SEO

Hi,

I have a very small network consisting of 4 Solaris servers (Solaris1,
...., Solaris4) and want to configure NTP so that Solaris2, Solaris3, and
Solaris4 synch their time to Solaris1.

This is an isolated network (no outside connection available), so from
what I've read, I think that Solaris1 should be synched to itself?

We tried to set this up yesterday, and got the xnptd running on all 4
machines, but when we tested, it didn't seem that anything was happening
(we ran snoops on port 123 on several of the machines).

We tested by first using ntpdate on Solaris2, 3, and 4 to get them
synched to Solaris1, then starting the xnptd on those machines, then
setting the system clock on Solaris1 back about 10 minutes, and then
watching the snoop output for awhile.

Can someone provide what the basic ntp.conf file should look like for
Solaris1 and for the other Solaris machines (Solaris2, 3, and 4)?

Thanks,
Jim

ohaya wrote:
> Hi,
>
> I have a very small network consisting of 4 Solaris servers (Solaris1,
> ..., Solaris4) and want to configure NTP so that Solaris2, Solaris3, and
> Solaris4 synch their time to Solaris1.
>
> This is an isolated network (no outside connection available), so from
> what I've read, I think that Solaris1 should be synched to itself?
>
> We tried to set this up yesterday, and got the xnptd running on all 4
> machines, but when we tested, it didn't seem that anything was happening
> (we ran snoops on port 123 on several of the machines).
>
> We tested by first using ntpdate on Solaris2, 3, and 4 to get them
> synched to Solaris1, then starting the xnptd on those machines, then
> setting the system clock on Solaris1 back about 10 minutes, and then
> watching the snoop output for awhile.
>
> Can someone provide what the basic ntp.conf file should look like for
> Solaris1 and for the other Solaris machines (Solaris2, 3, and 4)?
>
> Thanks,
> Jim

did you see the files
/etc/inet/ntp.client
/etc/inet/ntp.server
that can be used as a starting point for setting up such a
configuration?

Tom

Thomas Maier-Komor wrote:
>
> ohaya wrote:
> > Hi,
> >
> > I have a very small network consisting of 4 Solaris servers (Solaris1,
> > ..., Solaris4) and want to configure NTP so that Solaris2, Solaris3, and
> > Solaris4 synch their time to Solaris1.
> >
> > This is an isolated network (no outside connection available), so from
> > what I've read, I think that Solaris1 should be synched to itself?
> >
> > We tried to set this up yesterday, and got the xnptd running on all 4
> > machines, but when we tested, it didn't seem that anything was happening
> > (we ran snoops on port 123 on several of the machines).
> >
> > We tested by first using ntpdate on Solaris2, 3, and 4 to get them
> > synched to Solaris1, then starting the xnptd on those machines, then
> > setting the system clock on Solaris1 back about 10 minutes, and then
> > watching the snoop output for awhile.
> >
> > Can someone provide what the basic ntp.conf file should look like for
> > Solaris1 and for the other Solaris machines (Solaris2, 3, and 4)?
> >
> > Thanks,
> > Jim
>
> did you see the files
> /etc/inet/ntp.client
> /etc/inet/ntp.server
> that can be used as a starting point for setting up such a
> configuration?
>
> Tom


Tom,

The sample files were on a couple of the systems that I installed from
the Sun media, but several of the systems, including Solaris1, were
jumpstarted a long time ago by someone else who I haven't been able to
identify. Those latter systems didn't have the sample files, plus, I
guess that I thought that we wanted something simple and wasn't sure we
wanted to configure the server to multicast/broadcast as I think was in
the ntp.server sample file, so we tried to strip things down to the
barest minimum just to try to get things working.

Jim

ohaya wrote:
>
> Hi,
>
> I have a very small network consisting of 4 Solaris servers (Solaris1,
> ..., Solaris4) and want to configure NTP so that Solaris2, Solaris3, and
> Solaris4 synch their time to Solaris1.
>
> This is an isolated network (no outside connection available), so from
> what I've read, I think that Solaris1 should be synched to itself?
>
> We tried to set this up yesterday, and got the xnptd running on all 4
> machines, but when we tested, it didn't seem that anything was happening
> (we ran snoops on port 123 on several of the machines).
>
> We tested by first using ntpdate on Solaris2, 3, and 4 to get them
> synched to Solaris1, then starting the xnptd on those machines, then
> setting the system clock on Solaris1 back about 10 minutes, and then
> watching the snoop output for awhile.

