Recent NTP pool traffic increase

Gary E. Miller gem at rellim.com
Sun Dec 18 01:54:55 UTC 2016


Yo All!

Someone on nanog was reporrting on the new NTP mystery.  He suggested
doing a dump similar to this:

# tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"

And I do indeed get odd results.  Some on my local network...

This is from a chronyd host to an ntpsec host.  I monitor them both
continuously and both seem to be keeping good time.

17:36:11.369329 IP (tos 0x0, ttl 64, id 21405, offset 0, flags [DF], proto UDP (
17), length 76)
    204.17.205.7.50937 > 204.17.205.27.123: [udp sum ok] NTPv4, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecifi
ed), poll 6 (64s), precision 32
        Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 3691013707.207257069 (2016/12/17 17:35:07)
          Receive Timestamp:    276521666.321684728 (2044/11/11 10:02:42)
          Transmit Timestamp:   3684123061.899235956 (2016/09/29 00:31:01)
            Originator - Receive Timestamp:  +880475255.114427658
            Originator - Transmit Timestamp: -6890645.308021113

That 'Receive Timestamp' is strange.

Here is another one from the same chronyd host, to another ntpsec host:

17:36:23.395415 IP (tos 0x0, ttl 64, id 3599, offset 0, flags [DF], proto UDP (1
7), length 76)
    204.17.205.7.33551 > 204.17.205.1.123: [udp sum ok] NTPv4, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecifi
ed), poll 6 (64s), precision 32
        Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 3691013718.824150890 (2016/12/17 17:35:18)
          Receive Timestamp:    1779216017.648483479 (2092/06/24 18:08:33)
          Transmit Timestamp:   1405803137.064633429 (2080/08/24 20:20:33)
            Originator - Receive Timestamp:  -1911797701.175667410
            Originator - Transmit Timestamp: +2009756714.240482539

Note both the 'Receive Timestamp' and 'Transmit Timestamp' are both strange.

All three hosts have GPS for local time.

Here is one from a laptop, running chrony, that has not GPS:

17:36:52.643814 IP (tos 0x0, ttl 64, id 24624, offset 0, flags [DF], proto UDP (
17), length 76)
    204.17.205.21.41485 > 204.17.205.8.123: [udp sum ok] NTPv4, length 48
        Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 6 (64s), pre
cision 32
        Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 3691013747.797479298 (2016/12/17 17:35:47)
          Receive Timestamp:    317494016.811980062 (2046/02/28 15:15:12)
          Transmit Timestamp:   127487236.597620268 (2040/02/21 11:35:32)
            Originator - Receive Timestamp:  +921447565.014500764
            Originator - Transmit Timestamp: +731440784.800140969

I have only seen this oddity from chronyd hosts...



RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20161217/4c756663/attachment.pgp>


More information about the NANOG mailing list