Re: [chrony-users] Decision algorithm, compatibility |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Decision algorithm, compatibility
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Thu, 16 Sep 2021 09:43:00 +0200
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631778190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=AcHk6BUaka9gUl/761NAstj/ht1/YvMUlv4TTGa6uNc=; b=dRmV5+2M8eSjApoaU/IQQ4tcPBCu7TySpLo+zwp5xY5SP3BDKAh3muQ+eicCgNu1hxOk/z 3MFgIXhgl+RYQCaSsPtq3NbBiDD2ZKxUP1z3pY21xRTIZmgjLPgkVM16n7PC9K5oQ2LhZH uBJXVPpTl/ECqn7oTc92sSGu9aN13IE=
On Wed, Sep 15, 2021 at 04:18:02PM +0000, Uwe Fechner wrote:
> chronyc sources
> MS Name/IP address Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^* time.cloudflare.com 3 10 42 41m +2690us[+3783us] +/- 26ms
> ^- nts1.time.nl 2 9 377 389 +2364us[+2364us] +/- 67ms
> ^+ ptbtime1.ptb.de 1 10 20 95m +439us[+1470us] +/- 24ms
> ^+ sth1-ts.nts.netnod.se 2 10 377 201 -2001us[-2001us] +/- 35ms
> ^+ sth2-ts.nts.netnod.se 2 10 377 927 +1983us[+1983us] +/- 25ms
>
> Why is cloudfare selected? It has the worst stratum AND a bad reach.
It probably has the lowest root distance on average. You can enable
the measurements log and check. But note it's not used alone. It's
combined with the other three servers with similar root distance. It's
not very important which one of them has the '*' symbol.
> Why is the reach for cloudfare and ptbtime1 so bad? Is it a compatibility problem
> or are the servers overloaded?
Some major network operators have middleboxes that rate limit long NTP
packets as a mitigation for the ntpd mode 6/7 amplification attacks.
There is not much we can do, except move NTP to a different port. The
NTP working group is working on a draft to do that, but it will take
time.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.