Forgot your password?
typodupeerror
The Internet

The NTP Pool Needs More Servers — Yours, If Available 160

Posted by timothy
from the otherwise-you'll-start-waking-up-last-week dept.
Do you have a static IP or two? If so, you might be able to spread some Internet infrastructure well-being with very little effort. An anonymous reader writes "The NTP Pool project is turning 10 soon, and needs more servers to continue serving reasonably accurate time to anyone in the world."
This discussion has been archived. No new comments can be posted.

The NTP Pool Needs More Servers — Yours, If Available

Comments Filter:
  • by Anonymous Coward on Thursday June 21, 2012 @02:48PM (#40402091)

    //puts on sunglasses//

  • by Hatta (162192) on Thursday June 21, 2012 @02:59PM (#40402255) Journal

    Are we talking about about stratum 1 servers here?

    • by GuruBuckaroo (833982) on Thursday June 21, 2012 @03:07PM (#40402351) Homepage
      Nope. Anyone with a stable time server is encouraged to join. The operative word being "stable". It's more about providing something that will be reliably *there* when it's needed. The protocol itself will take care of accuracy.
    • by bill_mcgonigle (4333) * on Thursday June 21, 2012 @03:19PM (#40402499) Homepage Journal

      Some quick searching shows one can get a USB GPS receiver for $27 [amazon.com] and the comments say it works with linux/gpsd, showing up as /dev/ttyUSB0.

      Somebody could make a simple OS image that would narrow the scope of the problem to the availability of ~$60 and an available public IP address.

      • needs the Model B, of course.

      • Perhaps you could also point out a source for a Raspberry Pi.
      • by kwark (512736) on Thursday June 21, 2012 @04:54PM (#40403751)

        An USB GPS means no Pulse Per Second (actually 1000ms). The PPS fires an interrupt on the serial port, which should result in an interrupt every 1000ms accurate within 100us.

        The lack of PPS will result in a ntpd with lots of jitter, my experience is about +/- 150ms but this depends heavily on actual USB usage and the GPS device itself. This is unsuitable for a low stratum ntpserver IMHO, so don't use it as the only timesource if you want to participate in the pool unless you advertise it as some high stratum source (I would guess 5-10).

        • An USB GPS means no Pulse Per Second

          Hrmmm .... good point - looks like it is available in a few devices.

          esr says he can get 1ms on USB [catb.org] with the Macx-1 device. What accuracy is required for each stratum? The bufferbloat people are using that device for their latency measuring project [ibiblio.org].

      • by NevarMore (248971)

        So how do I get the GPS receiver to get a time signal in my basement or datacenter?

      • by AmiMoJo (196126)

        The only down-side to USB GPS devices is that they don't have accurate 1PPS signals. A serial GPS can send the 1PPS signal to the DTR line where the computer can detect it for sub microsecond accuracy. Unfortunately serial ports are getting more and more uncommon, and use annoying +/-12V signalling.

    • by Shatrat (855151)

      I've got three Symmetricom Stratum 0 servers, but they're only visible on our private network. :( Can't flex my geek horsepower.

    • by AmiMoJo (196126)

      You can easily become a stratum 1 server, all you need is to connect an accurate time source to the server. GPS is popular but low frequency time signals like DCF77 and JJY work too.

  • What is NTP? (Score:4, Informative)

    by cpu6502 (1960974) on Thursday June 21, 2012 @03:01PM (#40402295)

    "The NTP pool is a dynamic collection of networked computers that volunteer to provide highly accurate time via the Network Time Protocol to clients worldwide." "Network Time Protocol (NTP) is a networking protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in use." - wikipedia.

    • by SJHillman (1966756) on Thursday June 21, 2012 @03:07PM (#40402361)

      What Wikipedia doesn't tell you is that Skynet had humble beginnings as a network clock...

      • by mitgib (1156957)

        What Wikipedia doesn't tell you is that Skynet had humble beginnings as a network clock...

        Bow to your Cyberdyn Overlords.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      "The NTP pool is a dynamic collection of networked computers that volunteer to provide highly accurate time via the Network Time Protocol to clients worldwide." "Network Time Protocol (NTP) is a networking protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in use." - wikipedia.

      Thanks for that informative post.

