NTP Sync Issue Across Tata (Europe)
Giovane C. M. Moura
giovane.moura at sidn.nl
Mon Aug 7 09:04:10 UTC 2023
Hi Mark,
> I have NTP servers in Europe that are choosing Tata (6453) to get to
> 0.freebsd.pool.ntp.org which lives on 197.224.66.40:
>
>
> NTP is not sync'ing to that address, and sessions stay in an Init
> state.
TL;DR: I'd guess your NTP Server IP address is geolocated to Mauritius.
The Mauritius zone[0] on the pool has only one server, so you'll only
see this one. To fix it, use europe.pool.ntp.org (_do not_ use
pool.ntp.org).
Longer answer:
NTP pool folks use GeoDNS[1], which is their DNS server to map clients
to servers.
The `0.freebsd.pool.ntp.org` name is just an alias for them -- what they
really do is this:
* Get geolocation_data(client_IP_address): <country, continent>
* check country subzone in NTP pool (e.g, nl.pool.ntp.org [2]):
* If there are >=1 servers in the zone, return (up to) 4 or them
* If there is one, then return just one (this is a _known issue_)
* if there is none, then fall back to the continent zone (Europe[3])
I've seen the same issue before with Guernsey clients (only one server).
We have contact the pool operators and they are working now on a new
GeoDNS version to prevent this from happening [4]
More details in [5].
In short, change your ntp configuration; the issue you have is that
despite having 4k servers on the Pool, this strict GeoDNS mapping
prevents you from accessing the other servers just bc of your IP
address. The reasoning is to prevent asymmetric routing [4], but they
are working on a fix to prevent these scenarios.
/giovane
[0] https://www.ntppool.org/zone/mu
[1] https://github.com/abh/geodns
[2] https://www.ntppool.org/zone/nl
[3] https://www.ntppool.org/zone/europe
[4] https://community.ntppool.org/t/minor-new-features-on-the-website/2947/8
[5]
https://www.sidnlabs.nl/downloads/5aPx86UtFmvKs6WE3LHwbU/c6acce6a012fe07256bab8caefff54af/Diving_into_the_NTP_Pool.pdf
More information about the NANOG
mailing list