[c-nsp] IOS-XR Vs. NTP in a duel to the death.

Tue Nov 2 08:02:27 EDT 2021

To answer your question:

ntpd 4.2.6p5 on RHEL 7.

I think what I have learned most of all in 2021 is that I don't really like any of Cisco's operating systems very much.

Thanks,
-Drew

-----Original Message-----
From: Julien Goodwin <jgoodwin at studio442.com.au> 
Sent: Tuesday, November 2, 2021 4:04 AM
To: Drew Weaver <drew.weaver at thenap.com>; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] IOS-XR Vs. NTP in a duel to the death.

On 2/11/21 2:01 am, Drew Weaver wrote:
> Okay so I've been trying to figure out exactly what IOS XR has a problem with regarding our internal NTP servers.
> 
> I was seeing things like this:
> 
> RP/0/RSP0/CPU0:Oct 31 15:18:37.422 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->3.
> RP/0/RSP0/CPU0:Oct 31 15:34:14.370 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 3->2.
> RP/0/RSP0/CPU0:Oct 31 16:09:25.511 EDT: ntpd[263]: 
> %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 192.168.123.6 : System clock selection failed RP/0/RSP0/CPU0:Oct 31 16:09:25.511 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->3.
> RP/0/RSP0/CPU0:Oct 31 16:30:30.792 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 3->2.
> RP/0/RSP0/CPU0:Oct 31 16:43:10.566 EDT: ntpd[263]: 
> %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 192.168.123.6 : System clock selection failed RP/0/RSP0/CPU0:Oct 31 16:43:10.566 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->3.
> RP/0/RSP0/CPU0:Oct 31 20:35:05.657 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 3->2.
> RP/0/RSP0/CPU0:Oct 31 21:10:08.789 EDT: ntpd[263]: 
> %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 192.168.123.6 : System clock selection failed RP/0/RSP0/CPU0:Oct 31 21:10:08.789 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->3.
> RP/0/RSP0/CPU0:Oct 31 21:45:00.912 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 3->2.
> RP/0/RSP0/CPU0:Oct 31 22:04:17.083 EDT: ntpd[263]: 
> %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 192.168.123.6 : System clock selection failed RP/0/RSP0/CPU0:Oct 31 22:04:17.083 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_LOST : High priority NTP peer connection lost - Stratum 2->3.
> RP/0/RSP0/CPU0:Oct 31 22:19:58.036 EDT: ntpd[263]: %IP-IP_NTP-5-HP_CONN_RECOVERED : High priority NTP peer connection recovered - Stratum 3->2.
> RP/0/RSP0/CPU0:Oct 31 22:51:33.959 EDT: ntpd[263]: 
> %IP-IP_NTP-5-SYNC_LOSS : Synchronization lost : 192.168.123.6 : System 
> clock selection failed
> 
> I did some research and Cisco states that the error means what it says: It can't keep the clock synced with the configured NTP server.
> 
> So I created 5 more NTP servers and configured it to use all 6 of them.
> 
> It is actually now having sync issues MORE often.
> 
> I am considering just suppressing the logs for this particular type of log message but before I do that, has anyone ever actually figured out what problem IOS XR has with standards compliant and fully functional NTP servers?
> 
> Is there a special way that you have to configure ntpd on a linux host to get this to.. stop?

*which* NTPd?

The classic ntpd, the ntpsec fork, or something else?

I don't happen to have the full details to hand, but one OS upgrade (classic, IIRC) ntpd stopped talking to (at least some of) the various NTP-synced analog clocks I have, I ended up reducing the restrict on them and things were much happier.

From a config file archive the relevant part of ntp.conf:

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited restrict -6 default kod notrap nomodify nopeer noquery limited

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Don't rate limit local subnet, NTP clock is a bad actor restrict 10.0.0.0 mask 255.255.255.0 notrap nomodify nopeer