> to get the srcadr for that association.

Yes, you are right. I see  the same "IPv4" address as refid. But now I know it's a MD5 hash. But here it could be shown as real IPv6. There is enough space. 


Many thanks for all replies.

// Hans



================= 



Dear All, 

I always thought "refid"  for command "ntpq -pn" shows the next upstream server for the remote server listed below "remote". But now I have my concerns. 

Lets explain my situation: 
I have 4 application server. Lets call them a1 till a4. And I have 4 internal ntp server ntp1 till ntp4. These are stratum 2 server. All of them ( appl and ntp ) are running  ntp version 4.2.8p10
Each application server has 4 server config lines and 2 peer config lines in ntp.conf. 
The 4 lines with server are my 4 ntp server ntp1 till ntp4 and the peer lines are the neighbours. For example a2 has a peering with a1 and a3. I call it the neighbours. And so on until the loop is closed. 

If I check with ntpq -pn I see 6 lines for each application server. The lines where ntp1 till ntp4 are listed have as "refid" IP addresses which are typical one of my own stratum 1 server or an external one, but with well known IP. 

And now the mystery. The lines where the neighbours ( for example a1 and a3 ) are listed shows as "refid" complete foreign IP addresses. I checked these IP's in the peerstats file of the application server but can't find it. I can't find it in the ntp server too. So where is it coming from ? 

Actually it can never be happen that a neighbour has a different group of entries. As each neighbour has the same upstream server and the same neighbours. 

Currently I see the following IP's:  238.250.161.4 187.182.182.166 51.9.218.133 
If I query with ntpdate or ntpdig none of them is coming back with a time information ?

If I look for unique IP addresses in the peerstats file of the last 10 days I have exactly 6 items. And all of them belong to my network. 

I am not new to ntp. I did deal  a lot with ntp. But this is a mystery for me. 

Any hint or tip is welcome how-to dig deeper in this issue. 


Kind regards 
Hans 





More information about the questions mailing list