[158099] in North American Network Operators' Group
Re: NTP Issues Today
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Nov 20 16:21:54 2012
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CAFANWtXteTFbjKRZq+r0wovnbFRb0EQuDddE0ESSHAr2E1AMFw@mail.gmail.com>
Date: Tue, 20 Nov 2012 16:21:18 -0500
To: Darius Jahandarie <djahandarie@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 20, 2012, at 4:00 PM, Darius Jahandarie <djahandarie@gmail.com> =
wrote:
> Choosing the first four servers is usually pretty straightforward:
> *.CC.pool.ntp.org
>=20
> But beyond that, I'm honestly rather curious what server selections
> are a good idea. A first thought would be an adjacent country, but
> maybe there is a benefit to picking things outside of the pool.ntp.org
> selection entirely?
>=20
> I see that Jared used *.fedora.pool.ntp.org -- I wonder if there was a
> specific reason for that or if my questions are even worth thinking
> about at all :-).
I'm by no means a time geek, but =85. i have some ideas about what you =
want and can tell you why I picked the settings I did=85
1) The 129.250 ones are my employer run clocks. It is a good idea to =
know how accurate they are.
2) The pool ones, some were default (e.g.: fedora) from my OS distro on =
the machine I took the example from. You will see freebsd, centOS and =
others based on your settings. You may even see time.apple.com if you =
are MacOS.
3) CC ntp pool were selected to provide additional clock diversity.
4) You want low jitter to your clocks. This will allow you to have an =
accurate timing source. This means don't congest that path. If you =
want something very reliable, don't run it on a server with the other =
"misc" functions you need (e.g.: DNS, etc). If it's important, dedicate =
some hardware to it. if it is of passing importance, use a fair number =
of peers.
I was playing with the OWAMP software. Having consistent clocks is =
important for that, (even if they are all off by a few ms). It can be =
fun to play with and measure things=85 =
http://www.internet2.edu/performance/owamp/index.html
5) Monitor your NTP setup periodically. You may see clocks be rejected =
or outliers. Depending on how close your clocks are, you may see a fair =
number be unusable. Take this output:
nat:~$ ntpq -n -p -c ass
remote refid st t when poll reach delay offset =
jitter
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
*129.250.35.250 164.244.221.197 2 u 507 512 377 18.883 0.196 =
18.311
+129.250.35.251 209.51.161.238 2 u 366 512 377 41.349 0.429 =
2.184
-206.57.44.17 204.123.2.5 2 u 91 512 377 35.884 -5.982 =
7.099
-4.53.160.75 209.81.9.7 2 u 5 512 377 24.250 1.522 =
1.353
+64.73.32.135 164.67.62.194 2 u 296 512 377 26.405 -0.956 =
11.244
+50.116.38.157 64.250.177.145 2 u 897 1024 377 42.978 0.685 =
1.211
-208.87.221.228 10.0.22.51 2 u 390 512 377 83.858 -2.717 =
0.814
-206.212.242.132 128.252.19.1 2 u 262 512 377 22.278 -1.640 =
1.150
+38.229.71.1 204.123.2.72 2 u 95 512 377 20.688 0.113 =
1.878
ind assid status conf reach auth condition last_event cnt
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
1 39973 961a yes yes none sys.peer sys_peer 1
2 39974 941a yes yes none candidate sys_peer 1
3 39975 9324 yes yes none outlyer reachable 2
4 39976 932a yes yes none outlyer sys_peer 2
5 39977 941a yes yes none candidate sys_peer 1
6 39978 941a yes yes none candidate sys_peer 1
7 39979 9314 yes yes none outlyer reachable 1
8 39980 931a yes yes none outlyer sys_peer 1
9 39981 941a yes yes none candidate sys_peer 1
Only 5/9 clocks are 'candidate' for usage, or the actual reference =
clock. The jitter on the reference clock is equal to the delay (!). =
This is on a business class internet link/tier, but from one of the =
'usual suspects' that offers residential services as well. I haven't =
been able to find them operating any customer accessible clocks, but =
they may exist.
My config, or one resembling it will give you a fair amount of diversity =
of clocks. Syncing to one can easily result in being lied to and =
resetting the clock as everyone observed that went back to 2000.
- Jared