      Also, anyone reading Slashdot who needed such a post, your geek card has been downgraded to "minion" level. Minion level cards do not get access to the second-floor gym or the breakroom, but can still use the reference library. Take advantage of it!

      • by tlhIngan (30335)

        Also, anyone reading Slashdot who needed such a post, your geek card has been downgraded to "minion" level. Minion level cards do not get access to the second-floor gym or the breakroom, but can still use the reference library. Take advantage of it!

        I think it should be turned in.

        The summary even stated what it was about - "providing reasonably accurate time". Sure it's not a full technical description, but it's a good quick summary of the project and what NTP is. If you want more, look it up. If not, you kn

      • by cffrost (885375)

        Minion level cards do not get access to the second-floor gym or the breakroom, but can still use the reference library. Take advantage of it!

        If you think I'm going to climb a flight of stairs to get to a gymnasium, you're out of your damn mind.

    • Re: (Score:3, Funny)

      by 0racle (667029)
      News for Nerds. Are you so pitiful you don't know how to use a web search engine?

      Oh, excuse me,

      A web search engine is designed to search for information on the World Wide Web. - wikipedia

      Oh damn

      The World Wide Web (abbreviated as WWW or W3,[2] commonly known as the Web, or the "Information Superhighway"), is a system of interlinked hypertext documents accessed via the Internet. - wikipedia

      OH GOD DAMNIT

      An information system (IS)[1] - is any combination of information technology and people's activities that s

  • No Gov. help? (Score:1, Interesting)

    by Anonymous Coward

    This seems like something that almost every country and government in the world, could thrown down a couple hundred dollars a year for. 3rd world, and war-torn countries need not apply for obvious reasons....

    In the US, is NIST involved in this at all? If not, why not? Just seems like something that they'd be all over.

  • by MetalliQaZ (539913) on Thursday June 21, 2012 @03:08PM (#40402371)

    Anyone considering this should carefully read the NTP pool's page on the matter. In addition to having a static IP, you need to have fairly good availability over a long period of time, and more importantly you need to be able to handle a lot of traffic. Even though the traffic is fairly low most of the time, you could experience spikes that would be difficult to handle for small businesses or amateurs. Also, anyone with metered bandwidth on their server/colo would almost certainly be unable to handle the cost.

    The NTP pool is something that you have to consider carefully. You can't help out for 18 months and then decide to quit. You can expect to receive traffic for up to YEARS after you leave the pool.

    -d

    • by ShaunC (203807)

      Yeah, you really oughtn't try to volunteer your DSL connection. If you have a dedicated server somewhere, though, it's pretty simple to configure ntpd and register yourself as part of the pool. I've been doing my part [ntp.org] for a few years (whoops - I rebooted yesterday). The traffic really is negligible and the load is practically nil. If you've got the resources, help the cause!

  • Why not use EC2? (Score:4, Interesting)

    by paulschreiber (113681) on Thursday June 21, 2012 @03:09PM (#40402389) Homepage
    Can Google/Apple/Amazon not just throw some money at this?
    • Re:Why not use EC2? (Score:5, Informative)

      by TooMuchToDo (882796) on Thursday June 21, 2012 @03:13PM (#40402439)

      Virtual machines cannot be used for NTP:

      http://support.ntp.org/bin/view/Support/KnownOsIssues#Section_9.2.2 [ntp.org].

      NTP was not designed to run inside of a virtual machine. It requires a high resolution system clock, with response times to clock interrupts that are serviced with a high level of accuracy. No known virtual machine is capable of meeting these requirements.
      Run NTP on the base OS of the machine, and then have your various guest OSes take advantage of the good clock that is created on the system. Even that may not be enough, as there may be additional tools or kernel options that you need to enable so that virtual machine clients can adequately synchronize their virtual clocks to the physical system clock.

      • by Anonymous Coward

        I think he means why doesn't Google or Amazon run their own NTP servers which they contribute to the pool. Google already has a public DNS system. Having a public NTP system that is part of the NTP pool would also be helpful. The network traffic would be a drop in the bucket for them. Meanwhile, they already have servers in locations that need more NTP pool support, such as South East Asia and Latin America.

    • In theory, Microsoft runs NTP at time.windows.com. In practice, it seems very flaky. Search for it and you'll find countless forum posts about outages.
    • Can Google/Apple/Amazon not just throw some money at this?

