HP TCP/IP Services for OpenVMS
Management

logconfig +sysevents +syncstatus

This configuration would list the synchronization state of the NTP server and the major system events.
For a simple reference server, the following minimum message configuration might be useful:

logconfig +syncall +clockall

This configuration lists all clock information and synchronization information. All other events and messages about peers, system events, and so forth, are suppressed.

tinker [panic panic| dispersion dispersion| freq freq| minpoll minpoll | allan allan| huffpuff huffpuff]
This statement can be used to alter several system variables in exceptional circumstances. It should occur in the configuration file before any other configuration options. The default values of these options have been carefully optimized for a wide range of network speeds and reliability expectations. In general, they interact in intricate ways that are hard to predict, and some combinations can result in unpredictable behavior. It is rarely necessary to change the default values.
The options operate as follows:

panic panic
This option becomes the new value for the panic threshold, normally 1000 seconds. If set to zero, the panic sanity check is disabled and a clock offset of any value is accepted.
dispersion dispersion
This option becomes the new value for the dispersion increase rate, usually .000015.
minpoll minpoll
This option becomes the new value for the minimum poll interval used when configuring a multicast client, a manycast client, and symmetric passive-mode association. The value defaults to 6 (64 seconds) and has a lower limit of 4 (16 seconds).
freq freq
The argument becomes the initial value of the frequency offset in parts-per-million. This overrides the value in the frequency file, if present, and avoids the initial training state if it is not.
allan allan
This option becomes the new value for the minimum Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm. The value defaults to 1024 seconds, which is also the lower limit.
huffpuff huffpuff
This option becomes the new value for the experimental huff-n-puff filter span, which determines the most recent interval that the algorithm will search for a minimum delay. The lower limit is 900 seconds (15 minutes), but a more reasonable value is 7200 (2 hours). There is no default, since the filter is not enabled unless this statement is given.

13.4.2.1 NTP Monitoring Options

TCP/IP Services NTP includes a comprehensive monitoring facility that is suitable for continuous, long-term recording of server and client timekeeping performance. Statistics files are managed using file generation sets and scripts.

You can specify the following monitoring commands in your configuration file:

statistics name [ ... ]
Enables writing of statistics records. The following is a list of the supported name statistics:
- loopstats
  Enables recording of loop filter statistics information. Each update of the local clock outputs a line of the following form to the file generation set named loopstats :
  48773 10847.650 0.0001307 17.3478 2
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). (A Julian Day [JD] begins at noon and runs until the next noon. The JD number is the number of days [or part of a day] since noon [UTC] on January 1, 4713 B.C. A Modified Julian Day [MJD] is the JD minus 2,400,000.5.)
  The next three fields show time offset (in seconds), frequency offset (in parts per million), and time constant of the clock discipline algorithm at each update of the clock.
- peerstats
  Enables recording of peer statistics information. This includes statistics records of all peers of an NTP server and of special signals, where present and configured. Each valid update appends a line of the following form to the current element of a file generation set named peerstats :
  48773 10847.650 127.127.4.1 9714 -0.001605 0.00000 0.00142
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer address and status, respectively. The status field is encoded in hexadecimal. The final three fields show the offset, delay, and dispersion (in seconds).
- clockstats
  Enables recording of clock driver statistics information. Each update received from a clock driver outputs a line in the following form to the file generation set named clockstats :
  49213 525.624 127.127.4.1 93 226 00:08:29.606 D
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the clock address. The final field shows the last time code received from the clock in decoded ASCII format, where meaningful. In some clock drivers, a good deal of additional information can be gathered and displayed as well. For further details, see information specific to each clock.
- cryptostats
  Enables recording of cryptographic public key protocol information. Each message received by the protocol module appends a line of the following form to the file generation set named cryptostats :
  49213 525.624 127.127.4.1 message
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next field shows the peer address in dotted-quad notation. The final message field includes the message type and certain ancillary information. See Section 13.7 for further information.
- rawstats
  Enables recording of raw timestamps. Each valid update appends a line in the following form to the file-generation set named rawstats :
  51554 79509.68 9.20.208.53 9.20.208.97 3156617109.664603 3156617109.673268 03456142.801203010 3156619216.137622
  The first two fields show the date (Modified Julian Day) and time (seconds and fraction past UTC midnight). The next two fields show the peer and local addresses. The next four fields are:
  - The origination timestamp
  - The received timestamp
  - The transmitted timestamp (the last one sent to the same peer)
  - The timestamp of the packet's arrival on the server
- statsdir directory-path
  Indicates the full path of a directory in which statistics files should be created.

13.4.2.2 Access Control Options

TCP/IP Services NTP implements a general-purpose address-and-mask based restriction list. The list is sorted by address and by mask, and the list is searched in this order for matches. The last match to be found defines the restriction flags associated with the incoming packets. The source address of incoming packets is used for the match. The 32-bit address is and'ed with the mask associated with the restriction entry, and then is compared with the entry's address (which has also been and'ed with the mask) to look for a match.

Although this facility might be useful for keeping unwanted or broken remote time servers from affecting your own, it is not considered an alternative to the standard NTP authentication facility.

13.4.2.2.1 The Kiss-of-Death Packet

Ordinarily, packets denied service are simply dropped with no further action except incrementing statistics counters. Sometimes a more proactive response is needed, such as a server message that explicitly requests the client to stop sending and leave a message for the system operator. A special packet format has been created for this purpose called the kiss-of-death (kod) packet. kod packets have the leap bits set unsynchronized and stratum set to zero and the reference identifier field set to a four-byte ASCII code. If the noserve or notrust flag of the matching restrict list entry is set, the code is DENY; if the limited flag is set and the rate limit is exceeded, the code is RATE. Finally, if a cryptographic violation occurs, the code is CRYP.

A client receiving a kod performs a set of sanity checks to minimize security exposure, then updates the stratum and reference identifier peer variables, sets the access denied (TEST4) bit in the peer flash variable and sends a message to the log. As long as the TEST4 bit is set, the client will send no further packets to the server. The only way at present to recover from this condition is to restart the protocol at both the client and server. This happens automatically at the client when the association times out. It will happen at the server only if the server operator cooperates.

13.4.2.2.2 Access Control Statements and Flags

The syntax for the restrict statement is as follows:

restrict address [mask mask] [flag][...]
The address argument is the address of a host or network. The mask argument defaults to 255.255.255.255, meaning that address is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0) is always the first entry in the list. The text string DEFAULT with no mask option can be used to indicate the default entry.
The flag argument always restricts access (that is, an entry with no flags indicates that free access to the server is to be given). The flags are not orthogonal in that more restrictive flags often make less restrictive ones redundant. The flags can generally be classed into two categories: those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.
You can specify one or more of the flags shown in the following table:

Table 13-1 Restrict Statement Flags
Flag Description

kod If access is denied, send a kiss-of-death packet.

ignore Ignore all packets from hosts that match this entry. If this flag is specified, do not respond to queries and time server polls.

noquery Deny ntpq and ntpdc queries. Time service is not affected.

nomodify Deny ntpq and ntpdc queries that attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.

noserve Deny all packets except ntpq and ntpdc queries.

nopeer Deny packets that would result in mobilizing a new association. This includes broadcast, symmetric-active, and manycast client packets when a configured association does not exist.

notrust Deny packets unless the packet is cryptographically authenticated..

limited Deny service if the packet spacing violates the lower limits specified in the discard command. A history of clients is kept using the monitoring capability of the NTP server. Thus, monitoring is always active as long as there is a restriction entry with the limited flag.

ntpport This is actually a match algorithm modifier, not a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both ntpport and non-ntpport can be specified. The ntpport is considered more specific and is sorted later in the list.

version Ignore these hosts if not the current NTP version. Default restriction list entries, with the flags ignore , interface , ntpport , for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present if it is otherwise unconfigured. No flags are associated with the default entry (that is, everything but your own NTP server is unrestricted).

discard [average avg] [minimum min] [monitor prob]
Sets the parameters of the limited facility that protects the server from client abuse. The average subcommand specifies the minimum average packet spacing, while the minimum subcommand specifies the minimum packet spacing. Packets that violate these minima are discarded and a kod packet returned if enabled. The default minimum average and minimum are 5 and 2, respectively. The monitor subcommand specifies the probability of discard for packets that overflow the rate-control window.

**Table 13-1 Restrict Statement Flags**
Flag	Description
`kod`	If access is denied, send a kiss-of-death packet.
`ignore`	Ignore all packets from hosts that match this entry. If this flag is specified, do not respond to queries and time server polls.
`noquery`	Deny `ntpq` and `ntpdc` queries. Time service is not affected.
`nomodify`	Deny `ntpq` and `ntpdc` queries that attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.
`noserve`	Deny all packets except `ntpq` and `ntpdc` queries.
`nopeer`	Deny packets that would result in mobilizing a new association. This includes broadcast, symmetric-active, and manycast client packets when a configured association does not exist.
`notrust`	Deny packets unless the packet is cryptographically authenticated..
`limited`	Deny service if the packet spacing violates the lower limits specified in the `discard` command. A history of clients is kept using the monitoring capability of the NTP server. Thus, monitoring is always active as long as there is a restriction entry with the `limited` flag.
`ntpport`	This is actually a match algorithm modifier, not a restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). Both `ntpport` and `non-ntpport` can be specified. The `ntpport` is considered more specific and is sorted later in the list.
`version`	Ignore these hosts if not the current NTP version. Default restriction list entries, with the flags `ignore` , `interface` , `ntpport` , for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present if it is otherwise unconfigured. No flags are associated with the default entry (that is, everything but your own NTP server is unrestricted).

13.4.2.3 Sample NTP Configuration File

A sample of the NTP configuration template follows:

# # File name: TCPIP$NTP.CONF # Product: HP TCP/IP Services for OpenVMS # Version: V5.6 # # © Copyright 1976, 2006 Hewlett-Packard Development Company, L.P. # # NTP server configuration file # # # DESCRIPTION: # # This file contains configuration information for the NTP server. # Before starting the NTP server, you must edit this file and copy # it to SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.CONF. # # Refer to the HP TCP/IP Services for OpenVMS Management guide for # instructions on editing and using this file. # # # CONFIGURATION INSTRUCTIONS: # # The Network Time Protocol (NTP) provides synchronized timekeeping among # a set of distributed time servers and clients. The local OpenVMS host # maintains an NTP configuration file, TCPIP$NTP.CONF, of participating peers. # TCPIP$NTP.CONF is maintained in the SYS$SPECIFIC:[TCPIP$NTP] directory. # # Determine the peer hosts with which the local hosts should negotiate # and synchronize. Include at least one (but preferably three) hosts # that you are certain have the following characteristics: # # 1. provide accurate time # 2. synchronize to Internet Time Servers # (if they are not themselves Internet Time Servers) # # The NTP configuration file is not dynamic, and therefore requires # restarting NTP after being edited to make the changes take effect. # However, you can make run-time configuration requests interactively # using the NTPDC utility. # # CONFIGURATION: # # Your NTP configuration file should always include the following # driftfile entry. The driftfile is the name of the file that stores # the clock drift (also known as frequency error) of the system clock. driftfile SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.DRIFT # Samples entries follow below. Replace them with your own list of # hosts and identify the appropriate association mode. If you specify # multiple hosts, NTP can choose the best source with which to # synchronize. This also provides redundancy in case one of the hosts # becomes unavailable. # # Client/Server Mode # # Client/Server mode indicates that the local host wants to obtain # time from the remote server and is willing to supply time to the # remote server. Indicate Client/Server mode with a peer statement. # Identify each peer with a fully-qualified DNS host name or with an # IP address in dotted-decimal notation. peer 10.1.2.3 peer ntp0.myorg.mycorp.com peer ntp1.myorg.mycorp.com # Client Mode # # Client mode indicates that the local host wants to obtain time from # the remote server but it is not willing to provide time to the # remote server. Indicate client mode with the server statement. # Identify each server with a fully-qualified DNS host name or with an # IP address in dotted-decimal notation. server 10.2.3.4 server 10.3.4.5 server ntp3.myorg.mycorp.com # The following commands allow interoperation of NTP with another time # service such as DTSS. If enabled (by removing #), NTP will not set # the system clock. # server 127.127.1.0 prefer # fudge 127.127.1.0 stratum 0 # The following commands allow this node to act as a backup NTP server # (or as the sole NTP server on an isolated network), using its own # system clock as the reference source. If enabled (by removing #), # this NTP server will become active only when all other normal # synchronization sources are unavailable. # server 127.127.1.0 # fudge 127.127.1.0 stratum 8

