[Ntp] Re: NTP speed of synchronization question
Hal Murray <halmurray+ietf@sonic.net> Wed, 21 August 2024 10:30 UTC
Return-Path: <halmurray+ietf@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9859C14F6BF for <ntp@ietfa.amsl.com>; Wed, 21 Aug 2024 03:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.807
X-Spam-Level:
X-Spam-Status: No, score=-2.807 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sonic.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F7sfV5AuSdBl for <ntp@ietfa.amsl.com>; Wed, 21 Aug 2024 03:30:21 -0700 (PDT)
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E75E1C14F69F for <ntp@ietf.org>; Wed, 21 Aug 2024 03:30:20 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-135.lightspeed.sntcca.sbcglobal.net [107.137.68.135]) (authenticated bits=0) by d.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 47LASS13001557 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Wed, 21 Aug 2024 03:28:29 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sonic.net; s=net23; t=1724236110; bh=hFFBv7pRPm6kxKNw2BaKRc/11RYjqiLctmGAHIrvknM=; h=To:From:Subject:Mime-Version:Date:Message-Id:From:Subject; b=Yfpd0JcJ5nVbhP5hw1KHxkw/Bijm4VRrGLKG4QNcCnZ6DK7Srqe2B10Kg+R+c0w8g GMVUlw3SJHTRukwLFBgLo6X8q5hkXu1nKH5Z/O+uV/5YAcNE/9SV/wmYayxhrWQFW0 zG5K3PoZ4e8mDWO9WSEtSmQhh8Y73VYuj3LDiz5s1OC2Sl3uV3NpLffNzdbaZ3Eb2R OT2KoG93tFdEkzN9WXgYkME5sI0NCWaM4NSM4jmwEN3hULUfu/FNGwiDgRhkM2IwH3 a9VVV8QkN6BpomdIKMzxmVWHEdJ01rT5bhwBbqwwEccqTn/eu8e1hY/CcfofgHNdll 5k54hF84dk+0A==
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 9398E62003D; Wed, 21 Aug 2024 03:28:28 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8
To: Toerless Eckert <tte@cs.fau.de>
From: Hal Murray <halmurray+ietf@sonic.net>
In-Reply-To: Message from Toerless Eckert <tte@cs.fau.de> of "Wed, 14 Aug 2024 10:09:33 +0200." <ZrxmPeWAKqsIv86j@faui48e.informatik.uni-erlangen.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 21 Aug 2024 03:28:28 -0700
Message-Id: <20240821102828.9398E62003D@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVYFu8mdC+6fxrYI5x6XuGV+NfKmCzOPqNDMJkoe9l7R8FK63zzYdMWQyx9oyz0OdoqkUyBa7KfHQClz50XH2d+OjmVLa7OzbYE=
X-Sonic-ID: C;1OMzG6hf7xGuFK5Sr7edkQ== M;GItDG6hf7xGuFK5Sr7edkQ==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Message-ID-Hash: PEP5LSGIPC5KUOTKTBU35DOIGUTKVSCN
X-Message-ID-Hash: PEP5LSGIPC5KUOTKTBU35DOIGUTKVSCN
X-MailFrom: halmurray+ietf@sonic.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-ntp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: ntp@ietf.org, Hal Murray <halmurray+ietf@sonic.net>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Ntp] Re: NTP speed of synchronization question
List-Id: Network Time Protocol <ntp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/y5LAWvb0r9YIcx3uYAlcn8dAA4s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Owner: <mailto:ntp-owner@ietf.org>
List-Post: <mailto:ntp@ietf.org>
List-Subscribe: <mailto:ntp-join@ietf.org>
List-Unsubscribe: <mailto:ntp-leave@ietf.org>
tte@cs.fau.de said: > Assuming typical high-end routers and their implementation of NTP: > 1. Is there any reasonw why we should NOT be able to achieve > synchronization of less than 5 msec ? > 2. Assuming synchronization only across some WAN connection... I know roughly nothing about high-end routers. The previous answers looked good. Here is my 2 cents worth. You need to ask the router venders what sort of NTP software they are running. There is a lot of crapware out there claiming to be NTP. It wouldn't surprise me if some vendor was still using their old works-well-enough software. If it ain't broke, don't fix it. If you want to get in the 5 ms range using servers on the WAN, you need to pick your servers carefully. The server needs to be accurate and the routing needs to be symmetric and NTP traffic needs to not be filtered. I'm in Silicon Valley with an AT&T fiber. I have a good GPS setup to use as a reference. >From here, the time from NIST servers in Boulder and Fort Colins is off by about 6 ms. The round trip time is normally 45 ms. It ccasionally drops to 33 ms for a while. When that happens, the time is accurate. The normal case is classic asymmetric routing. Those servers look good from a cloud server in San Francisco -- 28 ms round trip. Various ISPs, routers, and whatevers filter NTP packets. That's leftover from a giant DDoS attack many years ago that used NTP's monlist option. That filtering is rarely documented. It's a pain to debug and close to impossible for mere mortals to get fixed. Google, Facebook, and Cloudflare all offer public NTP servers. I think they all use anycast so you get the nearest server. From here, I can't get to 1 of Google's IPv6 servers. I can't get to any of Facebook's IPv4 servers. They were working several days ago. I can't get to one of Cloudflare's IPv6 servers -- the TCP connection for NTS-KE times out. All those missing servers work fine from San Francisco. You can't tell how far off a system's clock is unless you have a good local clock to use as a reference. You can't just ask the system. If it knew it was off it would fix it. With asymmetric routing, it will think it is good but will be off by half the difference in transit times. What happens if the time is off a bit, say 10 ms? How about 100 ms? I suspect that even with a good setup, the clock will occasionally do somethng strange. More often if you don't have nearby good servers or when you have a flakey link. Will that just screwup the local system or explode and take down the whole net? Odds and ends: Do you know about bufferbloat? To NTP, that looks like asymmetric routing. How big can the queues get on the path from your router to/from the NTP servers you are using? Will the NTP software get a CPU when it needs it? (Or will the CPUs sometimes be busy doing more important things like routing packets?) Do you know about leap seconds? Leap smearing? Do you have a database using time stamps for UIDs? (aka something that will panic if time goes backwards) Are you using time for security? Basic NTP is easy to spoof with a MITM attack. Servers supporting NTS are harder to find. -- These are my opinions. I hate spam.
- [Ntp] Re: NTP speed of synchronization question Watson Ladd
- [Ntp] Re: NTP speed of synchronization question Miroslav Lichvar
- [Ntp] Re: NTP speed of synchronization question Martin Burnicki
- [Ntp] Re: NTP speed of synchronization question Hal Murray
- [Ntp] NTP speed of synchronization question Toerless Eckert
- [Ntp] Re: NTP speed of synchronization question Toerless Eckert
- [Ntp] Re: NTP speed of synchronization question Dave Hart
- [Ntp] Re: NTP speed of synchronization question Tony Li
- [Ntp] Re: NTP speed of synchronization question Hal Murray