You don't say which version of Solaris, but the config files should be the same.
However, NTP is *NOT* designed to be tested like that. It does *NOT* expect that
the clock will be pulled hither and thither, but only to follow small changes.
If you start jerking the clock about the results are at best unpredictable.

> Can someone provide what the basic ntp.conf file should look like for
> Solaris1 ..

server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile /etc/inet/ntp.driftfile

> .. and for the other Solaris machines (Solaris2, 3, and 4)?

server Solaris1
driftfile /etc/inet/ntp.driftfile

If you want to add "restrict" statements you can do that later.

The startup (whether using /etc/init.d/xntpd on earlier versions or smf on 10)
should run ntpdate automatically, so you don't have to, and on the clients the
ntp daemon itself will not be started start until ntpdate completes, which
requires the server has locally synchronized so that ntpdate on the client can
get the time from it, which takes about 5 or 6 minutes. Use "ps -ef | grep ntp"
to check what is running on each system, and "ntpq -p" (see "man ntpq" under the
"peers" entry for the detail) to check things are working, and trust the output.

John Howells

> You don't say which version of Solaris, but the config files should
be the same.
> However, NTP is *NOT* designed to be tested like that. It does *NOT*
expect that
> the clock will be pulled hither and thither, but only to follow small
changes.
> If you start jerking the clock about the results are at best
unpredictable.
>
> > Can someone provide what the basic ntp.conf file should look like
for
> > Solaris1 ..
>
> server 127.127.1.0
> fudge 127.127.1.0 stratum 10
> driftfile /etc/inet/ntp.driftfile
>
> > .. and for the other Solaris machines (Solaris2, 3, and 4)?
>
> server Solaris1
> driftfile /etc/inet/ntp.driftfile
>
> If you want to add "restrict" statements you can do that later.
>
> The startup (whether using /etc/init.d/xntpd on earlier versions or
smf on 10)
> should run ntpdate automatically, so you don't have to, and on the
clients the
> ntp daemon itself will not be started start until ntpdate completes,
which
> requires the server has locally synchronized so that ntpdate on the
client can
> get the time from it, which takes about 5 or 6 minutes. Use "ps -ef |
grep ntp"
> to check what is running on each system, and "ntpq -p" (see "man
ntpq" under the
> "peers" entry for the detail) to check things are working, and trust
the output.

John,

Thanks.

All machines are Solaris 9 SPARC.

I tried exactly those config files you described above, but if I:

- Start xntpd on Solaris1, then
- Run: ntpdate solaris1 from one of the other Solaris systems

I am getting an error:

"No suitable server for synchronization found"

All machines are on the same network, and there are no firewalls, so I
don't know what the problem is.

Thanks,
Jim

John,

Followup to my earlier post about "no server to synchronize..." error.


After going back to the lab, I did another ntpdate, and was surprised
that this time it worked, even tho no changes.

Does xntpd take awhile (maybe a couple of minutes) to get to the point
that it will respond to requests from other systems??? Seems like it
(xntpd) doesn't "talk" for awhile after it starts?

Jim

* ohaya wrote:

> We tried to set this up yesterday, and got the xnptd running on all 4
> machines, but when we tested, it didn't seem that anything was happening
> (we ran snoops on port 123 on several of the machines).

If you're not seeing any traffic on port 123 then I think ntp isn't
running (or isn't doing anything)

> We tested by first using ntpdate on Solaris2, 3, and 4 to get them
> synched to Solaris1, then starting the xnptd on those machines, then
> setting the system clock on Solaris1 back about 10 minutes, and then
> watching the snoop output for awhile.

But you shouldn't do this! ntp is for dealing with clock drift, it's
not designed to deal with massive changes in time. I can't remember
what happens in cases like this but in at least some cases the clients
will just log something to the effect of `I'm not going to try to fix
that because it's too large an offset' and do nothing.

--tim

Tim,

Comments interspersed below...

Tim Bradshaw wrote:
>
> * ohaya wrote:
>
> > We tried to set this up yesterday, and got the xnptd running on all 4
> > machines, but when we tested, it didn't seem that anything was happening
> > (we ran snoops on port 123 on several of the machines).
>
> If you're not seeing any traffic on port 123 then I think ntp isn't
> running (or isn't doing anything)

With the new, simpler configurations that John Howells described earlier
in this thread, I am now seeing traffic regularly when I do snoop. It
looks like the 'client' end is sending out something every minute or so.



> > We tested by first using ntpdate on Solaris2, 3, and 4 to get them
> > synched to Solaris1, then starting the xnptd on those machines, then
> > setting the system clock on Solaris1 back about 10 minutes, and then
> > watching the snoop output for awhile.
>
> But you shouldn't do this! ntp is for dealing with clock drift, it's
> not designed to deal with massive changes in time. I can't remember
> what happens in cases like this but in at least some cases the clients
> will just log something to the effect of `I'm not going to try to fix
> that because it's too large an offset' and do nothing.


