NTP health check failed - No NTP peers

[Constantin]

Would this work? https://austinsnerdythings.com/2021/04/19/microsecond-accurate-ntp-with-a-raspberry-pi-and-pps-gps/ I'm not obsessed with dirt cheap - an under $100. solution seems reasonable.

I'd go with a Centerclick NTP200 or NTP250 solution instead. Custom-built, super simple to set up, and unlike a RPi+Uputronics or like hat, the thing has a TCXO for the times that Baidu, GLONASS, Galileo, and GPS are not available.

I also have a Pi with the uputronics hat and found the NTP200 to be a much better solution since it's tailored to be a accurate time server first and foremost.

For me, the NTP200 is a much better value as long as you don't consider your time to be free. Plus, it already has a case, power supply, and antenna included. I also find the web-based, detailed status-screens on the NTP200 to be far more usable than the crude stuff the RPi can show.

 

[DavidinGA]

Awesome, thanks! Time is the one thing that no one may never acquire more of - so, yes, spending a few extra dollars to avoid hassle makes good sense.

 

[da_da]

I highly recommend a least 7 NTP peers/servers. I generally have 11 from various locations.

Also, I prefer Chrony.

 

[Constantin]

I’m running two GPS-based stratum-1s here and use the FreeBSD pool of internet NTP servers as a backup. Seems to work.

Getting good time alignment is not only really important for ZFS / FreeBSD but also vital for 2FA.

 

[DavidinGA]

I highly recommend a least 7 NTP peers/servers. I generally have 11 from various locations.

Also, I prefer Chrony.

Wow!

 

[Patrick M. Hausen]

I highly recommend a least 7 NTP peers/servers. I generally have 11 from various locations.

Is there some writing on your reasoning? I tend to have one or two local servers that use the two official German time sources and all other devices use these local ones.

Also of course with ntpd there is no difference between "clients" and "servers" - only the question which machines will answer queries and which ones won't.

 

[da_da]

Under no circumstances anyone should ever use two, ever. With two and a time shift or other issues, then there's no way for the algo to correct and identify the right time. the more, the merrier is to increase the chances of feeding incorrect timing.

 

[Patrick M. Hausen]

I assumed ptbtime1.ptb.de and ptbtime2.ptb.de are somehow redundant by themselves and "always correct". This is the official government time source in Germany, after all. (Physikalisch-Technische Bundesanstalt Braunschweig).

I'll look into what I should add in addition to these.

 

[da_da]

I use MIT, google, NIST and many other universities.

 

[Patrick M. Hausen]

The more local, the better, right? Less delay and therefore jitter, too? That was my reason for just sticking with PTB.

 

[da_da]

Yea, but what you want to make sure is that the calculation is precise it's not like a VoIP call with ultra low jitters as it's not always on. The NTP will poll on various times and may find jitters change and select others. The goal here is to get the same value X from many. to put it simply is that if you had two NTP and receive X from one and Y from the other then your NTP time should be C? or Z? LOL

the NTP should have choices of receving the same value from say 3, 5, 7 or 11. Say, if you had 5 set and one of them was providing incorrect timing of Y then system is smart enough to remove/correct the shift.

HTH...

 

[nabsltd]

I tend to have one or two local servers that use the two official German time sources and all other devices use these local ones.

You need 3 or more local NTP servers in case you are cut off from the Internet for a long period of time. With just 2, one can have an issue where it gets far enough off to affect services that need accurate time, and you won't know which one of the two is right. With 3 or more, you can find the outlier very quickly.

I have 4 local NTP servers, each of which is configured to get time from 4 public NTP servers. So, that's a total of 16 different servers that feed my setup. This pretty much completely protects against errors caused by one bad public server.

But, for less than $250 for direct GPS time, I'll likely add that soon.

 

[Patrick M. Hausen]

You plan for being cut off from the Internet for extended periods of time? If the Internet is off I might as well switch off all machines. No network - no worky.

I will take your recommendations to heart for our datacentre, though. So thanks. Some more servers and possibly a GPS unit. But for the office? If the DSL is down, people switch to using their mobile phones or go home to work from there. There is no meaningful work that can be done at our office without an uplink.

 

[da_da]

here's a link I recommend:

Building a Raspberry-Pi Stratum-1 NTP Server

NTP on a Raspberry-Pi - documents configuring a Raspberry Pi for headless operation, configuring NTP for remote monitoring, adding a GPS/PSS device (two discussed), and how well NTP performs in WAN-only, LAN, and PPS configurations.

www.satsignal.eu

you can tweak this with any of the Sparkfun NEO-M9N chips to get yourself a PPS or even NTS setup for secure NTP.

GPS Boards - SparkFun Electronics

GPS Boards - and more...

www.sparkfun.com

 

[Constantin]

The new M9N generation are a neat upgrade and being able to track 92 satellites across 4 constellations is pretty much 100% of what you could ask for in a GPS (plus the TCXO).

The NTP200 currently uses the ublox M8 series GPS receiver and hence can only query 3 constellations at once. I doubt that operationally it will make a huge difference for a NTP server.

I still prefer the NTP200 over a RPi solution on account of the better web interface and built-in diagnostics on the NTP vs. the RPi solutions. I have also found my RPIs need to be updated periodically while the NTP200 allows a auto-update mode.

Both solutions work well here. My TrueNAS uses the two local stratum-1 sources preferentially and then 3 online sources as backups. So far, no issues.

 

[da_da]

not sure if you are able to set it to support NTS.

Here's the link for some public NTS:

Transparent, Trustworthy Time with NTP and NTS

Many processes, especially those related to security, rely on, if not perfectly accurate, so at least trustworthy time. However, time is large transported unsecured over the public Internet. Finally, this is going to change.

netfuture.ch

 

[nabsltd]

There is no meaningful work that can be done at our office without an uplink.

I suspect there are dozens of services inside your office that talk to each other, and many will roll over and die when two of them can't agree on the time, because they are talking to different local NTP servers that have become desynchronized.

This problem will persist long after the Internet connection is back (because NTP only corrects in small offsets), and 99% of the time, the only error message you'll get is something like "authentication failed" or "can't connect to server". If you are lucky, one piece of software will give you a detailed enough error message to say that the time difference is too much.

 

[Constantin]

The error messages you get when TrueNAS times are off are hilariously nondescript yet SMB performance will absolutely crater.

When I have too much time on my hands, I’ll add a TCXO RTCs to my RPis followed by installing ntp server software, and finally declaring them backups to the local stratum 1s + the internet pool.

 

[homer27081990]

I know I am a bit late, but could the original issue be any form of a general UDP problem? Did any of the people with NTP issues have any problems with streaming or VoIP?

 

[Patrick M. Hausen]

I suspect there are dozens of services inside your office that talk to each other, and many will roll over and die when two of them can't agree on the time, because they are talking to different local NTP servers that have become desynchronized.

Actually there are not. A switch, two WiFi access points, a single server that provides a Time Machine backup for all the developer Macs, an OPNsense firewall that drives the DSL line and provides the tunnel to the data centre and the customers. Nothing which cannot be quickly rebooted. Even our domain controllers are in the data centre in Frankfurt - but the only thing local to the office that uses AD authentication is the TrueNAS.

But generally you are right. I'll open an internal ticket to improve the setup in Frankfurt. Thanks again.