Re: [chrony-users] interleaved mode with software timestamping

[ Thread Index | Date Index | More Archives ]

On Tue, Mar 26, 2019 at 01:11:22PM +0100, cfanygapa wrote:
> 1. It has been mentioned in manual and this mailing list that NAT can be a
> problem with software based interleaved mode, which is clear to me. But is
> it still ok to add "xleave" option for clients which may be potentially
> NAT'd as in the worst case basic mode will be used? So while having Chrony
> as server and clients in own network there is no risk of interleaved mode
> usage as it can be only a pure benefit?

You can enable the xleave option even if the client is expected to be
behind NAT. The protocol can always fall back to the basic mode. With
the presend option it's possible to have a small number of clients
behind NAT using the interleaved mode at the same time (colliding

> 2. Would you still advise to use stronger MAC for example 256 bit SHA512 for
> server auth with interleaved mode and frequent polling? I am asking in
> context of aprox 500-1000 clients... can SHA512 computation may become an
> obstacle here?

It depends on the hardware, but I think everything should be able to
handle at least 1000 requests per second, even with SHA512
authentication enabled. A typical x86_64 server should be able to
handle at least 100000 requests per second.

> 3. Is there any sense of not deacrasing minpoll/maxpoll values with
> interleaved mode to let Chrony managing it, which can lead to rare 2^10
> polls? Or that will be actually negation of interleaved mode usage?

Using a shorter minpoll/maxpoll would be recommended for accuracy.
That is not specific to the interleaved mode. The default values are
recommended for public servers on Internet.

With a longer polling interval, enabling the interleaved mode may have
a negative impact on accuracy. The timestamps may be more accurate,
but they are old and the clock may have drifted significantly in that
time. Again, the presend option would be recommended for longer
polling intervals, but not against public servers as presend is
basically a burst and admins of public servers generally don't like

Miroslav Lichvar

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+