Hi,
I appear to be having an issue when trying to bind to an interface with
NTP. I have three NIC's all on different IP ranges two of which are
globally routable (only using ipv4 here). I ideally want NTP to listen on
just one IP and send all it's queries to servers from this IP.
I'm running 4.2.4p4 from debian stable package and used the -I command to
specify that NTP should listen only on eth0. This seems to work
succesfully, but it does bind to all IP's on that interface. I can live
with that for now. The IP I want to use is not the primary IP on that
interface, but its not a sub interface (I'm using iproute2 to add the
IP's to interfaces).
ntp command line options I have specified are: -g -I eth0
On starting I see the following:
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #0 wildcard,
0.0.0.0#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #1 wildcard,
::#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #2 lo, ::1#123
Enabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #3 eth2,
fe80::21b:xx:xx:9a9#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #4 eth1,
fe80::223:xx:xx:8eb4#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #5 eth0,
fe80::223:xx:xx:8eb0#123 Enabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #6 lo,
127.0.0.1#123 Enabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #7 eth2,
xx.xx.12.34#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #8 eth2,
xx.xx.12.40#123 Disabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #9 eth0,
xx.xx.111.2#123 Enabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #10 eth0,
xx.xx.111.7#123 Enabled
Jun 24 01:39:45 server ntpd[30049]: Listening on interface #11 eth1,
xx.xx.20.3#123 Disabled
I have three servers configured in my ntp.conf and my ntp config consists
of the following (comments removed):
-----
driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server xx.xx.96.7
server xx.xx.110.3
server xx.xx.111.3
restrict -4 default kod notrap nomodify nopeer
restrict -6 default kod notrap nomodify nopeer
restrict 127.0.0.1
restrict ::1
-----
The last of those servers that I query (111.3) is in the same subnet as
the client here, the other two are not.
The logs then show:
Jun 24 01:45:09 server ntpd[30119]: Cannot find existing interface for address
xx.xx.96.7
Jun 24 01:45:09 server ntpd[30119]: configuration of xx.xx.96.7 failed
Jun 24 01:45:09 server ntpd[30119]: Cannot find existing interface for address
xx.xx.110.3
Jun 24 01:45:09 server ntpd[30119]: configuration of xx.xx.110.3 failed
Jun 24 01:48:26 server ntpd[30119]: synchronized to xx.xx.111.3, stratum 2
So it has only synchronized to the server that is in the same subnet. I
can ping and send traffic to all the ntp servers fine. I have tried with
other servers also but it seems to only want to send traffic to things in
the same subnet. Sniffing traffic indicates that it doesn't even try and
send data out to the other IP's. Default gateway is correctly configured
and works.
As this box is multihomed, I am using multiple routing tables and ip rules
to match source address to define which routing table to use. This works
perfectly fine for everything other than NTP. In anycase, each table has a
default gateway that would work should it try to use it. I'm not convinced
this is interfering though as NTP doesn't try and send data out to these
other IP's.
If I add a static route in the default routing table to one of the
non-local subnets with a valid gateway, NTP is then able to reach this
host. This routing table is irrelevant to NTP however.
To me, the humble ntp-lay-person it seems that NTP is trying to decide on
how to route packets and failing. Surely this is not NTP's job but up to
the kernel which would do it succesfully.
It is not correct that you should have to add a static route in the
default routing table (which it shouldn't even be using) for ntp to be
able to query each server.
I have also tried using 4.2.6p1 from debian testing and it seems to suffer
the same problem, although it doesn't output the "Cannot find existing
interface for address" error.
Am I missing something obvious here?
Thanks,
john
_______________________________________________
questions mailing list
[email protected]
http://lists.ntp.org/listinfo/questions
