NTP Skew or Smear Sources

Mixing algorithms is tricky

Andrew Latham

I promote redundancy at every chance. Having extra DNS servers or extra DHCP servers is always grand. One issue that I noticed recently was NTP Skew or Smear. This is a method of slowly adjusting the clocks on systems to compensate for leap seconds which happen from time to time. The process is well thought out and well documented however the implementation is not perfect. While discussing redundancy a network engineer was explaining the current solution and future plans. I was asked about the NTP setup and advised them to diversify vendors of hardware solutions. After a deeper dive I found they were using cloud provider vendor NTP services from a directive up the command chain. The issue came when I saw they were configuring multiple providers NTP servers as sources. The issue here is that NTP sources might use a different smear method and the inclusion of non-smeared sources would mean the NTP calculation would favor the lowest latency source as the various vendors smear drifted apart from atomic time.

Mixing algorithms is tricky

Andrew Latham

On systems like Debian Stretch with systemd the time sync is baked in but will not run if the legacy NTP package is installed at all so here is a howto/demo of what to do.

# apt-get purge ntp
# systemctl restart systemd-timesyncd.service
# systemctl status systemd-timesyncd.service 
● systemd-timesyncd.service - Network Time Synchronization
   Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/systemd-timesyncd.service.d
           └─disable-with-time-daemon.conf
   Active: active (running) since Fri 2017-08-11 10:09:11 CDT; 3s ago
     Docs: man:systemd-timesyncd.service(8)
 Main PID: 31413 (systemd-timesyn)
   Status: "Synchronized to time server 92.243.6.5:123 (0.debian.pool.ntp.org)."
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/systemd-timesyncd.service
           └─31413 /lib/systemd/systemd-timesyncd

Aug 11 10:09:11 nodeone systemd[1]: Starting Network Time Synchronization...
Aug 11 10:09:11 nodeone systemd[1]: Started Network Time Synchronization.
Aug 11 10:09:11 nodeone systemd-timesyncd[31413]: Synchronized to time server 92.243.6.5:123 (0.debian.pool.ntp.org).
#