[f-nsp] NTP panic mode on NetIron

Frank Bulk frnkblk at iname.com
Tue Jan 12 15:53:13 EST 2016 

Thanks for your detailed response.  My guess is that when a mgmt. VRF was
set up (and we lost mgmt. access) on our router the NTP client lost track of
time, to the tune of 1000+ seconds, at which point when the mgmt. VRF issue
was resolved, it never auto-restored NTP sync.

Frank

-----Original Message-----
From: Brian Rak [mailto:brak at gameservers.com] 
Sent: Tuesday, January 12, 2016 2:50 PM
To: Frank Bulk <frnkblk at iname.com>
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] NTP panic mode on NetIron

If it's anything like the reference NTP client, it'll only do that big 
jump at startup.  The theory is that after the initial sync your clock 
should remain fairly accurate and if it's wildly different this is a 
sign that something is terribly wrong (and that adjusting the clock 
could make it worse)

 From the ntpd service manual:
Normally, ntpd exits if the offset exceeds the sanity limit, which is 
1000 s by default. If the sanity limit is set to zero, no sanity 
checking is performed and any offset is acceptable. This option 
overrides the limit and allows the time to be set to any value without 
restriction; however, this can happen only once. After that, ntpd will 
exit if the limit is exceeded. This option can be used with the -q option.

The output from the NetIron 'show ntp' commands is pretty much identical 
to the linux output, making me think it's just the standard client there.

On 1/12/2016 3:32 PM, Frank Bulk wrote:
> Thanks.  The router was in sync (at one time) and there are five NT
servers listed, so as long as three of them agree, you would think that no
matter the time gap, it would sync anyways.
>
> Frank
>
> -----Original Message-----
> From: Jake Mertel [mailto:jake.mertel at ubiquityhosting.com]
> Sent: Tuesday, January 12, 2016 2:28 PM
> To: Frank Bulk <frnkblk at iname.com>
> Cc: <foundry-nsp at puck.nether.net> <foundry-nsp at puck.nether.net>
> Subject: Re: [f-nsp] NTP panic mode on NetIron
>
> Or maybe that's not right at all. Cisco docs relating to this feature
> on IOS @
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-cr-book/bsm
-cr-n1.html
> suggest that it's a form of a sanity check that kicks in when the
> device's time is more then 1000 seconds off from whatever time it is
> getting from the NTP server. Suggests that it would enter this state
> when device time = X and NTP server time <||> X(+||-)1000.
>
>
> --
> Regards,
>
> Jake Mertel
> Ubiquity Hosting
>
>
>
> Web: https://www.ubiquityhosting.com
> Phone (direct): 1-480-478-1510
> Mail: 5350 East High Street, Suite 300, Phoenix, AZ 85054
>
>
>
> On Tue, Jan 12, 2016 at 1:25 PM, Jake Mertel
> <jake.mertel at ubiquityhosting.com> wrote:
>> There does not seem to be much documentation on what this
>> feature/conditions means. Totally guessing after some Googling around,
>> I think I understand panic mode to be a condition caused by the
>> devices inability to sync with a server via NTP. I think that when the
>> device enters this state, it increases the frequency with which it
>> will attempt to sync to an upstream NTP server. But again, a total
>> guess.
>>
>>
>> --
>> Regards,
>>
>> Jake Mertel
>> Ubiquity Hosting
>>
>>
>>
>> Web: https://www.ubiquityhosting.com
>> Phone (direct): 1-480-478-1510
>> Mail: 5350 East High Street, Suite 300, Phoenix, AZ 85054
>>
>>
>>
>> On Tue, Jan 12, 2016 at 1:17 PM, Frank Bulk <frnkblk at iname.com> wrote:
>>>
http://www1.brocade.com/downloads/documents/html_product_manuals/NI_05300a_D
>>>
IAG/wwhelp/wwhimpl/common/html/wwhelp.htm#href=Security_diagnostics.11.12.ht
>>> ml&single=true
>>>
>>> Is this "panic" something that's a bug and will be fixed, or is it a
feature
>>> with a silver lining I'm not aware of?
>>>
>>> Frank
>>>
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list