Re: [chrony-users] Decision algorithm, compatibility

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Decision algorithm, compatibility
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Thu, 16 Sep 2021 09:43:00 +0200
Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631778190; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=AcHk6BUaka9gUl/761NAstj/ht1/YvMUlv4TTGa6uNc=; b=dRmV5+2M8eSjApoaU/IQQ4tcPBCu7TySpLo+zwp5xY5SP3BDKAh3muQ+eicCgNu1hxOk/z 3MFgIXhgl+RYQCaSsPtq3NbBiDD2ZKxUP1z3pY21xRTIZmgjLPgkVM16n7PC9K5oQ2LhZH uBJXVPpTl/ECqn7oTc92sSGu9aN13IE=

On Wed, Sep 15, 2021 at 04:18:02PM +0000, Uwe Fechner wrote:
> chronyc sources
> MS Name/IP address         Stratum Poll Reach LastRx Last sample
> ===============================================================================
> ^* time.cloudflare.com           3  10    42   41m  +2690us[+3783us] +/-   26ms
> ^- nts1.time.nl                  2   9   377   389  +2364us[+2364us] +/-   67ms
> ^+ ptbtime1.ptb.de               1  10    20   95m   +439us[+1470us] +/-   24ms
> ^+ sth1-ts.nts.netnod.se         2  10   377   201  -2001us[-2001us] +/-   35ms
> ^+ sth2-ts.nts.netnod.se         2  10   377   927  +1983us[+1983us] +/-   25ms
> 
> Why is cloudfare selected? It has the worst stratum AND a bad reach.

It probably has the lowest root distance on average. You can enable
the measurements log and check. But note it's not used alone. It's
combined with the other three servers with similar root distance. It's
not very important which one of them has the '*' symbol.

> Why is the reach for cloudfare and ptbtime1 so bad? Is it a compatibility problem
> or are the servers overloaded?

Some major network operators have middleboxes that rate limit long NTP
packets as a mitigation for the ntpd mode 6/7 amplification attacks.
There is not much we can do, except move NTP to a different port. The
NTP working group is working on a draft to do that, but it will take
time.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-users] Decision algorithm, compatibility
  - From: Uwe Fechner

References:
- [chrony-users] Decision algorithm, compatibility
  - From: Uwe Fechner

Messages sorted by: [ date | thread ]
Prev by Date: [chrony-users] Decision algorithm, compatibility
Next by Date: Re: [chrony-users] Decision algorithm, compatibility
Previous by thread: [chrony-users] Decision algorithm, compatibility
Next by thread: Re: [chrony-users] Decision algorithm, compatibility

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/