[ale] possibility of running an NTP server
Ron Frazier
atllinuxenthinfo at c3energy.com
Thu Jan 12 13:08:28 EST 2012
Hi all,
I wanted to post a followup message to this topic and share some info I
learned about configuring the NTPD service as a time sync client on
Linux. Thanks for all the replies to my message and I may respond
individually to them as well.
Well, I guess I'm not going to be running a public NPT server because I
cannot meet all the following criteria:
1) Need a static IP - FAIL. I guess DynDNS service isn't good enough.
2) Need permanent internet connection - Quasi PASS. My internet
connection is always on as long as I pay for it, which will probably be
most of my life, except during power failures.
3) Need to set up 5 servers - FAIL. No way was I thinking of going to
THAT much trouble.
However, I've got my Linux machines syncing with the outside world nicely.
Here's a partial output of my latest check on the status of NTPD on this
machine:
ron at asus-k52f-1:~$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*nist1-ny.ustimi .ACTS. 1 u 479 2048 377 57.875 -6.680 9.199
Now THAT is a pretty sight. My PC's clock is only 6.7 milliseconds off
from NIST (National Institute of Standards and Technology) (
http://www.nist.gov/index.html ) time. WAIT, it lost 4 milliseconds over
night. I'm going to be late for lunch! Just kidding. 8-) Actually, I
just want the PC to meet the same standards as my radio controlled
clocks. That is, accuracy of +/- .5 (or maybe .49) seconds between
syncs. So, 6.7 milliseconds is GREAT. As long as it doesn't exceed 499,
I'm happy.
The hardest or most tedious part of configuring the daemon was actually
picking the time servers to sync with. Yes, I know about the NTP pool,
but there are a few little quirks involved in even using that, which
I'll get to. However, I wanted to pick some good main geographically
dispersed servers by hand and use the pool as a backup. I'm also using
several options in the NTPD setup which were not there by default when I
installed NTP.
Here's where you can get lists of servers:
From NTP.ORG:
Servers Home Page - http://support.ntp.org/bin/view/Servers/WebHome
Stratum 1 Servers -
http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
Stratum 2 Servers -
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers
Once you find a server, you can click on it to find it's access
requirements and rules. While many NIST servers are on the Stratum 1
list, they also have their own list. Some of the servers on the NIST
list may not be on the NTP.ORG list (although I didn't take time to
check them all).
From NIST:
NIST Time and Frequency Division - http://www.nist.gov/pml/div688/
NIST Internet Time Service - http://www.nist.gov/pml/div688/grp40/its.cfm
NIST Server List - http://tf.nist.gov/tf-cgi/servers.cgi
Finally, at the bottom of this message, I've copied a NIST list from the
directory of the NIST client software I have installed in Windows. It
gives some additional information about which servers are recommended
for new users.
From NTP POOL:
http://www.pool.ntp.org/en/use.html
http://www.pool.ntp.org/zone/north-america
http://www.pool.ntp.org/zone/us
Once you've installed NPT and selected some servers, you can go about
setting up the configuration for NTPD. On my Ubuntu installation, the
NTP configuration is in /etc/ntp.conf . You can do man ntp.conf at a
terminal to get info on the options. Here is a representative sample of
my ntp.conf file, showing only some of the parts where I select the servers.
--------------------------------------------------------------------------------------
# NIST State of Washington
server time-nw.nist.gov prefer minpoll 8 maxpoll 11 iburst
# California
server clock.develooper.com minpoll 8 maxpoll 11 iburst
# Use servers from the NTP Pool Project.
server 0.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
# Use Ubuntu's ntp server as a fallback.
server ntp.ubuntu.com minpoll 8 maxpoll 11 iburst
--------------------------------------------------------------------------------------
There are 5 unique things about my ntp.conf file I want to explain, none
of which were the default configuration. They are: the prefer, minpoll,
maxpoll, and iburst commands; and also the structure of the pool server
names. Also note that I've added extra white space to make it more readable.
The PREFER keyword tells NTPD that I want to always use the NIST server
for my syncing (as long as it is functioning properly.) This prevents
the daemon from "clock hopping" due to small variations in the response
of the various servers. If the NIST server fails, it can revert to the
others for backup. On my systems at home, each computer is set to PREFER
a different server. That keeps any one NIST machine from seeing too many
queries from my one public internet address.
The NPTD daemon polls the internet servers at a quick interval first to
establish the original correction factors for the system clock. Then, as
it fine tunes the setup, it polls at longer and longer intervals while
still maintaining good clock accuracy. These intervals are set by the
MINPOLL and MAXPOLL keywords.
The way these work is not obvious. MINPOLL is the minimum polling
interval for a given server, but it is not listed directly in seconds or
minutes. You take the MINPOLL number and raise it to the power of 2 to
get the number of seconds. So, if MINPOLL is at it's default value of 6
(or if it's not stated), the minimum polling interval is 2^6 = 64
seconds. The MAXPOLL number states the longest interval that will occur
for a given server. It's default is 10, which equates to 2^10 = 1024
seconds = ~ 17 minutes.
I had reason to change both settings. The Rules of Engagement for the
public access servers listed at NTP.ORG say you're not allowed to lower
these default numbers, but there's nothing that says you can't raise them.
The access rules for the NIST servers say they are open access for up to
20 queries / hour. That equates to 1 query every 3 minutes. The default
MINPOLL value is 64 seconds, which is too frequent for NIST. Now, I know
that the daily average would be less, but I wanted to insure that I
would never be hitting the server more often than once every 3 minutes.
