[ale] possibility of running an NTP server

Ron Frazier atllinuxenthinfo at c3energy.com
Thu Jan 12 13:08:28 EST 2012


Hi all,

I wanted to post a followup message to this topic and share some info I 
learned about configuring the NTPD service as a time sync client on 
Linux. Thanks for all the replies to my message and I may respond 
individually to them as well.

Well, I guess I'm not going to be running a public NPT server because I 
cannot meet all the following criteria:

1) Need a static IP - FAIL. I guess DynDNS service isn't good enough.
2) Need permanent internet connection - Quasi PASS. My internet 
connection is always on as long as I pay for it, which will probably be 
most of my life, except during power failures.
3) Need to set up 5 servers - FAIL. No way was I thinking of going to 
THAT much trouble.

However, I've got my Linux machines syncing with the outside world nicely.

Here's a partial output of my latest check on the status of NTPD on this 
machine:

ron at asus-k52f-1:~$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*nist1-ny.ustimi .ACTS. 1 u 479 2048 377 57.875 -6.680 9.199

Now THAT is a pretty sight. My PC's clock is only 6.7 milliseconds off 
from NIST (National Institute of Standards and Technology) ( 
http://www.nist.gov/index.html ) time. WAIT, it lost 4 milliseconds over 
night. I'm going to be late for lunch! Just kidding. 8-) Actually, I 
just want the PC to meet the same standards as my radio controlled 
clocks. That is, accuracy of +/- .5 (or maybe .49) seconds between 
syncs. So, 6.7 milliseconds is GREAT. As long as it doesn't exceed 499, 
I'm happy.

The hardest or most tedious part of configuring the daemon was actually 
picking the time servers to sync with. Yes, I know about the NTP pool, 
but there are a few little quirks involved in even using that, which 
I'll get to. However, I wanted to pick some good main geographically 
dispersed servers by hand and use the pool as a backup. I'm also using 
several options in the NTPD setup which were not there by default when I 
installed NTP.

Here's where you can get lists of servers:

 From NTP.ORG:

Servers Home Page - http://support.ntp.org/bin/view/Servers/WebHome
Stratum 1 Servers - 
http://support.ntp.org/bin/view/Servers/StratumOneTimeServers
Stratum 2 Servers - 
http://support.ntp.org/bin/view/Servers/StratumTwoTimeServers

Once you find a server, you can click on it to find it's access 
requirements and rules. While many NIST servers are on the Stratum 1 
list, they also have their own list. Some of the servers on the NIST 
list may not be on the NTP.ORG list (although I didn't take time to 
check them all).

 From NIST:

NIST Time and Frequency Division - http://www.nist.gov/pml/div688/
NIST Internet Time Service - http://www.nist.gov/pml/div688/grp40/its.cfm
NIST Server List - http://tf.nist.gov/tf-cgi/servers.cgi
Finally, at the bottom of this message, I've copied a NIST list from the 
directory of the NIST client software I have installed in Windows. It 
gives some additional information about which servers are recommended 
for new users.

 From NTP POOL:

http://www.pool.ntp.org/en/use.html
http://www.pool.ntp.org/zone/north-america
http://www.pool.ntp.org/zone/us

Once you've installed NPT and selected some servers, you can go about 
setting up the configuration for NTPD. On my Ubuntu installation, the 
NTP configuration is in /etc/ntp.conf . You can do man ntp.conf at a 
terminal to get info on the options. Here is a representative sample of 
my ntp.conf file, showing only some of the parts where I select the servers.

--------------------------------------------------------------------------------------

# NIST State of Washington
server time-nw.nist.gov prefer minpoll 8 maxpoll 11 iburst

# California
server clock.develooper.com minpoll 8 maxpoll 11 iburst

# Use servers from the NTP Pool Project.

server 0.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.us.pool.ntp.org minpoll 8 maxpoll 11 iburst

# Use Ubuntu's ntp server as a fallback.

server ntp.ubuntu.com minpoll 8 maxpoll 11 iburst

--------------------------------------------------------------------------------------

There are 5 unique things about my ntp.conf file I want to explain, none 
of which were the default configuration. They are: the prefer, minpoll, 
maxpoll, and iburst commands; and also the structure of the pool server 
names. Also note that I've added extra white space to make it more readable.

The PREFER keyword tells NTPD that I want to always use the NIST server 
for my syncing (as long as it is functioning properly.) This prevents 
the daemon from "clock hopping" due to small variations in the response 
of the various servers. If the NIST server fails, it can revert to the 
others for backup. On my systems at home, each computer is set to PREFER 
a different server. That keeps any one NIST machine from seeing too many 
queries from my one public internet address.

The NPTD daemon polls the internet servers at a quick interval first to 
establish the original correction factors for the system clock. Then, as 
it fine tunes the setup, it polls at longer and longer intervals while 
still maintaining good clock accuracy. These intervals are set by the 
MINPOLL and MAXPOLL keywords.

The way these work is not obvious. MINPOLL is the minimum polling 
interval for a given server, but it is not listed directly in seconds or 
minutes. You take the MINPOLL number and raise it to the power of 2 to 
get the number of seconds. So, if MINPOLL is at it's default value of 6 
(or if it's not stated), the minimum polling interval is 2^6 = 64 
seconds. The MAXPOLL number states the longest interval that will occur 
for a given server. It's default is 10, which equates to 2^10 = 1024 
seconds = ~ 17 minutes.

I had reason to change both settings. The Rules of Engagement for the 
public access servers listed at NTP.ORG say you're not allowed to lower 
these default numbers, but there's nothing that says you can't raise them.

