Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2611
Views
0
Helpful
3
Replies

Cisco ISE 3.0 patch-3 "show ntp" output explaination needed

Go to solution
david.tran
Level 4
Level 4

‎08-22-2021 03:24 AM

below is the "show ntp" output from the ISE 3.0 patch-3 running on SNS-3655 physical appliance:

 

nycise/cciesec# show ntp
Configured NTP Servers:
192.168.40.150
192.168.40.151
10.1.40.150

Reference ID : 0A062897 (nycntppc001_lan2.tmobile.com)
Stratum : 2
Ref time (UTC) : Sun Aug 22 09:54:45 2021
System time : 0.000009534 seconds fast of NTP time
Last offset : +0.000015193 seconds
RMS offset : 0.000007602 seconds
Frequency : 3.783 ppm slow
Residual freq : +0.000 ppm
Skew : 0.004 ppm
Root delay : 0.000387436 seconds
Root dispersion : 0.000654229 seconds
Update interval : 1026.8 seconds
Leap status : Normal

210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ nycntppc001.tmobile> 1 10 377 356 +51us[ +51us] +/- 215us
^* ntp2.tmobile.com 1 10 377 650 +44us[ +59us] +/- 196us
^- miantppc001_lan1.> 1 10 377 360 -94us[ -94us] +/- 2902us

M indicates the mode of the source.
^ server, = peer, # local reference clock.

S indicates the state of the sources.
* Current time source, + Candidate, x False ticker, ? Connectivity lost, ~ Too much variability

Warning: Output results may conflict during periods of changing synchronization.

nycise/cciesec#

 

You can see the state of the sources as:

* = Current time source

+ = Candidate

x = False ticker

? = Connectivity lost

~ = Too much variability

but nothing for the "-" as seen with  "miantppc001_lan1"

 

What does "-" mean? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-22-2021 05:39 PM - edited ‎08-22-2021 05:55 PM

This column indicates the state of the source.

* indicates the source to which chronyd is currently synchronised.

+ indicates acceptable sources which are combined with the selected source.

- indicates acceptable sources which are excluded by the combining algorithm.

? indicates sources to which connectivity has been lost or whose packets do not pass all tests. It is also shown at start-up, until at least 3 samples have been gathered from it.

x indicates a clock which chronyd thinks is a falseticker (i.e. its time is inconsistent with a majority of other sources).

~ indicates a source whose time appears to have too much variability.

 

> ... topshelf shows with "=*" since it is the reference clock. parry shows "=+" since it is regarded highly enough to be considered in the clock adjustment combining algorithm. The other peers show as "=-" since they are not currently being regarded as sources for adjustments.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
hslai
Cisco Employee
Cisco Employee

‎08-22-2021 05:39 PM - edited ‎08-22-2021 05:55 PM

This column indicates the state of the source.

* indicates the source to which chronyd is currently synchronised.

+ indicates acceptable sources which are combined with the selected source.

- indicates acceptable sources which are excluded by the combining algorithm.

? indicates sources to which connectivity has been lost or whose packets do not pass all tests. It is also shown at start-up, until at least 3 samples have been gathered from it.

x indicates a clock which chronyd thinks is a falseticker (i.e. its time is inconsistent with a majority of other sources).

~ indicates a source whose time appears to have too much variability.

 

> ... topshelf shows with "=*" since it is the reference clock. parry shows "=+" since it is regarded highly enough to be considered in the clock adjustment combining algorithm. The other peers show as "=-" since they are not currently being regarded as sources for adjustments.

0 Helpful

Go to solution
david.tran
Level 4
Level 4
In response to hslai

‎08-22-2021 06:19 PM - edited ‎08-22-2021 06:25 PM

@hslai:  Thank you for the detailed explanation.  I guess more "bugs" from Cisco. 

 

Even the bug ID does not describe the issue correctly:    When there are more than 1 NTP servers configured in ISE, the one NTP server became the master whereas the state of the rest of the servers changed into ' - ' which is not described in ISE"

 

The statement "the rest of the servers" is NOT true.  One or more NTP servers, yes, but not ALL.

0 Helpful

Go to solution
Amine ZAKARIA
Spotlight
Spotlight
In response to hslai

‎08-23-2021 02:20 AM

Hello @david.tran,

 

Beside the bug ID mentioned by @hslai the NTP uses filters and some algorithms to determine reliable and more accurate NTP server based on (offset,time accuracy, jitter,round trip, etc...) One of these algorithms is Clustering Algorithm - sign means that NTP server is discarded (Did not pass Clustering Algo compared to the other more accurate NTP servers, which they are refered as + candidate or survivors).

 

0 Helpful
Customers Also Viewed These Support Documents