[nSLUG] Why is ntp so terrible?

D G Teed donald.teed at gmail.com
Fri Mar 10 09:35:32 AST 2017


I have a script to connect with some of the machines and run date.

Here is what I see:
Fri Mar 10 08:49:49 AST 2017
Fri Mar 10 08:49:52 AST 2017
Fri Mar 10 08:49:51 AST 2017
Fri Mar 10 08:49:52 AST 2017
Fri Mar 10 08:49:51 AST 2017
Fri Mar 10 08:49:53 AST 2017
Fri Mar 10 08:49:51 AST 2017
Fri Mar 10 08:49:51 AST 2017
Fri Mar 10 08:50:45 AST 2017
Fri Mar 10 08:49:54 AST 2017
Fri Mar 10 08:49:54 AST 2017
Fri Mar 10 08:49:54 AST 2017
Fri Mar 10 08:49:55 AST 2017
Fri Mar 10 08:48:16 AST 2017
Fri Mar 10 08:50:08 AST 2017
Fri Mar 10 08:49:54 AST 2017
Fri Mar 10 08:49:50 AST 2017
Fri Mar 10 08:49:53 AST 2017
Fri Mar 10 08:49:57 AST 2017
Fri Mar 10 08:49:56 AST 2017
Fri Mar 10 08:49:57 AST 2017
Fri Mar 10 08:49:56 AST 2017
Fri Mar 10 08:49:57 AST 2017
Fri Mar 10 08:49:34 AST 2017
Fri Mar 10 08:49:56 AST 2017
Fri Mar 10 08:50:34 AST 2017
Fri Mar 10 08:49:56 AST 2017

That might be somewhat accurate enough at this time, but it isn't dead on.
I could expect the seconds to advance by a little as the script runs, but
that isn't the nature of this inaccuracy.

ntpq -p on the main ntp server which I will call ntp.example.com:

# ntpq -p
     remote           refid      st t when poll reach   delay   offset
 jitter
==============================================================================
*time12.nrc.ca   132.246.11.233   2 u  178 1024  377   19.666    0.291
0.620
+time1.chu.nrc.c 209.87.233.52    2 u  254 1024  377   46.781    3.205
8.099

The ninth entry in the list has the time in the sample as 08:50:45

Here is ntpq -p run on the 9th system with 8:50:45:

# ntpq -p
     remote           refid      st t when poll reach   delay   offset
 jitter
==============================================================================
 ntp.example.com  .INIT.          16 u    - 1024    0    0.000    0.000
0.000

This system is Redhat 6.  Here is the config:

driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server ntp.example.com
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys


One thing I am looking into is IPV6.  This is enabled on the main ntp server
and I notice the systems where IPv6 has been disabled seem to have
consistent
time.  The others may have attempted IPv6 connections and failed due
to firewall on IPv6 being blocked for most services.  I have changed the
firewall
on the central ntp server to allow IPv6 connections with udp 123 - maybe
this
will improve the outcomes.



On Thu, Mar 9, 2017 at 10:20 PM, <billdavidson at eastlink.ca> wrote:

> I work in an enterprise environment with literally tens of thousands of
> Linux hosts, all running ntpd, and all have their clocks synced to within
> milliseconds.  I can directly compare logs on client and server hosts and
> everything agrees.  What are you seeing in NTP logs on your LAN hosts?
> What does ntpq tell you?
>
> I have certainly seen the effects of clock skew.  A while ago we rolled
> out some new hosts in a DMZ subnet, which is largely isolated from our
> intranet.  They connected to a new dedicated NFS filer, which had a bad NTP
> configuration (actually a missing firewall rule so the filer couldn't
> connect to its NTP master).  As a result the time on the filer eventually
> drifted, which made time stamps on files several minutes in the future,
> which broke our processes which depended on those time stamps.  It was a
> mess.
>
> On Mar 9, 2017 8:58 PM, D G Teed <donald.teed at gmail.com> wrote:
>
>
> So we have a LAN, with one system designated as the ntp server.
> It is set to sync time to a couple of stratum 2 sources.  All other servers
> name the local ntp server on the LAN as the ntp source.  After a few weeks
> we notice the time everywhere is different.  Some are doing OK, others
> are off by quite a few minutes or maybe only 5 minutes.  It doesn't matter
> so much that we have the time synced with the NRC atomic clock,
> but that time within the LAN is tight.  Services like drive mappings
> fail without that feature.
>
> I feel like we could do better running no daemon on the bulk of the systems
> and simply cron ntpdate (yeah, deprecated - whatever) to run 4 times a day.
> The current ntp performance isn't much worse than not running ntp
> and just relying on the system clock.
>
> I normally don't do anything special when installing ntpd.  I use
> the default setting in the conf except I customize the server line
> to use my local ntpd.
>
> Is anyone else feeling ntp is not performing as designed?
>
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170310/406a3784/attachment.html>


More information about the nSLUG mailing list