IETF Logo Mail Archive

Re: [Ntp] [EXT] Re: Re: [EXTERNAL] Re: Re: Consensus call: NTPv5 and leap second smearing

Martin Burnicki <martin.burnicki@meinberg.de> Mon, 17 July 2023 11:27 UTC

Return-Path: <martin.burnicki@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B08C151533 for <ntp@ietfa.amsl.com>; Mon, 17 Jul 2023 04:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id glYIZEk_et8L for <ntp@ietfa.amsl.com>; Mon, 17 Jul 2023 04:27:30 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CAD4C14F73F for <ntp@ietf.org>; Mon, 17 Jul 2023 04:27:29 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id BE49F71C1A94; Mon, 17 Jul 2023 13:27:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1689593246; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=30jgPVRzVp6vdBCjZ8FWlrsCEJ3e8leUjP9+0rzVuVs=; b=Kn62C6R6v5AUs4x2KxO149lrckl3TOMU+CxmQwyVfnojo9mI4PeAdVmERGiBYLM2mqWfZ+ J+f+P37hepox7EPy6vYeC2amuXbLLMVSS019SDyGngd1AAqE8UgUp4wMYnyxAIra9NyID8 y+QKQ9T9yCJ0yAD/jiftMqH7LWofw2dy4iITzUb+xeNPY3M/4kFM5ZKNzIhx6dh43gZ4gq QbwNuYGJ6CKDtJt777s+EOnW3ncfjOm4PuPw/y4hhV9TuNDwnwCDpp1jFWfOn+wKnKmUF2 1XtKwr+BTkvuhEggLWdAkSZtgP0paraJ5sub1vrgv4vpmZtVghOqzww78JouRw==
Received: from seppmail (localhost [127.0.0.1]) by seppmail.py.meinberg.de (Postfix) with SMTP id 4R4KYp1HpVz36ps; Mon, 17 Jul 2023 13:27:26 +0200 (CEST)
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Mon, 17 Jul 2023 13:27:25 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
Received: from localhost ([127.0.0.1]) by srv-kerioconnect.py.meinberg.de with ESMTPSA (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)); Mon, 17 Jul 2023 13:27:23 +0200
Message-ID: <9044001d-3c36-b1d4-59ed-db5ea2677e8f@meinberg.de>
Date: Mon, 17 Jul 2023 13:27:23 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0
Content-Language: en-US, de-DE
To: "Windl, Ulrich" <u.windl@ukr.de>, Danny Mayer <mayer@pdmconsulting.net>, Denis Reilly <dreilly=40equinix.com@dmarc.ietf.org>, Harlan Stenn <stenn@nwtime.org>, Doug Arnold <doug.arnold@meinberg-usa.com>, Dieter Sibold <dsibold.ietf@gmail.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <29343948-036E-4514-8B42-689C19A61813@gmail.com> <a9370de7-ee50-a468-48e7-696ed7d8b586@pdmconsulting.net> <1d9e274e-9697-93ed-8d78-20a105aad397@nwtime.org> <29ffd221-73f6-795d-e10b-8f4ba3ebf0c2@pdmconsulting.net> <10EB1ECC-2CC7-41A0-99F0-5AEADCEF3257@gmail.com> <AM7PR02MB57657DB5F70C44ECB55FD847CF2CA@AM7PR02MB5765.eurprd02.prod.outlook.com> <DM8PR04MB7799A067BD253527355C2FCAA133A@DM8PR04MB7799.namprd04.prod.outlook.com> <364db739-1ebc-9ffa-c200-db21aeb3f693@meinberg.de> <3642691b-1b80-bc9c-f86a-ecd78c72e40f@nwtime.org> <2033fe61-2817-4822-71b2-ad8ec065b70f@meinberg.de> <24a866860312496d84941fa17d91fdf5@ukr.de> <7bb9430f-3e32-f182-5333-7b38e8dfc871@meinberg.de> <DM8PR04MB779934F0708B0DE9769C9B1AA136A@DM8PR04MB7799.namprd04.prod.outlook.com> <41796660-33e6-f8c5-d559-d45b2a0655d1@pdmconsulting.net> <d2ef28aa373746c78b6de497e07530fd@ukr.de> <6b77f328-e9a4-2a95-7cd7-bb53a9b46cf0@meinberg.de> <9b161262d9304db8b7eb3a1c62fec2f5@ukr.de>
From: Martin Burnicki <martin.burnicki@meinberg.de>
Organization: Meinberg Funkuhren GmbH & Co. KG, Bad Pyrmont, Germany
In-Reply-To: <9b161262d9304db8b7eb3a1c62fec2f5@ukr.de>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------NUo8d1hDqbRZx0JXoj0150gP"
X-SM-outgoing: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/9gJuNG_Qj1D3UDmev6o8hRG3KaA>
Subject: Re: [Ntp] [EXT] Re: Re: [EXTERNAL] Re: Re: Consensus call: NTPv5 and leap second smearing
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2023 11:27:40 -0000

Ulrich,

Am 17.07.23 um 12:24 schrieb Windl, Ulrich:
> Hi Martin (and others),
> 
> thanks for trying to explain. However I have some issues still:
> " If the software becomes aware of a scheduled leap second, it has to decide to which "consumer" it has to forward the warning, and to which not.":
> How will a server know a "consumer" is another server or a client?

If you write your software, you need to know what to interact with.

If the "consumer" is the OS kernel, the developer needs to know what the 
kernel expects. IIRC, if the Linux receives a leap second warning, it 
inserts (or deletes) the leap second at UTC midnight at the end of the 
current day, so the time synchronization software must NOT send a leap 
second warning to the kernel more than 24 s in advance.

