cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7786
Views
5
Helpful
5
Replies

ntp clock synchronization flapping continuously

mat_rouch
Level 1
Level 1

I have a pair of 2951 routers that are acting as NTP servers for my internal networks.  Both are going to public ntp servers to get their updates.  One of the two, IP 10.8.255.253, is continuously losing and then regaining its clock synchronization:

5/6/2015 9:36:48 AM 10.8.255.253 Debug 6931: 006927: . NTP Core (NOTICE): Clock is synchronized.
5/6/2015 9:36:48 AM 10.8.255.253 Debug 6929: 006925: NTP Core (NOTICE): Clock synchronization lost.
5/6/2015 9:36:13 AM 10.8.255.253 Debug 6928: 006924: NTP Core (INFO): 10.63.40.1 0035 85 restart timeout
5/6/2015 9:35:57 AM 10.8.255.253 Debug 6927: 006923: NTP Core (INFO): 10.71.1.250 0035 85 restart timeout
5/6/2015 9:35:42 AM 10.8.255.253 Debug 6924: 006920: NTP Core (NOTICE): Clock synchronization lost.
5/6/2015 9:35:42 AM 10.8.255.253 Debug 6926: 006922: . NTP Core (NOTICE): Clock is synchronized.
5/6/2015 9:35:42 AM 10.8.255.253 Debug 6925: 006921: . NTP Core (INFO): 64.113.32.5 961A 8A sys_peer
5/6/2015 9:34:38 AM 10.8.255.253 Debug 6921: 006917: NTP Core (NOTICE): Clock synchronization lost.
5/6/2015 9:34:38 AM 10.8.255.253 Debug 6922: 006918: . NTP Core (INFO): 24.56.178.140 961A 8A sys_peer
5/6/2015 9:34:38 AM 10.8.255.253 Debug 6923: 006919: . NTP Core (NOTICE): Clock is synchronized.
5/6/2015 9:32:17 AM 10.8.255.253 Debug 6918: 006914: NTP Core (NOTICE): Clock synchronization lost.
5/6/2015 9:32:17 AM 10.8.255.253 Debug 6919: 006915: . NTP Core (INFO): 64.113.32.5 961A 8A sys_peer
5/6/2015 9:32:17 AM 10.8.255.253 Debug 6920: 006916: . NTP Core (NOTICE): Clock is synchronized.
5/6/2015 9:31:20 AM 10.8.255.253 Debug 6916: 006912: . NTP Core (INFO): 24.56.178.140 961A 8A sys_peer
5/6/2015 9:31:20 AM 10.8.255.253 Debug 6917: 006913: . NTP Core (NOTICE): Clock is synchronized.
5/6/2015 9:31:20 AM 10.8.255.253 Debug 6915: 006911: NTP Core (NOTICE): Clock synchronization lost.
 

The config and associations on the two routers look like this:

------------------------------------------------------------------------------------------------

router 10.8.255.253
--------------------------
ntp logging
ntp source GigabitEthernet0/0.1
ntp master
ntp update-calendar
ntp server 206.246.122.250
ntp server 24.56.178.140
ntp server 64.113.32.5
ntp peer 10.1.255.254
 

Amesrtr#sh ntp assoc

  address         ref clock       st   when   poll reach  delay  offset   disp
 ~127.127.1.1     .LOCL.           7     11     16   377  0.000   0.000  0.232
  10.65.40.1      10.8.255.253     3   1316   1024    42  4.089 -27.102 250.96
  10.45.200.1     10.8.255.253     4      -    128   100  0.000   0.000 15875.
  10.8.11.1       .INIT.          16      -     64     0  0.000   0.000 15937.
  10.66.40.1      10.8.255.253     4      -     64     2  0.000   0.000 15875.
  10.3.255.250    10.8.255.253     3   1479   1024    44  2.953  -9.313 989.27
+~206.246.122.250 .ACTS.           1     38     64   377 50.511  -1.706  2.284
  10.75.255.250   10.8.255.253     4   2795   1024     0  0.000   0.000 15937.
  10.2.255.250    10.8.255.253     4   2567   1024     0  0.000   0.000 15937.
*~24.56.178.140   .ACTS.           1     41     64   375 29.835  -5.914  6.083
+~64.113.32.5     .ACTS.           1     12     64   373 40.740  -9.465  2.454
-~10.1.255.254    216.229.0.179    2      7     64   377  1.175  18.163  4.742
  10.1.255.230    10.8.255.253     4   3107   1024     0  0.000   0.000 15937.
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

------------------------------------------------------------------------------------------------

router 10.1.255.254
--------------------------
ntp logging
ntp source GigabitEthernet0/0
ntp master
ntp update-calendar
ntp server 216.229.0.179
ntp server 131.107.13.100
ntp peer 10.8.255.253
ntp server 129.6.15.30
 

90thDodgeRtr#sh ntp assoc

  address         ref clock       st   when   poll reach  delay  offset   disp
 ~127.127.1.1     .LOCL.           7     11     16   377  0.000   0.000  0.232
*~216.229.0.179   .ACTS.           1     36     64   377 13.039  -9.845  2.309
+~131.107.13.100  .ACTS.           1     43     64   177 62.614  -6.304  2.994
-~10.8.255.253    24.56.178.140    2     43     64   376  1.837 -18.494  3.694
+~129.6.15.30     .ACTS.           1     39     64   377 52.951  -7.371  3.102
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

------------------------------------------------------------------------------------------------

Every time I look at the associations the ref clock for the configured ntp servers shows as "ACTS".  Any ideas why the clock on the one router would be flapping like this?

 

Thanks in advance,

-Mat

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame
ntp master

Can you please remove this?

ntp peer 10.8.255.253

This doesn't make any sense.  Why do this when you could've just used "ntp server 24.56.178.140"?

I cannot remove the "nap master" command, since both of these routers are acting as ntp servers to hosts on the internal network.

I used the "ntp peer" command as recommended in the cisco NTP Best Practices white paper at http://www.cisco.com/c/en/us/support/docs/availability/high-availability/19643-ntpm.html#wantimedist

Basically my config looks just like the one in the cited example, except that I am not using authentication or control groups.  According to that document the "ntp peer" command is appropriate.

 

-Mat

I cannot remove the "nap master" command, since both of these routers are acting as ntp servers to hosts on the internal network.

The command of "NTP Master" is not recommended by Cisco.  The logic behind this is because the command instructs the appliance to tell everyone that "I'm to be trusted".  Not a good idea.

r.heitmann
Level 1
Level 1

scenario

  • all your "ntp server" time-sources are using the same "upstream" time-source ".ACTS."
  • all ntp-servers provide almost the same level of accuracy
  • your router as ntp-client nevertheless is choosing the best time-source

 

reason for the log-output

  • this "best time-source" seems to slightly change from time to time
    • eg. network-latency between router and ntp-server increases/decreases...
  • the router selects a better (but still almost identical) time-source and generates the log-output shown

solution

  • configure one ntp-server to be preferred
ntp server 206.246.122.250 prefer
ntp server 24.56.178.140
ntp server 64.113.32.5

 

=> this should pin your router permanently to server 206.246.122.250.

=> the logging should be gone

 

 

 

 

 

Thank you, testing this out, will give feedback in a day or two.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: