I'm trying to get ntp multicast client working on some redhat 5 boxes
downsec of an ASA firewall. The ntp servers are on the inside interface of
the ASA, and the ASA is configured to pass the multicast. I have ntp
authentication disabled until I get it all working. iptables is not active
on the redhat client boxes right now either. Everything's set to ACCEPT.
The ciscos I have on the downsec side of the ASA are all recieving the
multicast ntp and synced up.
The interfaces on the two redhat boxes are recieving the multicasts:
web1 $ sudo tcpdump -i eth0 multicast | grep ntp
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:17:49.456644 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
14:18:52.455535 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
14:19:58.455226 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
web2 $ sudo tcpdump -i eth0 multicast | grep ntp
Password:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
14:23:25.982260 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
14:24:28.981840 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
14:25:34.982254 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
14:26:38.983106 IP dca1.ntp > 224.0.1.1.ntp: NTPv4, Broadcast, length 48
------------------------------
but, even after a couple of days now, ntpd on the redhat boxes are not
seeing the multicasts, much less syncing to them:
web1 $ sudo ntpq -p
Password:
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 9 64 377 0.000 0.000 0.001
$
web2 $ sudo ntpq -p
Password:
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 46 64 377 0.000 0.000 0.001
$
------------------------------
here's the /etc/ntp.conf on the boxes (comments stripped):
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
disable auth
multicastclient 224.0.1.1 # multicast client
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10 # force local stratum
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
logfile /var/log/ntpd.log
------------------------------
/var/log/ntpd.log
2 Nov 14:22:39 ntpd[13426]: logging to file /var/log/ntpd.log
2 Nov 14:22:39 ntpd[13426]: set_process_priority: Leave priority
alone: priority_done is <2>
2 Nov 14:22:39 ntpd[13426]: precision = 1.000 usec
2 Nov 14:22:39 ntpd[13426]: ntp_io: estimated max descriptors: 1024,
initial socket boundary: 16
2 Nov 14:22:39 ntpd[13426]: Listening on interface wildcard,
0.0.0.0#123 Disabled
2 Nov 14:22:39 ntpd[13426]: Listening on interface wildcard, ::#123 Disabled
2 Nov 14:22:39 ntpd[13426]: Listening on interface lo, ::1#123 Enabled
2 Nov 14:22:39 ntpd[13426]: Listening on interface eth0,
fe80::21a:64ff:fec3:c11e#123 Enabled
2 Nov 14:22:39 ntpd[13426]: Listening on interface lo, 127.0.0.1#123 Enabled
2 Nov 14:22:39 ntpd[13426]: Listening on interface eth0,
172.31.92.30#123 Enabled
2 Nov 14:22:39 ntpd[13426]: kernel time sync status 0040
2 Nov 14:22:39 ntpd[13426]: Added Multicast Listener 224.0.1.1 on
interface 6 <---
2 Nov 14:22:39 ntpd[13426]: frequency initialized 0.000 PPM from
/var/lib/ntp/drift
2 Nov 14:25:53 ntpd[13426]: synchronized to LOCAL(0), stratum 10
2 Nov 14:25:53 ntpd[13426]: kernel time sync enabled 0001
------------------------------
So, as I'm reading the above, the multicasts are coming in the nic. The
ntpd client is listening, but nothing is happening. I'm open to suggestions
as to what's going on, or something to try.
PS, one fedoraforum post suggested a '-m' was needed in the OPTIONS in the
options line in /etc/sysconfig/ntpd, but when I tried that ntpd generated
an error on restart. Plus the '-m' didn't show up in man ntpd, so I removed
it.
redhat <http://serverfault.com/questions/tagged/redhat>
ntp<http://serverfault.com/questions/tagged/ntp>
multicast <http://serverfault.com/questions/tagged/multicast>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Nov 4 13:01:09 2011
This archive was generated by hypermail 2.1.8 : Fri Nov 04 2011 - 13:01:09 AKDT