If the "consumer" is a specific protocol, you may either have specified 
this in some specs, or according to "best practices" or long-existing 
implementations.

For example, IIRC, the PTP specs say that the lkeap second warning is to 
be sent to the clients on y 12 hours in advance.

For ntpd it's been good practice for many years to send it up to 24 h in 
advance (not sure if that's also specified in some RFC).

Upon reception of a leap second warning, you also have to evaluate the 
trustwortiness of potential sources, and how long in advance they even 
can probide a leap second warning.

For example, if you have a current leap second file, you can know about 
12 months in advance if a leap second has been scheduled, but you'd only 
start to pass the warning on to the OS kernel in less than 24 hours 
before the event.

If you have a GPS receiver, you know about 6 months in advance if a leap 
second is approaching. However, it depends on the drivers/interfaces of 
the NTP software if and when the qwarning is passed on the internal 
algorithms of the time synchronization software. For example.

AFAIK the original NMEA sentences don't provide a way at all to pass a 
leap second warning e.g. to ntpd (correct me if new NMEA versions 
support this).

Other interfaces like ntpd's parse driver only start to pass the leap 
second warning to the main routines about 24 houtrs ago (IIRC).

If you only have a DCF77 source, the leap second warning is only 
available for 59 minutes before the event. This should be be sufficient 
to properly handle the leap second on the machine to which the DCF77 
server is connected, but this may or may not be sufficient if the 
warning has to be passed down severel levels of NTP stratums, each of 
which have a large polling interval.

If the time source of your primary NTP server is an IRIG-like time code, 
your ntpd won't even seen a leap second announcement if the time code is 
one of the usual IRIG formats like IRIG-B122. These formats can support 
a leap second where the enumerated time contains a second "60", but the 
evaluating software can only see *afterwards* that a leap second has 
occurred.

Only the IRIG-like time codes like IEEE 1344 and IEEE C37.118 provide a 
leap second warning bit that is set in advance to announce an 
approaching leap second. However, the announcement interval specified 
for the time code is only 10 seconds, so while ntpd may still detect the 
warning and pass it on to the OS kernel, it is in most cases too late to 
pass the warning on to NTP clients which poll in 64 s or even longer 
intervals.

So there's much more to keep in mind, and you have to look at the whole 
chain of leap second warning propagation to see if this will work or not.

The methods specified in the NTP RFCs are fine. Most of the "leap second 
problems with NTP" were in fact problems with the OS kernels which 
simply step the time back, problems that occurred in the kernel *when* 
the time was stepped back, and problems with applications that failed 
*because* the OS kernel just stepped the time back.

> On " No, a 3 second interval across a leap second where the server claims to
> be unsynchronized is not counter-productive. It just helps to get the
> clients across that event more smoothly.":
> As said in earlier messages, what will a (simple) client do when it queries the time around 0:00 UTC, receiving a UNSYNC from all (i.e. compliant) servers? The client cannot assume that the servers will change to SYNCED within three seconds. In contrast if the clients would receive the leap status, it SHOULD apply the bits correctly to the time information received. That could mean to re-query the time a second later (when the LI is expected to be "00"). Still, both "solutions" could trigger some query storm around 0:== UTC when a leap event happens.

As I said, that can happen for all dumb clients that query only once.

What do they do if a UDP packet gets lost and they receive no reply at all?

What do they do if they query a server that is not yet synchronized 
after startup?

How many of such simple appliances can at all be configured to poll more 
than 1 server, poll all of them exactly at the same time, and then 
wonder why all servers return "UNSYNC"?

> On << The bits *announce* a leap second, but don't tell "the current timestamp is part of the inserted leap second".>>:
> Shouldn't the pair of (LI bits, UTC time stamp) be unique during a leap event? I mean: As long as the transmitted LI says that a leap event is going to happen (or is just happening), it did not happen yet, and once it did, LI should be "00" and the time should be correct. Where is the confusion?

As Warner Losh has recently explained, the problem here is the format of 
the POSIX timestamp that can't unambiguously encode the time before, 
during, or after a leap second.

All ntpd can do is pass a leap second warning to the OS kernel, and then 
monitor the kernel time status util it indicates that the kernel has 
handled the leap second, which way ever it has been done.

This ambiguity is exactly the reason why a server shoudl return "UNSYNC" 
for the 3 secioonds over the leap second, which is what ntpd does.

> Or if there is some, why not having (as I suggested) a leap indicator that is returned only when a leap second is currently in progress (that would be useful only to pure/dumb clients, and not to servers who need a "leap announcement from higher strati".

Pure, dumb clients probably won't evaluate this anyway.

As explained above, the problem is POSIX encoding and the missing status.

If you take e.g. a Meinberg PCI card and read the time from it using the 
public API calls, you consistently get a time stamp plus an associated 
status, which distinguishes between a leap second being announced and a 
leap second being in progress, so you can unambiguously convert this to 
human readavble time including second "60".

If the underlying OS doesn't support this, what could a program like 
ntpd (or ptpd) do?

> Finally on " That's why I say that it's sufficient and less confusing to only let
> servers send smeared time to clients, if smearing is required anyway.":
> Isn't that wishful thinking at least? That would require the servers and clients to be under the same administrative domain, right? For the Internet that would not work. And NTP is an Internet protocol, right?

Yes, and that's why public servers shouldn't smear. In the past, 
corporate admins decided that (and which of) their clients should get 
smeared time, and it worked really well.

A potential problem is when you used time.google.com, which smeared the 
leap seconds even in different ways at the last occurrences, and you 
didn't want and expect smeared time.

All the potential problems with smearing have been discussed many times 
in the past.


Martin
-- 
Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki@meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, 
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com

v2.31.3 | Report a Bug | By Email | System Status