I just started hosting an NTP server in the pool and I can’t seem to keep its score above 10, any ideas?
The only thing I can see is that the monitor named “every” times out
Thanks for this example @wylie39. I’d have expected the selector process to pick different monitors to find some that works better.
At a glance in the logs it seems like all the monitors have erratic enough results that the system can’t get consensus on some that works.
It might be worth checking if you have a firewall or iptables type setup that’s trying to keep state of all the NTP “sessions” and running out of space.
Welcome, wylie39, and thanks for volunteering your server for NTP service. I added your IP address to my local GPS/PPS ntpd with maxpoll 6 to see how it fares several hours ago:
remote refid st t when poll reach delay offset jitter
==============================================================================
o127.127.22.4 .PPS. 0 l 11 16 377 0.000 +0.023 0.012
+71.162.136.44 208.90.144.53 3 u 130 64 16 11.591 +0.597 0.582
It appears from my vantage (96.9.224.210) I’m only seeing responses to a fraction of the polls. The ideal “reach” value is 377 representing all 8 recent polls got a response. The value 16 (octal) indicates only 3 of the last 8 queries got responses.
I hope Ask’s suggestion to check for stateful firewalling misbehaving leads you to a solution.
I ran my usual traceroute with UDP-dst = 123 and UDP-dst=37 from a server in London.
I believe there is a port-specific block somewhere on the path.
Unfortunately a number of hops do not participate in traceroute. First column is # replies
This is what port 123 probes show.
8 4 ICMP:TTL 138.197.251.142
8 5 ICMP:TTL 83.231.181.121
8 6 ICMP:TTL 129.250.4.250
7 7 ICMP:TTL 129.250.3.190
8 9 ICMP:TTL 129.250.3.244
10 noresponse
11 noresponse
12 noresponse
4 13 71.162.136.44 (NTP server)
Port 37 probes should no losses at the NTP server.
Wylie, try doing a traceroute from your NTP server to 178.62.9.15.
You won’t get a response, but the results may indicate which ASN is doing rate limiting.
[Zayo and Telia are two common culprits]