      Apple already has a few configured by default in Mac OS X: time.apple.com, time.asia.apple.com, time.euro.apple.com

      $ ntpdate -q time.apple.com
      server 17.151.16.23, stratum 2, offset -0.002298, delay 0.04951
      server 17.171.4.13, stratum 2, offset -0.003922, delay 0.09973
      server 17.171.4.14, stratum 2, offset -0.003779, delay 0.09933
      server 17.171.4.15, stratum 2, offset -0.004068, delay 0.09940
      server 17.171.4.21, stratum 0, offset 0.000000, delay 0.00000
      server 17.171.4.22, stratum 2, offset -0.010687, delay 0.113

  • I've always wondered about the defaults to have every RH/Debian/Suse/Ubuntu/etc. box talk directly to the pool. I know that for years, the pool has been considered fully sufficient to meet these needs, but it just always struck me as more efficient for an organization to run its own NTP server--one machine talking to the pool--and have other machines in the organization talk to that, rather than having all the machines in the organization talk to the pool.

    For home use, I actually use ntpupdate in a once-a-

    • by fuzzyfuzzyfungus (1223518) on Thursday June 21, 2012 @03:36PM (#40402717) Journal
      The 'default' is what it is because it is the setting that provides the best chance of working right out of the box. Hitting a known public NTP source qualifies as a pretty sane default.

      Now, if you are going to be running a bunch of systems, it certainly is polite, as well as efficient, to run your own NTP server for your internal systems, just as you likely run your own DNS server for them. However, that isn't really something you can sensibly set as the default; because every organization's internal server will have a different address and smaller sites/single users/laptops frequently off the LAN simply won't have one.

      Not all that dissimilar from the fact that most distro's package managers default to pointing directly to the public package mirrors. That is obviously nuts from the perspective of anybody running more than a few machines, you'll waste enormous amounts of time and bandwidth if you aren't caching packages and updates; but your default can't really assume the existence of a local cache...
      • by Xtifr (1323)

        Yeah, I kinda get that. Still, it seems like it's harder than it ought to be to use something other than the default. When I set up a system, it generally asks me what I want to use for DNS, but never asks what I want to use for NTP.

        Package pools, I think, are slightly different, since they're distro-specific and take a lot of space, and even a moderate-sized organization may be unwilling to host their own mirrors for all the distros they use internally. Still, I certainly wouldn't object to the distros m

    • Many/most distros will use the NTP servers provided via DHCP (if configured) instead of the built-in defaults. I know this is true for Ubuntu, at least — not sure if their dhclient/ntpd configuration is nonstandard or not (knowing Ubuntu, there's a high likelihood that it is).

    • by heypete (60671) <pete@heypete.com> on Thursday June 21, 2012 @05:26PM (#40404105) Homepage

      I've always wondered about the defaults to have every RH/Debian/Suse/Ubuntu/etc. box talk directly to the pool. I know that for years, the pool has been considered fully sufficient to meet these needs, but it just always struck me as more efficient for an organization to run its own NTP server--one machine talking to the pool--and have other machines in the organization talk to that, rather than having all the machines in the organization talk to the pool.

      They actually talk to a "vendor" subdomain of the pool [ntp.org]: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, etc.

      They provide vendor-specific subdomains and encourage vendors to provide NTP servers to the pool. Thus, if there's some abuse or misconfiguration that results in excessive traffic they can change the vendor-specific subdomain to prevent that traffic from flooding NTP servers without inconveniencing clients that use the general pool.

      Anyway, yes: it's better for an organization to have one or two local time servers communicate with the pool (or other sources of time) and then provide time service to the local network. Still, talking to the pool is a reasonably sane "general purpose" default.

    • For home use, I actually use ntpupdate in a once-a-day cron job, rather than having a full ntpd talking to the pool all day long. It was a little more work to set up (which is also something I wish could be addressed), but combined with automatic drift correction, it seems more than adequate for my needs.

      That's not a good approach. ntpd handles a lot of edge cases - what if your drift isn't constant? what if some of your time sources turn out to be flaky? - and generally only checks the upstream clocks often enough to verify that it's still running correctly. It would be really hard to build that much functionality into a home-rolled solution, and given that it's harder to do it your way than to just run ntpd in the first place, why not?

