For years now I’ve had a problem that for some reason my NTP servers work fine via one Internet provider but not the other one. So my guess is that somewhere between the monitoring station and my servers port 123 is being blocked. Right now I set up 2 servers for testing, one works the other does not, both can be reached by the monitoring station just fine:
But if I try to add the second one to the pool I get
200.59.20.230
Could not check NTP status
So, I need help sorting this out, I need to pinpoint the problem so whoever is responsible can fix it. If anyone has an idea how to find the problem, please let me now. Thanks
I checked NTP reachability from a couple of my clients. NTP worked for the client hosted on Comcast, but did not for the client hosted on AT&T. I checked traceroute (mtr).
It is important to probe using multiple UDP destination ports, in particular NTP (UDP port 123) and some other UDP port.
NOTE: mtr and traceroute options may vary.
I used:
mtr -n --udp -P 123 200.59.20.230
and
mtr -n --udp -P 124 200.59.20.230
The results showed blockage, but some nodes did not respond to traceroute. (I sent the details to Profile - jfrater - NTP Pool Project).
Next I logged onto monsjc2, the NTP Pool monitor and ran the same commands and also emailed the full traceroute to jfrater . To highlight the difference.
AT&T doesn’t always block 123 it seems to happen when “congestion” rules are put into place. Overnight I can have a perfect 20 then at 5:50 am the monitor can’t reach me. It varies over the day and also varies over the weekend. I also see the congestion rules come into play where they have blocked 5xxx port ranges and I cannot access my NAS services from the public internet.
I’m seeing the same issue it appears on my NTP server. It started about 24 hours ago. The monitoring stations fail sometimes and I have been removed from the pool. I called my ISP and they don’t block or use any congestion rules. I have checked from some external locations and everything looks good. I have checked everything on my end… router, switches, tried different NTP servers on my LAN etc… ntpsec or ntp, it doesn’t matter. My IP is: 68.69.165.2 (time.nc7j.com). If someone would like to take a peek on your end. Below is a image showing the start time of the problem yesterday. mg
Maybe your ISP is blocking the NTP Pool Monitoring IP’s because they ratelimited it in a way ?
Is that a dedicated server or which device is that?
Home Hosted?
Hi, I block ICMP packets at the router. The isp doesn’t block any traffic or have any traffic / load rules in place… called and checked.
This is a static ip with a valid reverse dns host name I own. Nc7j.com
I host some simple websites, I.e www.syracuseutweather.com you should be able to access that site. I also host some telnet related hobby endpoints and have dozens of i users connected 24x7. No issues with those users.
I even disabled my firehouse IPsec bad actor IPsec list blocking. No difference.
Still scratching my head. A lot of the request coming in on port 123 work fine. Some ntp pool monitors are succeeding. Try the ntp server test. Sometimes I get 3 successful tests and sometimes a few succeed and others fail.
Well, I’m back in the pool but I have never seen a 20 score on a server with a monitoring graph that looks like this. Clearly, IP routes from some of the monitors are not making to me and everything is fine on my side. FWIW, here are the ntpviz reports for the last 24 hours on the ntp server I’m using (one of 5 ) http://time.nc7j.com/ mg
Hi Ask, yes… I have no idea why. I did drop the bandwidth use down. I have been out of town off the grid for 5 days now. I’ll bump up the bandwidth and see if anything changes. mg
Clearly, IP routes from some of the monitors are not making to me and everything is fine on my side. FWIW, here are the ntpviz reports for the last 24 hours on the ntp server I’m using (one of 5 
) 