Re: [chrony-users] '?' = unusable

[Brian Cook <bcook@xxxxxxxxxxxxxxxxxxxxxxx>]

I think I found it.. 

The host is multihomed.. and sub/virtual interfaces.. 

What seems to have been the limiting factor was this:

bindaddress 172.16.254.241
bindacqaddress 172.16.254.241

(in my own words...)

*bindaddress* is listening

*bindacqaddress* is sending

Even though there is a route entry for the 173vlan .. the default route is that of another vlan.. 

So the process bound to enp1s0f0.173 - for listening

was sending on enp1s0f0.69 - as it was not disabled (bindacqaddress) 

so my tcpdumps for attempts were showing the 0.69 primary address and not the 0.173 primary address.. 

after stepping back from the inet router all the way back here.. I was able to find the issue.. 

Thank you for all your help Miroslav. 

I was debugging on a separate machine as this one did not have compiler/tools/etc.. 

and in the local=0.0.0.0 trying to get that to show the address I was working with.. is how I found the configuration option.. 

 /root/chrony-scripts

chronyc tracking

Reference ID    : 8186197B (time3.facebook.com)
Stratum         : 2
Ref time (UTC)  : Fri Apr 28 12:51:38 2023
System time     : 0.000097018 seconds slow of NTP time
Last offset     : -0.000085252 seconds
RMS offset      : 0.000677160 seconds
Frequency       : 5.201 ppm fast
Residual freq   : -0.030 ppm
Skew            : 1.973 ppm
Root delay      : 0.005739552 seconds
Root dispersion : 0.000512720 seconds
Update interval : 64.2 seconds
Leap status     : Normal

chronyc sources

MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^+ time.cloudflare.com           3   6   377    42   +248us[ +248us] +/- 7015us
^- ohio.time.system76.com        2   7   310   302  +4285us[+4230us] +/-   37ms
^? clock.nyc.he.net              2   6   377    47   +888us[ +803us] +/-   33ms
^? time1.google.com              1   6   377    43   -338us[ -423us] +/-   13ms
^* time3..facebook.com            1   6   377    42   -387us[ -472us] +/- 3022us

chronyc sourcestats -v

                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
time.cloudflare.com        13  10   590     +0.036      2.296    -15us   353us
ohio.time.system76.com      7   3   330     -0.316     14.095  +4323us   762us
clock.nyc.he.net           13  11   584     -0.357      1.405  +1049us   246us
time1.google.com           12   9   589     +0.661      1.711    -24us   251us
time3.facebook.com         13   7   589     +0.161      2.478    +77us   382us

chronyc -N authdata

Name/IP address             Mode KeyID Type KLen Last Atmp  NAK Cook CLen
=========================================================================
time.cloudflare.com          NTS     5   15  256  50m    0    0    8  100
ohio.time.system76.com       NTS     2   15  256  50m    0    0    4  100
209.51.161.238                 -     0    0    0    -    0    0    0    0
216.239.35.0                   -     0    0    0    -    0    0    0    0
129.134.25.123                 -     0    0    0    -    0    0    0    0

chronyc activity

200 OK
5 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address

chrony logs of current process

2023-04-28T12:41:49.16244 daemon.info: Apr 28 08:41:49 chronyd[15312]: chronyd version 4.3 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER -SIGND +ASYNCDNS +NTS +SECHASH +IPV6 -DEBUG)
2023-04-28T12:41:49.16259 daemon.info: Apr 28 08:41:49 chronyd[15312]: Frequency 5.539 +/- 7.942 ppm read from /var/lib/chrony/drift
2023-04-28T12:41:49.16262 daemon.info: Apr 28 08:41:49 chronyd[15312]: Using right/UTC timezone to obtain leap second data
2023-04-28T12:41:54.30405 daemon.info: Apr 28 08:41:54 chronyd[15312]: Selected source 129.134.25.123
2023-04-28T12:41:54.30408 daemon.info: Apr 28 08:41:54 chronyd[15312]: System clock TAI offset set to 37 seconds
2023-04-28T12:41:55.77556 daemon.info: Apr 28 08:41:55 chronyd[15312]: Selected source 216.239.35.0
2023-04-28T12:41:56.16089 daemon.info: Apr 28 08:41:56 chronyd[15312]: Selected source 162.159.200.123 (time.cloudflare.com)
2023-04-28T12:43:00.66842 daemon.info: Apr 28 08:43:00 chronyd[15312]: Selected source 216.239.35.0
2023-04-28T12:43:00.84809 daemon.info: Apr 28 08:43:00 chronyd[15312]: Selected source 162.159.200.123 (time.cloudflare.com)
2023-04-28T12:44:05.94280 daemon.info: Apr 28 08:44:05 chronyd[15312]: Selected source 129.134.25.123

chrony configs

ntsdumpdir /var/lib/chrony
ntstrustedcerts /etc/ssl/certs.pem
nosystemcert
nocerttimecheck 1
server time.cloudflare.com iburst nts
server ohio.time.system76.com iburst nts
authselectmode mix
server 209.51.161.238 iburst
server 216.239.35.0 iburst
server 129.134.25.123 iburst
logchange 0.5
logdir /var/lib/chrony/
log measurements statistics tracking
driftfile /var/lib/chrony/drift
ntsdumpdir /var/lib/chrony/
rtcsync
makestep 1 -1
minsources 1
leapsectz right/UTC
local stratum 5
clientloglimit 1048576
bindaddress 172.16.254.241
bindacqaddress 172.16.254.241
allow 172.16.0.0/16
allow 10.20.0.0/16
allow 10.120.0.0/16
allow 10.121.0.0/16

connected clients

1724

On Wed, Apr 26, 2023 at 3:38 AM Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:

On Tue, Apr 25, 2023 at 12:30:24PM -0400, Brian Cook wrote:
> Thank you for the response..
>
> Same process running since the Sunday reboot..
>
> Provider is Verizon FiOS..
>
> tracking says every 65 seconds or so it is looking to update..

The update interval from the tracking report is the interval between
last two updates of the clock. "Ref time" says the last update was 2
days ago and it switched to the local reference (7F7F0101), so it's
not working.

To me it looks like a networking issue. It's odd that it works on
start but consistently fails later (when polling interval gets over 64
seconds?).

Some things to try:
- add "maxpoll 6" to the server lines in the config
- add "acquisitionport 123" to the config
- run "mtr -u -P 123 162.159.200.1 -B 35 -s 76" and see if there is a
  hop where the packet loss jumps

> (running a tcpdump to see what gets seen dst port 323)
>
> tcpdump -nn -vv -i enp1s0f0.173 dst port 323

NTP uses port 123. Also, you want to see both requests and responses,
so something like this should work better:

tcpdump -nn -i enp1s0f0.173 'port 123 and (host 162.159.200.1 or host 162.159.200.123)'

--
Miroslav Lichvar


--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

--

Network Administrator
Poughkeepsie City School District
SMS & Mobile: (202) 810-5827
twitter.com/bcookatpcsd

"If you cannot explain it simply, you do not understand it well enough."