Thanks. I am now aware of that (no big changes). What I've done now on
the client end is to do a ntpdate to synch the client to solaris1, and
then starting xntpd. It now seems to be working as expected.

Thanks again,
Jim

"ohaya" <ohaya@yahoo.com> wrote in message
news:1116608567.353501.319280@g47g2000cwa.googlegr oups.com...
> John,
>
> Followup to my earlier post about "no server to synchronize..." error.
>
>
> After going back to the lab, I did another ntpdate, and was surprised
> that this time it worked, even tho no changes.
>
> Does xntpd take awhile (maybe a couple of minutes) to get to the point
> that it will respond to requests from other systems??? Seems like it
> (xntpd) doesn't "talk" for awhile after it starts?

Well, I may not have expressed it too clearly, but I did note that
>>
on the clients the
ntp daemon itself will not be started start until ntpdate completes, which
requires the server has locally synchronized so that ntpdate on the client
can
get the time from it, which takes about 5 or 6 minutes.
<<

Basically, the standard Solaris NTP software goes through a two-stage
sequence if you use the standard /etc/rc* scripts to start it:

1 use ntpdate to quickly get the clock within the 128ms ntp expects
2 use the ntp daemon to really get things going properly

It must complete step 1 before moving on to step 2, so if the system
providing the source of time for ntpdate is not yet itself synchronized
ntpdate will wait, and the daemon will only start when it completes.

Once ntpdate has completed it takes about five or six minutes for the daemon
to synchronize, whether that be to its own hardware in the case of your
"server" (Solaris1) or to that system for your other three "client" systems.

The default minimum polling interval always starts at 64 seconds (it can go
up to a default maximum of 1024 seconds in powers of 2 as it thinks things
are stable enough to allow it), and it takes five or six samples at 64
second intervals before the daemon is confident it knows what is going on.
During this time it works out the difference in frequency and stability
between its local clock and that of the source of time data.

If you stop and start the ntp software on Solaris1 and use "ntpq -p" to
monitor it you will have to wait about six minutes before the '*' appears to
show it is in sync. Only then will the other servers see the time as valid
and start their synchronization, which will itself take at least a further
six minutes, and possibly up to five minutes longer depending on exactly
where in the ntp startup sequence the client has reached when the server
finally offers it time data.

With NTP you have to be patient. It's about long term stability and
accuracy, not instant gratification!

Each hour the ntp software will update the "ntp.drift" file (in the example
files) with the clock error, so that next time the daemon runs it has a clue
as to where things should start.

John Howells

> Basically, the standard Solaris NTP software goes through a two-stage
> sequence if you use the standard /etc/rc* scripts to start it:
>
> 1 use ntpdate to quickly get the clock within the 128ms ntp expects
> 2 use the ntp daemon to really get things going properly
>
> It must complete step 1 before moving on to step 2, so if the system
> providing the source of time for ntpdate is not yet itself synchronized
> ntpdate will wait, and the daemon will only start when it completes.
>
> Once ntpdate has completed it takes about five or six minutes for the daemon
> to synchronize, whether that be to its own hardware in the case of your
> "server" (Solaris1) or to that system for your other three "client" systems.
>
> The default minimum polling interval always starts at 64 seconds (it can go
> up to a default maximum of 1024 seconds in powers of 2 as it thinks things
> are stable enough to allow it), and it takes five or six samples at 64
> second intervals before the daemon is confident it knows what is going on.
> During this time it works out the difference in frequency and stability
> between its local clock and that of the source of time data.
>
> If you stop and start the ntp software on Solaris1 and use "ntpq -p" to
> monitor it you will have to wait about six minutes before the '*' appears to
> show it is in sync. Only then will the other servers see the time as valid
> and start their synchronization, which will itself take at least a further
> six minutes, and possibly up to five minutes longer depending on exactly
> where in the ntp startup sequence the client has reached when the server
> finally offers it time data.
>
> With NTP you have to be patient. It's about long term stability and
> accuracy, not instant gratification!
>
> Each hour the ntp software will update the "ntp.drift" file (in the example
> files) with the clock error, so that next time the daemon runs it has a clue
> as to where things should start.


John,

Ahhh. That explains a lot, including that when I was doing a snoop on
port 123, I was seeing traffic about every 60+ seconds (it was close to
64 actually, as you suggest).

Thanks,
Jim