      • by Xtifr (1323)

        I just used the script expressly provided for the purpose, and followed the clear instructions that came with it. If you think the script is so horrible, feel free to file a bug report and see if the maintainer agrees. As for why I don't want yet another silly daemon running, well, it's because I don't want yet another silly daemon running. Call it personal taste if you will, but it's been working well enough to meet my needs for over a decade now (I"ve replaced all the hardware, but it's been the same l

  • by PPH (736903) on Thursday June 21, 2012 @03:29PM (#40402627)

    They can use my system if they don't mind pretty crappy latency.

    • They don't, as long as it's consistently crappy. If tests can establish that you always have a delay of 1000.000ms, your machine is a better time source than another that has 100 += 99 ms.

  • US Navy Master Clock (Score:3, Informative)

    by cffrost (885375) on Thursday June 21, 2012 @03:31PM (#40402651) Homepage

    These three are the US master clock's stratum-1 servers. They most likely will not run out of bandwidth. The last one isn't (intended) for civilian users, so don't come to me if an aircraft carrier, F/A-18 Hornet, etc. smashes through your front door.

    tick.usno.navy.mil
    tock.usno.navy.mil
    ntp.usno.navy.mil

    More information. [navy.mil]

  • by Gothmolly (148874) on Thursday June 21, 2012 @03:34PM (#40402675)

    Without metrics, this is just "Please sir, may I have some more?"
    How about telling us how many servers are there, what their utilization is, client load, etc?

    • by negge (1392513)

      You took the time to post here but didn't take the time to RTFA, which by the way would have provided answers to all your questions?

  • Since all broadband connections have bufferbloat (to some degree or other), in all technologies (fiber, DSL and cable alike), it isn't a good idea to volunteer to run an NTP server on such a connection, even if it is/has been reliable. Bufferbloat will induce transient bad timing into your time service; even more fun, in often a asymmetric way, pretty much any time you do anything over that link.

    • by profplump (309017)

      While high-precision public servers are nice, most applications for NTP aren't sensitive to the amount of jitter introduced by consumer-grade endpoint (which I'd characterize as almost never exceeding 100ms, and often below 50ms). If you have an application where that much jitter in your NTP sync is an issue you need a local NTP server anyway, and quite possibly a local time source.

  • by jcochran (309950) on Thursday June 21, 2012 @04:44PM (#40403619)

    I used to have a computer in the pool, but removed it due to disgust with the NTP abusers out there. When I looked at the logs, I would see that the vast majority of incoming traffic was from a relatively small handful of IP address. For normal well behaved users, you would see them hit you every 64 seconds and over a period of a few hours slowly back off until they do a query only once every 1024 seconds. Reasonable and well behaved. Even a relatively low bandwidth DSL line could handle a lot of users like that.

    Unfortunately, not all the users are reasonable and well behaved. There were a few addresses that were hitting me with a query per second. And you can't blacklist these anti-social idiots because if you do, they're still consuming inbound bandwidth. After a period of time where 1% of the users were consuming 99% of my donated resources, I left the pool out of disgust. Was still getting hits from the idiot users a year later.

    To make their idiocy even more evident, the SHORTEST interval that NTPD will hit a server is once per 16 seconds. So those once a second idiots were using software that itself was written by idiots.

    Would I donate to the pool again? Nope. Not at long as there are invalid NTP clients that hit that often. If I could be assured that the idiots are gone, then I'd donate. Until then, I don't need the headaches.

    • by TheSpoom (715771)

      Could you have emailed their ISP's abuse department?

    • Could that be a bunch of computers behind NAT using the same external IP or you think those users were genuinely malicious?
      • by profplump (309017)

        Probably not malicious -- probably just using bad software, or putting in ridiculous settings because they don't understand how NTP works.

      • I'd expect a load of computers behind NAT to create a big traffic storm if they were all rebooted at once but it would then subside as the computers backed off to. Also the traffic would likely be relatively irregular.

        A regular request every second sounds like a mark of a client developed by someone who either didn't understand how NTP was supposed to work or didn't care about the load they were putting on donators

    • by profplump (309017) <zach-slashjunk@kotlarek.com> on Thursday June 21, 2012 @05:23PM (#40404069)

      I've got one better -- I actually had a pool user call my ISP and get me disconnected (temporarily) because I was "hacking" them on UDP port 123.