The access rules for the NIST servers say they are open access for up to 
20 queries / hour. That equates to 1 query every 3 minutes. The default 
MINPOLL value is 64 seconds, which is too frequent for NIST. Now, I know 
that the daily average would be less, but I wanted to insure that I 
would never be hitting the server more often than once every 3 minutes. 
So, I set the MINPOLL value to 8 which equals 2^8 = 256 seconds = 4 
minutes 16 seconds . This meets their criteria while still allowing 
pretty good initial clock syncing.

I wanted to set MAXPOLL as large as possible while still maintaining my 
+/- .5 sec between syncs goal. My worst "drifter" of the computers I 
have seems to always lose about 15 seconds / day when running Windows. 
(I have read stuff on the internet which indicates drifting in Windows 
may very with CPU load.) I don't know for sure if it would do as bad 
running native Linux. I don't know if the problem is the hardware clock 
or the OS. Any way, I chose to set my NTPD to allow for this level of 
drift. 15 sec / day equates to .625 sec / hr, which exceeds my criteria 
if I only sync every hour. So, I decided to go to a maximum half hour 
syncing interval. I didn't feel that I needed to do it every 17 minutes 
as is the default. So, I set my MAXPOLL to 11 which equals 2^11 = 2048 
seconds = 34 minutes 8 seconds. So, if the clock were drifting at .625 
sec / hr, it should get no more than .35 seconds out during the 34 
minutes between syncs.

The next keyword I added is IBURST. This makes it more likely that an 
unreachable server can be reached if the problem is due to temporary 
network congestion. Here's part of the relevant segment from the MAN 
page for ntp.conf.

iburst When the server is unreachable, send a burst of eight packets 
instead of the usual one.
The packet spacing is normally 2 s; however, the spacing between the 
first and second
packets can be changed with the calldelay command to allow additional 
time for a modem
or ISDN call to complete. This option is valid with only the server 
command and is a
recommended option with this command.

Finally, the last somewhat unique setting in my ntp.conf is how I'm 
accessing the NTP pool servers.

Here's what the pool server settings looked like after I installed NTP 
in Ubuntu, except for the keywords I added.

server 0.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.ubuntu.pool.ntp.org minpoll 8 maxpoll 11 iburst

Most people probably just use the generic pool addresses like so.

server 0.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.pool.ntp.org minpoll 8 maxpoll 11 iburst

However, I decided to restrict my pool servers to just the US based ones 
for better performance.

server 0.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 1.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 2.us.pool.ntp.org minpoll 8 maxpoll 11 iburst
server 3.us.pool.ntp.org minpoll 8 maxpoll 11 iburst

Finally, I found this neat little NTP Cheat Sheet which shows the common 
NTP commands:

http://www.meinberg.de/download/ntp/docs/ntp_cheat_sheet.pdf

That summarizes most of the interesting data I've learned while doing 
this. I think I've got my Linux time problem pretty well beaten. Now, 
I'm going to turn my attention to Windows. I already have the NIST 
application syncing every 4 hours. I think I'll decrease that time 
interval, or maybe look for a more flexible solution. Hope this info 
helps anyone who's working with the NTP system.

Sincerely,

Ron



---------------------------

Copy of server file from my NIST Windows time sync program:

File: nist-srv.lst

This file contains information about all of the time servers
operated by NIST. You may get a copy of this file from the
/pub directory on any NIST time server.

Server name ip address Note Location
$
wwv.nist.gov 24.56.178.140 2 Colorado
nisttime.carsoncity.k12.mi.us 66.219.116.140 2 Michigan
nist1.ldsbc.edu 198.60.73.8 2 Utah
nist1-chicago.ustiming.org 208.66.175.36 2 Chicago
nist.netservicesgroup.com 64.113.32.5 2 Michigan
nist1.aol-va.truetime.com 64.236.96.53 2 DC/Virginia
utcnist2.colorado.edu 128.138.188.172 2 Colorado
nist1.aol-ca.truetime.com 207.200.81.113 2 California
nist1.columbiacountyga.gov 68.216.79.113 2 Georgia
nist1.symmetricom.com 69.25.96.13 2 California
nist1-ny.ustiming.org 64.90.182.55 2 NewYorkCity
nist1-lv.ustiming.org 64.250.229.100 2 LasVegas
nist1-sj.ustiming.org 216.171.124.36 2 SanJoseCa
nist1-nj.ustiming.org 96.47.67.105 2 NewJersey
nist.expertsmi.com 173.14.55.9 2 Michigan
nist1-pa.ustiming.org 206.246.122.250 2 Pittsburgh
nist1-la.ustiming.org 64.147.116.229 2 LosAngeles
utcnist.colorado.edu 128.138.140.44 2 Colorado
time-a.nist.gov 129.6.15.28 1 Maryland
time-b.nist.gov 129.6.15.29 1 Maryland
time-a.timefreq.bldrdoc.gov 132.163.4.101 1 Colorado
time-b.timefreq.bldrdoc.gov 132.163.4.102 1 Colorado
time-c.timefreq.bldrdoc.gov 132.163.4.103 1 Colorado
time-d.timefreq.bldrdoc.gov 132.163.4.104 3 Colorado
time.nist.gov 192.43.244.18 1 Colorado
time-nw.nist.gov 131.107.13.100 1,5 Washington
$
Notes:
1. Heavily loaded and not recommended for new users.
2. Recommended for new users.
3. Used for testing only. Not for general users.
4. Does not support anonymous ftp connections.
5. Does not support tcp (port 37) time service

Important notes:

The client program normally uses one of the first 7 servers in
the list, and you may interchange the order of the entries to force
the program to select a given system. However, you must not change
the format of the file. The program will probably stop working
if you do so. In particular, the two "$" signs delimit the list
of servers, and you must not remove them.

This file may also be used to configure system that connect to the
Internet using a proxy server. See file README.PROXY in directory
/pub/daytime for more information.


-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com



More information about the Ale mailing list