[ntp:questions] NTP Servers in virtual machines
Hi, Why are NTP Servers running on virtualized hardware (vmware) unsuitable to serve time to clients? I've read this statement several times but can't find a good motivation. I've searched the official documentation, FAQ, the NTP support wiki, this news group, google search. I found this in the support wiki but it seems outdated: NTP server was not designed to run inside of a virtual machine. It requires a high resolution system clock, with response times to clock interrupts that are serviced with a high level of accuracy. As kernels are tickles nowadays response times to clock interrupts and (interrupt backlogs) do not seem to be relevant anymore. Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
Rob Heemskerk wrote: Hi, Why are NTP Servers running on virtualized hardware (vmware) unsuitable to serve time to clients? I've read this statement several times but can't find a good motivation. I've searched the official documentation, FAQ, the NTP support wiki, this news group, google search. I found this in the support wiki but it seems outdated: NTP server was not designed to run inside of a virtual machine. It requires a high resolution system clock, with response times to clock interrupts that are serviced with a high level of accuracy. As kernels are tickles nowadays response times to clock interrupts and (interrupt backlogs) do not seem to be relevant anymore. Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? This depends totally upon your required accuracy/precision! A dedicated box, which can even be an extremely old (1995?) Pentium box, will be capable of ~1 us rms offset from true UTC, as long as it has a local GPS/PPS refclock. OTOH, if all your sources are network clocks and you only want/need 10 ms precision, then any HyperV/VMware/Xen installation would probably suffice. Terje -- - Terje.Mathisen at tmsw.no almost all programming can be viewed as an exercise in caching ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
On 23/06/14 12:03, Rob Heemskerk wrote: As kernels are tickles nowadays response times to clock interrupts and (interrupt backlogs) do not seem to be relevant anymore. Tickless kernels still use clock interrupts; they just schedule them only when actually needed. In fact they can make it worse, in that they can tweak the timing so as to aggregate several wakeups. Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? No. Normal virtualised machines are not intended for hard realtime applications. Also, the host clock can and should be disciplined using NTP, so there is a risk double correction. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
On Mon, Jun 23, 2014 at 12:28:53PM +0100, David Woolley wrote: On 23/06/14 12:03, Rob Heemskerk wrote: Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? No. Normal virtualised machines are not intended for hard realtime applications. Also, the host clock can and should be disciplined using NTP, so there is a risk double correction. I think it all depends on the VM implementation and what clocksource is used in the guest. If the guest is using tsc (i.e. its frequency is independent of the host clock), it will need to run its own NTP client. If the guest's clock is locked to the host's system clock, there still may be a static offset between them and an NTP client (possibly using the host as the NTP server) can be used to correct the offset. -- Miroslav Lichvar ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
Agree wholeheartedly. One other consideration to take into account. Despite the promise of 6 nines uptime for general purpose servers, they get rebooted more much frequently than dedicated NTP servers, and unless you are relying on internet resources for upper stratum, then the optimal redundancy is likely to cost you much more than dedicated hardware. Le 23 juin 2014 à 13:28, David Woolley a écrit : On 23/06/14 12:03, Rob Heemskerk wrote: As kernels are tickles nowadays response times to clock interrupts and (interrupt backlogs) do not seem to be relevant anymore. Tickless kernels still use clock interrupts; they just schedule them only when actually needed. In fact they can make it worse, in that they can tweak the timing so as to aggregate several wakeups. Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? No. Normal virtualised machines are not intended for hard realtime applications. Also, the host clock can and should be disciplined using NTP, so there is a risk double correction. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
On 23/06/14 13:12, Miroslav Lichvar wrote: I think it all depends on the VM implementation and what clocksource is used in the guest. If the guest is using tsc (i.e. its frequency is independent of the host clock), it will need to run its own NTP It will still be subject to potentially large scheduling delays between NTP packet arrival and processing. Also, unless you restrict VM to a single host, the TSC could jump and change frequency when the VM is moved. If it is impossible to virtualise TSC, it is impossible to hide those jumps. Generally you are going to put ntpd on a VM because the IT manager doesn't consider it very important. If it is not important, he is probably not going to worry about the effect of moving it around hosts. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
David Woolley david@ex.djwhome.demon.invalid wrote: On 23/06/14 13:12, Miroslav Lichvar wrote: I think it all depends on the VM implementation and what clocksource is used in the guest. If the guest is using tsc (i.e. its frequency is independent of the host clock), it will need to run its own NTP It will still be subject to potentially large scheduling delays between NTP packet arrival and processing. Also, unless you restrict VM to a single host, the TSC could jump and change frequency when the VM is moved. If it is impossible to virtualise TSC, it is impossible to hide those jumps. In practice on a modern VMware environment the time will be within about 2-3 ms for a Linux system. On a VMotion it will jump a few hundred ms and then regulate back. When your NTP server is a Windows server and you want to be within 1 second you have different worries. Generally you are going to put ntpd on a VM because the IT manager doesn't consider it very important. If it is not important, he is probably not going to worry about the effect of moving it around hosts. That is right. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
On Mon, Jun 23, 2014 at 9:54 AM, David Woolley david@ex.djwhome.demon.invalid wrote: On 23/06/14 13:12, Miroslav Lichvar wrote: I think it all depends on the VM implementation It will still be subject to potentially large scheduling delays between NTP packet arrival and processing. Also, unless you restrict VM to a single host, the TSC could jump The OP said Why are NTP Servers running on virtualized hardware (vmware) unsuitable to serve time to clients? but referred to a generalized recommendation. I'm sure the recommendation is intended for a generic virtual environment not the commercial product VMWare. I don't know about VMWare specific capabilities but the systems I'm familiar with either: 1) have one clock with a fixed offset allowed for domains. 2) have a vm clock that's a reasonable copy of the host clock which can appear to be changed but isn't. 3) have a vm clock that is read-only (attempts to write return insufficient privilege). All of which make running a clock-disciplining system fruitless. I wondered about this when reading $40/mo in Bandwidth for a pool server. I suppose long T deviation could provide insight in clock quality. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Servers in virtual machines
On 2014-06-23, Rob Heemskerk rob.heemsk...@gmail.com wrote: Hi, Why are NTP Servers running on virtualized hardware (vmware) unsuitable to serve time to clients? Because the virtual clock does not tick regularly. The real clock does. I've read this statement several times but can't find a good motivation. I've searched the official documentation, FAQ, the NTP support wiki, this news group, google search. I found this in the support wiki but it seems outdated: NTP server was not designed to run inside of a virtual machine. It requires a high resolution system clock, with response times to clock interrupts that are serviced with a high level of accuracy. As kernels are tickles nowadays response times to clock interrupts and (interrupt backlogs) do not seem to be relevant anymore. Could we say it is safe to run ntp servers on a virtualized platform or do we still need a few (4?) dedicated pieces of hardware to run our internal NTP servers? You canrun ntp on the machine that runs the virtual hardware, and tell the virutal machines to get their time from the real system. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] NTP Pool Server Costs me $40/mo in Bandwidth--is
On 6/16/2014 6:05 AM, Jochen Bern wrote: There are four official slots - two primary, two secondary - over the course of the year to insert leap seconds, Those are only preferences. Leap seconds may be inserted at any month boundary. A positive or negative leap-second should be the last second of a UTC month, but first preference should be given to the end of December and June, and second preference to the end of March and September. - ITU-R TF.460-6 ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions