Recherche dans le site/ Search this Blog:

Login



How to find the best NTP servers near you to query for time for your own NTP server Imprimer

In this article, we will describe how to find the best ntp servers to query for time from your current internet connection. Most providers run NTP servers on their network but they don't always advertise them very well !

Note: You may want to view our provider ntp server list. If your internet service provider ( ISP; the company you pay for to get internet access) is already on this list, we have already done the work for you ! If you find servers that are not on the list, submit them to us so we can add them to the list.

Step 1

Start by using the traceroute program and traceroute to a few different servers NEAR you, choose servers that you know are close to you, we have chosen 2 servers 175 miles away from us, another one 500 miles away and one 1/2 mile away. Of course being physically close to the server doesn't necessarily mean that we are close to it from the network point of vue but this is good enough in order to find good ntp servers for your internet connection:

$ traceroute 74.15.178.5
traceroute to 74.15.178.5 (74.15.178.5), 30 hops max, 38 byte packets
1 10.10.149.149 (10.10.149.149) 7.909 ms 7.808 ms 8.235 ms
2 206.47.229.164 (206.47.229.164) 7.822 ms 8.037 ms 7.783 ms
3 core4-montreal02_POS2-2.net.bell.ca (64.230.143.102) 12.916 ms 16.890 ms 13.686 ms
4 dis24-montreal02_gig7-14.net.bell.ca (64.230.170.130) 11.527 ms 11.748 ms 11.394 ms
5 64.230.168.146 (64.230.168.146) 11.670 ms 13.531 ms 12.335 ms
6 74.15.178.5 (74.15.178.5) 28.453 ms 25.818 ms 26.374 ms

traceroute www.tsx.com
traceroute to www.tsx.com (142.201.0.1), 30 hops max, 38 byte packets
1 10.10.149.149 (10.10.149.149) 7.636 ms 7.458 ms 7.806 ms
2 206.47.229.154 (206.47.229.154) 8.069 ms 7.503 ms 7.929 ms
3 core3-montreal02_POS2-1.net.bell.ca (64.230.173.201) 11.555 ms 12.043 ms 11.558 ms
4 core3-toronto63_15-0-0-0.net.bell.ca (64.230.147.25) 19.111 ms 19.029 ms 18.926 ms
5 core1-toronto63_POS0-1.net.bell.ca (64.230.242.94) 19.107 ms 19.281 ms 19.104 ms
6 dis1-torontoxn_POS1-0.net.bell.ca (64.230.229.46) 19.293 ms 19.837 ms 19.158 ms
7 69.156.254.94 (69.156.254.94) 70.811 ms 19.953 ms 19.444 ms
8 142.46.0.9 (142.46.0.9) 20.348 ms 20.428 ms 20.340 ms
9 142.47.135.2 (142.47.135.2) 20.495 ms 20.560 ms 20.478 ms

$ traceroute www.ulaval.ca
traceroute to www.ulaval.ca (132.203.250.26), 30 hops max, 38 byte packets
1 10.10.149.149 (10.10.149.149) 86.984 ms 206.966 ms 211.350 ms
2 206.47.229.154 (206.47.229.154) 59.641 ms 8.389 ms 7.956 ms
3 core3-montreal02_POS2-1.net.bell.ca (64.230.173.201) 13.103 ms 12.844 ms 12.841 ms
4 bx2-montreal02_POS5-0.net.bell.ca (206.108.107.58) 11.556 ms 11.543 ms 11.547 ms
5 qmtrl-rq.qix.qc.ca (192.77.55.10) 12.144 ms 15.129 ms 11.846 ms
6 cmtrl-uq.risq.net (132.202.101.25) 18.199 ms 18.538 ms 17.349 ms
7 cmtrl-uq.risq.net (132.202.101.25) 16.993 ms 17.673 ms 17.329 ms
8 cmtrl-rq.risq.net (132.202.100.1) 17.825 ms 17.212 ms 17.100 ms
9 cqubc-ul.risq.net (132.202.100.66) 17.915 ms 17.329 ms 17.338 ms
10 ulaval-qix-dqubc-ul.risq.net (132.202.52.13) 16.978 ms 17.492 ms 16.966 ms
11 ulaval-gw.risq.net (132.202.52.14) 16.164 ms 16.271 ms 16.281 ms
12 ulaval-qix-membre.risq.net (206.167.128.154) 16.437 ms 17.632 ms 17.022 ms
13 cslfgtbiex-out.n.ulaval.ca (132.203.244.154) 18.067 ms 17.285 ms 17.693 ms

$ traceroute www.vdl2.ca
traceroute to www.vdl2.ca (199.84.183.97), 30 hops max, 38 byte packets
1 10.10.149.149 (10.10.149.149) 8.314 ms 7.778 ms 7.840 ms
2 206.47.229.154 (206.47.229.154) 7.805 ms 8.093 ms 9.717 ms
3 core3-montreal02_POS2-1.net.bell.ca (64.230.173.201) 13.014 ms 12.635 ms 12.407 ms
4 bx4-montreal02_so-0-0-0.net.bell.ca (64.230.170.174) 11.454 ms 11.857 ms 22.629 ms
5 if-6-0-0.mcore4.MTT-Montreal.teleglobe.net (216.6.115.29) 11.552 ms 12.098 ms 11.457 ms
6 ix-11-0.mcore4.MTT-Montreal.teleglobe.net (216.6.115.58) 29.642 ms 29.731 ms 29.681 ms
7 mtrlpqfbdr05.bb.telus.com (154.11.7.51) 29.572 ms 29.763 ms 29.604 ms
8 206.162.165.50 (206.162.165.50) 30.858 ms 30.859 ms 30.463 ms

Step 2

Start harvesting ntp servers near you by trying your provider router IPs showing in the traceroutes until you find 20-25 ntp servers. To find out if the router belongs to your provider, go to arin (North America), ripe (Europe, Middle East, central asia), apnic (Asia and the Pacific region) lacnic (Latin America and the Carribean region) or afrinic (Africa) and enter its IP in the whois search box. Also lookup for a pattern using ntpq -pn <server IP>, usually most of your provider ntp servers will be getting their time upstream from the same servers. The idea is to make sure you are hitting your provider servers and not servers belonging to your provider's customers.

$ ntpq -pn 209.202.66.10
209.202.66.10: timed out, nothing received
***Request timed out
$ ntpq -pn 154.11.7.51
154.11.7.51: timed out, nothing received
***Request timed out
$ ntpq -pn 216.6.115.58
216.6.115.58: timed out, nothing received
***Request timed out
$ ntpq -pn 195.219.14.9
remote refid st t when poll reach delay offset jitter
==============================================================================
-128.4.1.20 .PPS. 1 u 1009 1024 377 103.504 0.889 4.982
+129.240.64.3 195.220.94.163 2 u 580 1024 377 50.566 -2.614 2.677
-129.6.15.28 .ACTS. 1 u 513 1024 377 115.747 8.296 8.038
-129.6.15.29 .ACTS. 1 u 235 1024 377 112.711 4.420 1.515
132.246.168.80 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00
#134.214.100.6 195.220.94.163 2 u 404 1024 377 37.642 1.992 5.635
#152.2.21.1 129.6.15.28 2 u 839 1024 377 98.468 -5.257 1.768
-158.43.128.66 193.67.79.202 2 u 234 1024 377 2.230 1.036 19.249
+158.43.192.66 193.79.237.14 2 u 766 1024 377 1.200 -4.055 1.949
192.5.41.40 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00
-192.5.41.41 .USNO. 1 u 876 1024 377 95.819 -10.489 5.692
-193.67.79.202 .GPS. 1 u 75 1024 377 17.583 -0.848 11.139
208.184.49.9 65.67.84.83 16 u 48h 1024 0 0.000 0.000 4000.00
*138.39.23.13 .IRIG. 1 u 950 1024 377 105.676 -4.024 2.228
128.118.46.3 12.127.48.126 16 u 175d 1024 0 0.000 0.000 4000.00
-192.5.41.40 .USNO. 1 u 610 1024 377 98.301 -9.590 8.514
195.219.14.9 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00
207.45.221.18 158.43.128.66 16 u 1309 1024 0 0.000 0.000 4000.00
#207.45.221.145 192.5.41.41 2 u 540 1024 377 102.854 6.572 7.675
207.45.220.76 129.6.15.28 16 u 787d 1024 0 0.000 0.000 4000.00

etc.

If you do not find enough servers, you may also scan your provider router /24 subnets to find more using this snippet of bash script , to find out if the subnet belongs to your provider go to arin (North America), ripe (Europe, Middle East, central asia), apnic (Asia and the Pacific region) lacnic (Latin America and the Carribean region) or afrinic (Africa) and enter its IP in the whois search box. ( i.e. 209.202.66.0). Make sure that you stay on your provider router subnets and that you do not enter your provider customer subnets which could show up in the bottom lines of the traceroutes. You want to query servers on a fast connections on your provider's backbone, Not some DSL or co-location machines owned by one of its customers.

#!/bin/sh

let i=0

while [ ${i} -lt 256 ]
do
/usr/sbin/ntpq -pn ${1}.${i}
let i=i+1
done

name the script scanntp, chmod 755 scanntp and issue the following command to scan the 209.202.66.0/24 network (209.202.66.0 to 209.202.66.255).

scanntp 209.202.66

Step 3 (optional)

Recurse into the IPs found using ntpq -pn in step 2 if you did not find enough (20-25) servers. Note that you might not be able to connect to some of the refid IP found in step 2 with ntpq -pn but you may still be able to use them as time sources for your ntp daemon. In fact, this is true for all ntp servers depending on their configuration. You may use ntpdate -q <server IP> to find out if a server is willing to give you time when the server refuses a query with ntpq -pn.

Test that the servers you find are owned by your provider by going to arin (North America), ripe (Europe, Middle East, central asia), apnic (Asia and the Pacific region) lacnic (Latin America and the Carribean region) or afrinic (Africa) and entering the IP in the whois search box. Make sure that you stay on your provider router subnets and that you do not enter your provider customer subnets which could show up in the bottom lines of the traceroutes. You want to query servers on a fast connections on your provider's backbone, Not some DSL or co-location machines owned by one of its customers.

Step 4

Put the 20-25 servers found into your /etc/ntp.conf and restart ntpd.

Step 5

Run ntpq -pn on your local machine where you run ntpd:

$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
-64.230.242.45 64.230.242.33 4 u 84 128 377 24.978 0.825 35.832
-69.156.254.2 132.246.168.164 3 u 78 128 377 26.009 1.445 3.105
-206.47.72.104 206.47.60.179 4 u 58 128 377 20.663 -2.381 0.215
69.156.254.30 138.82.254.133 4 u 460 1024 177 22.124 -567.28 2.749
69.156.254.218 128.9.176.30 2 u 462 1024 177 65.289 0.512 0.111
-69.156.254.194 208.70.244.150 3 u 65 128 377 79.914 1.306 0.838
-69.156.254.190 128.100.56.135 3 u 66 128 377 26.224 -1.852 0.444
-69.156.254.154 172.16.0.1 4 u 10 128 17 22.558 11.079 0.944
-69.156.254.94 192.75.109.40 3 u 69 128 377 20.575 0.545 0.961
69.156.254.86 204.187.144.34 4 u 708 1024 147 16.334 2874.77 236.052
-69.156.254.38 64.26.173.192 4 u 54 128 377 20.363 0.669 0.416
-64.230.242.150 206.108.96.1 3 u 60 128 377 20.430 -0.311 0.723
*64.230.242.118 206.108.96.17 3 u 48 128 377 20.035 0.180 23.455
-206.108.107.230 206.108.96.1 3 u 65 128 377 20.498 1.789 8.456
-206.108.107.234 206.108.96.1 3 u 65 128 377 20.484 1.629 9.190
-206.108.107.58 206.108.96.66 3 u 60 128 377 12.831 -0.984 23.507
-206.108.107.62 206.108.96.66 3 u 43 128 377 12.742 -0.977 0.173
-64.230.242.114 206.108.96.17 3 u 54 128 377 20.160 0.291 2.017
-69.156.254.97 206.108.96.50 3 u 49 128 377 21.162 2.499 0.624

Step 6

Keep only the 4 best servers, the ones with the smallest delay/offset/jitter. Comment off the other ones in your /etc/ntp.conf file. You can use them later as a starting point if you need to repeat the process described in this article or just use one of them to quickly replace a server that has gone out of service.

NOTE: 4 to 6 servers should be plenty in order to keep accurate time. Using 20-25 servers will most likely confuse your ntpd, especially if some of them are bad. Nevertheless, we display 7 servers here in order to show that we can now rely on 7 servers with less than 30 ms delay. Also, you should make sure that the servers you use permit it if they do not belong to your own provider. You can find out if the servers you use belong to your provider by doing a lookup on arin (North America), ripe (Europe, Middle East, central asia), apnic (Asia and the Pacific region) lacnic (Latin America and the Carribean region) or afrinic (Africa). All the following server are owned by our provider :

$ ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================

-64.230.242.45 64.230.242.33 4 u 84 128 377 24.978 0.825 35.832
-69.156.254.2 132.246.168.164 3 u 78 128 377 26.009 1.445 3.105
-206.47.72.104 206.47.60.179 4 u 58 128 377 20.663 -2.381 0.215
-69.156.254.30 138.82.254.133 4 u 460 1024 177 22.124 -5.282 2.749

-69.156.254.190 128.100.56.135 3 u 66 128 377 26.224 -1.852 0.444
-69.156.254.154 172.16.0.1 4 u 10 128 17 22.558 11.079 0.944
*69.156.254.94 192.75.109.40 3 u 69 128 377 20.575 0.545 0.961

Note : To test that these servers belong to our provider we went to arin and entered the IP in the whois search box.

 

Ajouter votre commentaire / Add your comment

Votre nom / Your name:
Sujet / Subject:
Commentaire:
SPAM: Ne pas inclure de lien ou utiliser le stratagème suivant: "yahoo.com slash mapage.html"     Nous utilisons un filtre qui bloque les commentaires suspects avec une erreur 403. De même, du code de programmation ou sql peut provoquer des erreurs 403. Veuillez utiliser un lien vers votre code tel que: "pastebin.com slash jVNqLieD"    Merci!
Comment:
SPAM: Do not include any links in your post or use the following construct: "yahoo.com slash mypage.html"    We are using a filter that denies suspicious posts with a 403 error. Programming language or SQL code may also cause a 403 error. Please provide a link to your code instead like: "pastebin.com slash jVNqLieD"    Thank you! :
  Lettres de vérification; lettres minuscules seulement, pas d
Retaper les lettres affichées / Word verification:
Mis à jour / Last updated ( samedi, 15 décembre 2007 18:56 )
 



Consultez TOUS nos fils d'actualité ici. / View ALL our newsfeed here.