[193080] in North American Network Operators' Group
Re: Recent NTP pool traffic increase
daemon@ATHENA.MIT.EDU (Gary E. Miller)
Sat Dec 17 21:11:23 2016
X-Original-To: nanog@nanog.org
Date: Sat, 17 Dec 2016 17:54:55 -0800
From: "Gary E. Miller" <gem@rellim.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Sig_/HZN9ODJTipBMl5q661EYaju
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Yo All!
Someone on nanog was reporrting on the new NTP mystery. He suggested
doing a dump similar to this:
# tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
And I do indeed get odd results. Some on my local network...
This is from a chronyd host to an ntpsec host. I monitor them both
continuously and both seem to be keeping good time.
17:36:11.369329 IP (tos 0x0, ttl 64, id 21405, offset 0, flags [DF], proto =
UDP (
17), length 76)
204.17.205.7.50937 > 204.17.205.27.123: [udp sum ok] NTPv4, length 48
Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unsp=
ecifi
ed), poll 6 (64s), precision 32
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (uns=
pec)
Reference Timestamp: 0.000000000
Originator Timestamp: 3691013707.207257069 (2016/12/17 17:35:07)
Receive Timestamp: 276521666.321684728 (2044/11/11 10:02:42)
Transmit Timestamp: 3684123061.899235956 (2016/09/29 00:31:01)
Originator - Receive Timestamp: +880475255.114427658
Originator - Transmit Timestamp: -6890645.308021113
That 'Receive Timestamp' is strange.
Here is another one from the same chronyd host, to another ntpsec host:
17:36:23.395415 IP (tos 0x0, ttl 64, id 3599, offset 0, flags [DF], proto U=
DP (1
7), length 76)
204.17.205.7.33551 > 204.17.205.1.123: [udp sum ok] NTPv4, length 48
Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unsp=
ecifi
ed), poll 6 (64s), precision 32
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (uns=
pec)
Reference Timestamp: 0.000000000
Originator Timestamp: 3691013718.824150890 (2016/12/17 17:35:18)
Receive Timestamp: 1779216017.648483479 (2092/06/24 18:08:33)
Transmit Timestamp: 1405803137.064633429 (2080/08/24 20:20:33)
Originator - Receive Timestamp: -1911797701.175667410
Originator - Transmit Timestamp: +2009756714.240482539
Note both the 'Receive Timestamp' and 'Transmit Timestamp' are both strange.
All three hosts have GPS for local time.
Here is one from a laptop, running chrony, that has not GPS:
17:36:52.643814 IP (tos 0x0, ttl 64, id 24624, offset 0, flags [DF], proto =
UDP (
17), length 76)
204.17.205.21.41485 > 204.17.205.8.123: [udp sum ok] NTPv4, length 48
Client, Leap indicator: (0), Stratum 0 (unspecified), poll 6 (64s)=
, pre
cision 32
Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (uns=
pec)
Reference Timestamp: 0.000000000
Originator Timestamp: 3691013747.797479298 (2016/12/17 17:35:47)
Receive Timestamp: 317494016.811980062 (2046/02/28 15:15:12)
Transmit Timestamp: 127487236.597620268 (2040/02/21 11:35:32)
Originator - Receive Timestamp: +921447565.014500764
Originator - Transmit Timestamp: +731440784.800140969
I have only seen this oddity from chronyd hosts...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem@rellim.com Tel:+1 541 382 8588
--Sig_/HZN9ODJTipBMl5q661EYaju
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJYVexvAAoJEA0O2UlB0XnYHCUH/RPZoLyCG9Nfxfk0wCvsSwCi
KMwzdDPFlElWs6zkEfhySDGi8v/tfLiLqBB404TG39APyWc+/IAnkAwlCwQRYKom
yawoJWVPcHSh7amTHA0qk+rxIW6XLwcTKtZNeuNxHRIrMtMchD6gLjRO2+zo7efq
E+VyeH2ZbsKdGqYF3Ymy3Ft+qqNTmElaZBOj4K38rcvTjP634JevPphXXlFhXKAI
qh2FHDSNEJjTXiZrpy2ymA+gNzoHgsp3OjV3RmHKfEDbjctrOFhxOsvxEaOW/trD
OKXJEcNzjW6X3QcGgW18I1hHhdgh1/BIwC1BvmITZFWne1/iI9hxPAZOYGrDWkA=
=P/5w
-----END PGP SIGNATURE-----
--Sig_/HZN9ODJTipBMl5q661EYaju--