      • Okay, that's funny! And a worthy post to respond to to remove an inadvertent mod.

      • by jafo (11982) on Friday June 22, 2012 @02:19AM (#40408363) Homepage

        This is similar to the reason I ended up leaving the pool 7 years ago... The week I left the pool I had two different people call me telling me that one of my machines was hacked because it was attacking their network. "Hmm, what port are you seeing the attacks on?" "123." "You know what 123 is, right? NTP... Those packets your intrusion detection system is complaining about are in response to packets you sent that server."

        It was actually the guy that hung up on me while I was telling him that his machines were causing this, that caused me to leave the pool. I'm sorry, but I just can't be providing individual phone support to everyone who uses the NTP pool, that's kind of how I was feeling...

        I haven't been in the pool for 7 years, and I'm still getting around 8,000 packets per second on NTP, around a megabit per second. There's one DSL line in Italy that sends an average of 15 packets/sec.

        Here's a blog post I wrote in relation to this: http://www.tummy.com/journals/entries/jafo_20050412_123522 [tummy.com]

        Sean

      • by buglista (1967502)
        ooh, me too! i had a complaint to abuse@university.nz along similar lines.

        We were stratum 2 for New Zealand. They had somehow configured their crappy Windows box to be stratum 1, and then wondered why they got a whole load of queries. Feckin eejits.
    • by sys_mast (452486)

      Any chance it could have been valid clients, but through NAT looks like one client with an excessive amount of hits/min? Of course a reasonable person should have one NTP client hit the pool, and sync all the rest of the clients to the local. I guess i'd be surprised if it was a poorly coded client, does anyone use anything besides the default NTPD?

    • by Meostro (788797)

      To make their idiocy even more evident, the SHORTEST interval that NTPD will hit a server is once per 16 seconds. So those once a second idiots were using software that itself was written by idiots.

      So you don't think this was 1 NATted IP running 16+ servers behind it? As someone said above [slashdot.org] the default for some OSes is to hit the pool directly.

    • by AmiMoJo (196126)

      I'd just start randomly drifting their clocks, see how far off you can get them before they notice.

      • by don.g (6394)

        You want them to stop? Don't randomly drift; return a stupid time like now minus a year (so nice and stable, just wrong). That's easy enough with a second NTP server and DNAT.

    • Unfortunately, not all the users are reasonable and well behaved. There were a few addresses that were hitting me with a query per second. And you can't blacklist these anti-social idiots because if you do, they're still consuming inbound bandwidth.

      I feel your pain, and it is (or at least was) made worse by ntpd itself. I tried to get limiting working [mail-archive.com] a few years ago, but in the end my server kept answering requests from even the most abusive clients. This peeved me greatly. When I've flagged a client as bad, stop talking to them.

      I still wanted to help out with the pool, though. I ended up adding a few dummynet [baylor.edu] pipes with random delays from 0 to 30 seconds and various probabilities of being used, and maintained a manual blacklist of abusive clients wh

  • Is anyone publishing a minimal NTP server VM image?

    What would be required for a bare bones NTP server? It seems like a light weight, low-impact service
    - A device that runs linux
    - A device that has a wired network port
    - A device that has a USB and serial port (for integrating with hardware clocks/GPS)
    - Low power (possibly PoE)

    We're talking on the order of MB of storage and memory. Something that can be plugged in near a window and forgotten for years.

    • You don't run an NTP server in a VM. NTP servers need realtime (or as close as possible on a non-RTOS) access to the clock and network, and no matter much you jack up the priority of your NTP server VM, it's not going to be stable enough for anyone to bother using it. This is why e.g. VMWare ESX run an internal ntp daemon that the VMs can sync to, which itself syncs to the ntp pool.
  • by Anonymous Coward

    Real Americans pay for the time and don't rely on handouts.

  • You should set up a local router for your local machines to use as an NTP server and tell your DHCP to tell your hosts which NTP server to use. Just watch out when the router reboots since it may have no idea what time it is.

    5 years ago I wrote a script that does a traceroute and then finds out of the hosts support NTP.
    Its the bottom of my text on NTP Info page [abnormal.com]

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...