So, I set the MINPOLL value to 8 which equals 2^8 = 256 seconds = 4
minutes 16 seconds . This meets their criteria while still allowing
pretty good initial clock syncing.
I wanted to set MAXPOLL as large as possible while still maintaining my
+/- .5 sec between syncs goal. My worst "drifter" of the computers I
have seems to always lose about 15 seconds / day when running Windows.
(I have read stuff on the internet which indicates drifting in Windows
may very with CPU load.) I don't know for sure if it would do as bad
running native Linux. I don't know if the problem is the hardware clock
or the OS. Any way, I chose to set my NTPD to allow for this level of
drift. 15 sec / day equates to .625 sec / hr, which exceeds my criteria
if I only sync every hour. So, I decided to go to a maximum half hour
syncing interval. I didn't feel that I needed to do it every 17 minutes
as is the default. So, I set my MAXPOLL to 11 which equals 2^11 = 2048
seconds = 34 minutes 8 seconds. So, if the clock were drifting at .625
sec / hr, it should get no more than .35 seconds out during the 34
minutes between syncs.
The next keyword I added is IBURST. This makes it more likely that an
unreachable server can be reached if the problem is due to temporary
network congestion. Here's part of the relevant segment from the MAN
page for ntp.conf.
iburst When the server is unreachable, send a burst of eight packets
instead of the usual one.
The packet spacing is normally 2 s; however, the spacing between the
first and second
packets can be changed with the calldelay command to allow additional
time for a modem
or ISDN call to complete. This option is valid with only the server
command and is a
recommended option with this command.
Finally, the last somewhat unique setting in my ntp.conf is how I'm
accessing the NTP pool servers.
Here's what the pool server settings looked like after I installed NTP
in Ubuntu, except for the keywords I added.
server 0.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
Most people probably just use the generic pool addresses like so.
server 0.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.pool.ntp.org minpoll 8 maxpoll 11 iburst
However, I decided to restrict my pool servers to just the US based ones
for better performance.
server 0.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
Finally, I found this neat little NTP Cheat Sheet which shows the common
NTP commands:
http://www.meinberg.de/download/ntp/docs/ntp_cheat_sheet.pdf
That summarizes most of the interesting data I've learned while doing
this. I think I've got my Linux time problem pretty well beaten. Now,
I'm going to turn my attention to Windows. I already have the NIST
application syncing every 4 hours. I think I'll decrease that time
interval, or maybe look for a more flexible solution. Hope this info
helps anyone who's working with the NTP system.
Sincerely,
Ron
---------------------------
Copy of server file from my NIST Windows time sync program:
File: nist-srv.lst
This file contains information about all of the time servers
operated by NIST. You may get a copy of this file from the
/pub directory on any NIST time server.
Server name ip address Note Location
$
wwv.nist.gov 24.56.178.140 2 Colorado
nisttime.carsoncity.k12.mi.us 66.219.116.140 2 Michigan
nist1.ldsbc.edu 198.60.73.8 2 Utah
nist1-chicago.ustiming.org 208.66.175.36 2 Chicago
nist.netservicesgroup.com 64.113.32.5 2 Michigan
nist1.aol-va.truetime.com 64.236.96.53 2 DC/Virginia
utcnist2.colorado.edu 128.138.188.172 2 Colorado
nist1.aol-ca.truetime.com 207.200.81.113 2 California
nist1.columbiacountyga.gov 68.216.79.113 2 Georgia
nist1.symmetricom.com 69.25.96.13 2 California
nist1-ny.ustiming.org 64.90.182.55 2 NewYorkCity
nist1-lv.ustiming.org 64.250.229.100 2 LasVegas
nist1-sj.ustiming.org 216.171.124.36 2 SanJoseCa
nist1-nj.ustiming.org 96.47.67.105 2 NewJersey
nist.expertsmi.com 173.14.55.9 2 Michigan
nist1-pa.ustiming.org 206.246.122.250 2 Pittsburgh
nist1-la.ustiming.org 64.147.116.229 2 LosAngeles
utcnist.colorado.edu 128.138.140.44 2 Colorado
time-a.nist.gov 129.6.15.28 1 Maryland
time-b.nist.gov 129.6.15.29 1 Maryland
time-a.timefreq.bldrdoc.gov 132.163.4.101 1 Colorado
time-b.timefreq.bldrdoc.gov 132.163.4.102 1 Colorado
time-c.timefreq.bldrdoc.gov 132.163.4.103 1 Colorado
time-d.timefreq.bldrdoc.gov 132.163.4.104 3 Colorado
time.nist.gov 192.43.244.18 1 Colorado
time-nw.nist.gov 131.107.13.100 1,5 Washington
$
Notes:
1. Heavily loaded and not recommended for new users.
2. Recommended for new users.
3. Used for testing only. Not for general users.
4. Does not support anonymous ftp connections.
5. Does not support tcp (port 37) time service
Important notes:
The client program normally uses one of the first 7 servers in
the list, and you may interchange the order of the entries to force
the program to select a given system. However, you must not change
the format of the file. The program will probably stop working
if you do so. In particular, the two "$" signs delimit the list
of servers, and you must not remove them.
This file may also be used to configure system that connect to the
Internet using a proxy server. See file README.PROXY in directory
/pub/daytime for more information.
--
(PS - If you email me and don't get a quick response, you might want to
call on the phone. I get about 300 emails per day from alternate energy
mailing lists and such. I don't always see new messages very quickly.)
Ron Frazier
770-205-9422 (O) Leave a message.
linuxdude AT c3energy.com
More information about the Ale
mailing list