[outages] NTP Issues Today
Oddone, Ernesto
Ernesto.Oddone at fmc-law.com
Tue Nov 20 10:45:56 EST 2012
>From my core:
Nov 19 14:22:16.062 MST: %SYS-6-CLOCKUPDATE: System clock has been updated from 14:22:16 MST Mon Nov 19 2012 to 14:22:16 MST Sun Nov 19 2000, configured from NTP by 192.5.41.40.
Regards,
Ernesto Oddone
This message and any attachments are intended only for the addressee(s) and may contain privileged or confidential information. Any unauthorized disclosure is strictly prohibited. If you have received this message in error, please notify us immediately so that we may correct our internal records. Please then permanently delete the original message and any attachments and destroy any copies. Thank you.
-----Original Message-----
From: outages-bounces at outages.org [mailto:outages-bounces at outages.org] On Behalf Of Jeremy Chadwick
Sent: Tuesday, November 20, 2012 10:38 AM
To: Scott Voll
Cc: Sid Rao; outages; nanog at nanog.org
Subject: Re: [outages] NTP Issues Today
I'm still waiting for someone who was affected by this to provide coherent logs from ntpd showing exactly when the time change happened.
Getting these, at least on an *IX system, is far from difficult folks.
Please don't omit anything from the logs either; for example if you know
*exactly* what NTP servers were in use (not "ones you had configured"
but which one was primarily chosen by ntpd ('*' mark) and which were secondary comparisons/fallbacks ('+' mark)), that would also be greatly helpful. This would be output from "ntpq -c peers" when run on your NTP server *at or around the time* the incident happened and recovered.
What's been provided so far is that "something happened", with reports of clocks going back to year 2000, and other reports of clocks going back to (presumably) epoch time; those reporting it were using either usno.navy.mil, NIST, or Microsoft NTP servers. usno.navy.mil uses dedicated IRIG/AFNOR TCRs boxes, while NIST uses GPS. No idea what Microsoft uses.
I asked on a public *IX forum if anyone saw anything NTP-wise that was out of the ordinary and not a single admin saw anything. I also saw nothing anomalous on either of my FreeBSD machines (9.1-PRERELEASE, running base system ntpd 4.2.4p8), but I sync with very specific stratum
1 and stratum 2 servers across the United States.
As Mark Andrews from the ISC stated below (read slowly/carefully), ntpd will not allow large clock jumps -- the largest it'll allow out of the box is 1000s (and on some systems like Solaris ntpd, 500s) -- unless you're running with the -g flag (and shame on if you're you doing that).
So I'm very surprised by this problem altogether. Can't deny what happened did, but figuring out *why* is important.
Also, for Mike Lyon -- I looked at NIST's GPS graphs. Did you notice they have no data for 11/18, 11/19, or 11/20? I find that unnerving, do you not?
--
| Jeremy Chadwick jdc at koitsu.org |
| UNIX Systems Administrator http://jdc.koitsu.org/ |
| Mountain View, CA, US |
| Making life hard for others since 1977. PGP 4BD6C0CB |
On Tue, Nov 20, 2012 at 07:18:45AM -0800, Scott Voll wrote:
> Same thing happened to us yesterday. ended up having to reboot
> everything after we got time fixed. Major outage.
>
> Scott
>
>
> On Mon, Nov 19, 2012 at 7:58 PM, Sid Rao <srao at ctigroup.com> wrote:
>
> > We had multiple servers synchronized with Windows/MS time change
> > their clock to the year 2000 today. It broke many things, including
> > AD authentication.
> >
> > These servers had been properly synchronized for years.
> >
> > They were synchronized with Microsoft and NIST NTP servers.
> >
> > This may not be isolated.
> >
> > Sid Rao | CTI Group | +1 (317) 262-4677
> >
> > On Nov 19, 2012, at 10:29 PM, "George Herbert"
> > <george.herbert at gmail.com>
> > wrote:
> >
> > > crossreplying to outages list.
> > >
> > > Is anyone ELSE seeing GPS issues? This could well have been an
> > > unrelated issue on that particular PBX.
> > >
> > > If this was real, then the mother of all infrastructure attacks
> > > might be underway...
> > >
> > > One glitch on tick and tock and one malfunctioning PBX is not
> > > sufficient evidence of pattern - much less hostile activity - to
> > > induce panic, but it would perhaps be a wise time to check
> > > time-related logs?
> > >
> > >
> > > -george
> > >
> > > On Mon, Nov 19, 2012 at 6:08 PM, Wallace Keith
> > > <kwallace at pcconnection.com> wrote:
> > >> Just got paged with a pbx alarm that had 1970 as the year. By the
> > >> time
> > I logged in , it was showing 2012. Using GPS for time and date.
> > >>
> > >> -----Original Message-----
> > >> From: Mark Andrews [mailto:marka at isc.org]
> > >> Sent: Monday, November 19, 2012 8:42 PM
> > >> To: Van Wolfe
> > >> Cc: nanog at nanog.org
> > >> Subject: Re: NTP Issues Today
> > >>
> > >>
> > >> In message <
> > CAMeggd4cDQwhxQE_JbvpNR-PKKe9LXqA+KzJ97anHFonjwZhdQ at mail.gmail.com>
> > >> , Van Wolfe writes:
> > >>> Hello,
> > >>>
> > >>> Did anyone else experience issues with NTP today? We had our
> > >>> server times update to the year 2000 at around 3:30 MT, then
> > >>> revert back to
> > 2012.
> > >>>
> > >>> Thanks,
> > >>> Van
> > >>
> > >> NTP should be immune from this sort of behaviour unless you did a
> > ntpdate at the wrong moment. The clocks should have been marked as insane.
> > >>
> > >> Mark
> > >> --
> > >> Mark Andrews, ISC
> > >> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > >> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > -george william herbert
> > > george.herbert at gmail.com
> > >
> > >
> >
> >
> > _______________________________________________
> > Outages mailing list
> > Outages at outages.org
> > https://puck.nether.net/mailman/listinfo/outages
> >
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages mailing list
Outages at outages.org
https://puck.nether.net/mailman/listinfo/outages
More information about the Outages
mailing list