cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1936
Views
0
Helpful
3
Replies

Cisco ISE 3.0 patch-3 "show ntp" output explaination needed

david.tran
Enthusiast
Enthusiast

below is the "show ntp" output from the ISE 3.0 patch-3 running on SNS-3655 physical appliance:

 

nycise/cciesec# show ntp
Configured NTP Servers:
192.168.40.150
192.168.40.151
10.1.40.150

Reference ID : 0A062897 (nycntppc001_lan2.tmobile.com)
Stratum : 2
Ref time (UTC) : Sun Aug 22 09:54:45 2021
System time : 0.000009534 seconds fast of NTP time
Last offset : +0.000015193 seconds
RMS offset : 0.000007602 seconds
Frequency : 3.783 ppm slow
Residual freq : +0.000 ppm
Skew : 0.004 ppm
Root delay : 0.000387436 seconds
Root dispersion : 0.000654229 seconds
Update interval : 1026.8 seconds
Leap status : Normal

210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ nycntppc001.tmobile> 1 10 377 356 +51us[ +51us] +/- 215us
^* ntp2.tmobile.com 1 10 377 650 +44us[ +59us] +/- 196us
^- miantppc001_lan1.> 1 10 377 360 -94us[ -94us] +/- 2902us

M indicates the mode of the source.
^ server, = peer, # local reference clock.

S indicates the state of the sources.
* Current time source, + Candidate, x False ticker, ? Connectivity lost, ~ Too much variability

Warning: Output results may conflict during periods of changing synchronization.

nycise/cciesec#

 

You can see the state of the sources as:

* = Current time source

+ = Candidate

x = False ticker

? = Connectivity lost

~ = Too much variability

but nothing for the "-" as seen with  "miantppc001_lan1"

 

What does "-" mean? 

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

This column indicates the state of the source.

* indicates the source to which chronyd is currently synchronised.

+ indicates acceptable sources which are combined with the selected source.

- indicates acceptable sources which are excluded by the combining algorithm.

? indicates sources to which connectivity has been lost or whose packets do not pass all tests. It is also shown at start-up, until at least 3 samples have been gathered from it.

x indicates a clock which chronyd thinks is a falseticker (i.e. its time is inconsistent with a majority of other sources).

~ indicates a source whose time appears to have too much variability.

 

> ... topshelf shows with "=*" since it is the reference clock. parry shows "=+" since it is regarded highly enough to be considered in the clock adjustment combining algorithm. The other peers show as "=-" since they are not currently being regarded as sources for adjustments.

View solution in original post

3 Replies 3

hslai
Cisco Employee
Cisco Employee

This column indicates the state of the source.

* indicates the source to which chronyd is currently synchronised.

+ indicates acceptable sources which are combined with the selected source.

- indicates acceptable sources which are excluded by the combining algorithm.

? indicates sources to which connectivity has been lost or whose packets do not pass all tests. It is also shown at start-up, until at least 3 samples have been gathered from it.

x indicates a clock which chronyd thinks is a falseticker (i.e. its time is inconsistent with a majority of other sources).

~ indicates a source whose time appears to have too much variability.

 

> ... topshelf shows with "=*" since it is the reference clock. parry shows "=+" since it is regarded highly enough to be considered in the clock adjustment combining algorithm. The other peers show as "=-" since they are not currently being regarded as sources for adjustments.

@hslai:  Thank you for the detailed explanation.  I guess more "bugs" from Cisco. 

 

Even the bug ID does not describe the issue correctly:    When there are more than 1 NTP servers configured in ISE, the one NTP server became the master whereas the state of the rest of the servers changed into ' - ' which is not described in ISE"

 

The statement "the rest of the servers" is NOT true.  One or more NTP servers, yes, but not ALL.

Hello @david.tran,

 

Beside the bug ID mentioned by @hslai the NTP uses filters and some algorithms to determine reliable and more accurate NTP server based on (offset,time accuracy, jitter,round trip, etc...) One of these algorithms is Clustering Algorithm - sign means that NTP server is discarded (Did not pass Clustering Algo compared to the other more accurate NTP servers, which they are refered as + candidate or survivors).

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers