[f-nsp] NTP panic mode on NetIron

i3D.net - Martijn Schmidt martijnschmidt at i3d.net
Tue Jan 12 18:03:41 EST 2016


Hi all,

This is indeed related to a clock drift which is too high from the one
provided by the NTP server. The correct process to clear this error is
to de-configure all NTP servers on the device, manually adjust the clock
with "clock set" to a point which is fairly accurate - give or take a
few minutes - and then enter your NTP servers back into the config. We
haven't had to remove the timezone / summer-time settings to fix this
issue when we encountered it in the past.

Best regards,
Martijn Schmidt
i3D.net

On 01/12/2016 09:50 PM, Brian Rak wrote:
> If it's anything like the reference NTP client, it'll only do that big
> jump at startup.  The theory is that after the initial sync your clock
> should remain fairly accurate and if it's wildly different this is a
> sign that something is terribly wrong (and that adjusting the clock
> could make it worse)
>
> From the ntpd service manual:
> Normally, ntpd exits if the offset exceeds the sanity limit, which is
> 1000 s by default. If the sanity limit is set to zero, no sanity
> checking is performed and any offset is acceptable. This option
> overrides the limit and allows the time to be set to any value without
> restriction; however, this can happen only once. After that, ntpd will
> exit if the limit is exceeded. This option can be used with the -q
> option.
>
> The output from the NetIron 'show ntp' commands is pretty much
> identical to the linux output, making me think it's just the standard
> client there.
>
> On 1/12/2016 3:32 PM, Frank Bulk wrote:
>> Thanks.  The router was in sync (at one time) and there are five NT
>> servers listed, so as long as three of them agree, you would think
>> that no matter the time gap, it would sync anyways.
>>
>> Frank
>>
>> -----Original Message-----
>> From: Jake Mertel [mailto:jake.mertel at ubiquityhosting.com]
>> Sent: Tuesday, January 12, 2016 2:28 PM
>> To: Frank Bulk <frnkblk at iname.com>
>> Cc: <foundry-nsp at puck.nether.net> <foundry-nsp at puck.nether.net>
>> Subject: Re: [f-nsp] NTP panic mode on NetIron
>>
>> Or maybe that's not right at all. Cisco docs relating to this feature
>> on IOS @
>> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-cr-book/bsm-cr-n1.html
>> suggest that it's a form of a sanity check that kicks in when the
>> device's time is more then 1000 seconds off from whatever time it is
>> getting from the NTP server. Suggests that it would enter this state
>> when device time = X and NTP server time <||> X(+||-)1000.
>>
>>
>> -- 
>> Regards,
>>
>> Jake Mertel
>> Ubiquity Hosting
>>
>>
>>
>> Web: https://www.ubiquityhosting.com
>> Phone (direct): 1-480-478-1510
>> Mail: 5350 East High Street, Suite 300, Phoenix, AZ 85054
>>
>>
>>
>> On Tue, Jan 12, 2016 at 1:25 PM, Jake Mertel
>> <jake.mertel at ubiquityhosting.com> wrote:
>>> There does not seem to be much documentation on what this
>>> feature/conditions means. Totally guessing after some Googling around,
>>> I think I understand panic mode to be a condition caused by the
>>> devices inability to sync with a server via NTP. I think that when the
>>> device enters this state, it increases the frequency with which it
>>> will attempt to sync to an upstream NTP server. But again, a total
>>> guess.
>>>
>>>
>>> -- 
>>> Regards,
>>>
>>> Jake Mertel
>>> Ubiquity Hosting
>>>
>>>
>>>
>>> Web: https://www.ubiquityhosting.com
>>> Phone (direct): 1-480-478-1510
>>> Mail: 5350 East High Street, Suite 300, Phoenix, AZ 85054
>>>
>>>
>>>
>>> On Tue, Jan 12, 2016 at 1:17 PM, Frank Bulk <frnkblk at iname.com> wrote:
>>>> http://www1.brocade.com/downloads/documents/html_product_manuals/NI_05300a_D
>>>>
>>>> IAG/wwhelp/wwhimpl/common/html/wwhelp.htm#href=Security_diagnostics.11.12.ht
>>>>
>>>> ml&single=true
>>>>
>>>> Is this "panic" something that's a bug and will be fixed, or is it
>>>> a feature
>>>> with a silver lining I'm not aware of?
>>>>
>>>> Frank
>>>>
>>>> _______________________________________________
>>>> foundry-nsp mailing list
>>>> foundry-nsp at puck.nether.net
>>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp at puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp




More information about the foundry-nsp mailing list