13.4.3 Using NTP with Another Time Service

A local host can run more than one time service. For example, a host can have both NTP and DTSS (Digital Time Synchronization Service) installed. However, only one of these time services is allowed to set the system clock.

If you are running a time service in addition to NTP, you must stop either the other time source or NTP from setting the system clock. You can stop NTP from setting the system clock by adding the following statements to the configuration file:

server 127.127.1.0 prefer fudge 127.127.1.0 stratum 0

In these statements, the hardware address of the local clock (LOCAL) is 127.127.1.0. These statements force NTP to use its own system clock as a reference clock. The host continues to respond to NTP time queries but does not make any adjustments to the system clock, thereby allowing the other time service to make those changes.

13.5 Configuring NTP as Backup Time Server

You can configure the NTP service as a backup time server. In this case, if all other network synchronization sources become unavailable, the NTP service becomes active. You can also use this method to allow the local node to act as the NTP server in an an isolated network. To configure the NTP service as the backup server or the sole NTP server, enter the following commands in the NTP configuration file:

server 127.127.1.0 fudge 127.127.1.0 stratum 8

In this example, the stratum is set to a high number (8) so that it will not interfere with any other, possibly better, time synchronization source. You should set the stratum to a number that is higher than the stratum of all other time synchronization sources.

13.6 NTP Event Logging

NTP maintains a record of system clock updates in the file SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP_RUN.LOG. NTP reopens this log file daily, each time creating a new version of the file (older versions are not automatically purged). Events logged to this file can include the following messages:

Synchronization status that indicates synchronization was lost, stratum changes, and so forth
System time adjustments
Time adjustment status

Logging can be increased by using the logconfig option in TCPIP$NTP.CONF. For more information, see Section 13.4.2.

In addition, you can enable debugging diagnostics by defining the following logical name with /SYSTEM and a value from 1 through 6, where 6 specifies the most detailed logging:

$ DEFINE /SYSTEM TCPIP$NTP_LOG_LEVEL n

Table 13-2 describes the messages most frequently included in the NTP log file.

Table 13-2 NTP Log File Messages
Message Description

Time slew time Indicates that NTP has set the local clock by slewing the local time to match the synchronization source. This happens because the local host is no longer synchronized. For example:
time slew -0.218843 s

Synchronization lost This usually occurs after a time reset. All peer filter registers are cleared, for example, for that particular peer; all state variables are reset along with the polling interval; and the clock selection procedure is once again performed.

Couldn't resolve hostname, giving up on it Indicates that the host name could not be resolved. This peer will not be considered for the candidate list of peers. For example:
couldn't resolve 'fred', giving up on it

Send to IP-address: reason Indicates that a problem occurred while sending a packet to its destination. The most common reason logged is "connection refused." For example:
sendto(16.20.208.100): connection refused

Time Correction of delta-time seconds exceeds sanity limit (1000); set clock manually to the correct UTC time NTP has detected a time difference greater than 1000 seconds between the local clock and the server clock. You must set the clock manually or use the NTPDATE program and then restart NTP. Once NTP sets the clock, it continuously tracks the discrepancy between the local time and NTP time and adjusts the clock accordingly.

offset: n sec freq x ppm poll: y sec error z An hourly message, in which:

offset is the offset (in seconds) of the peer clock relative to the local clock (that is, the amount to adjust the local clock to bring it into correspondence with the reference clock).
freq is the computed error in the intrinsic frequency of the local clock (also known as "drift") (in parts per million).
poll is the minimum interval (in seconds) between transmitted messages (that is, messages sent between NTP peers, as in a client to a server).
error is the measure of network jitter (that is, latencies in computer hardware and software).

No clock adjustments will be made, DTSS is active Indicates that the DTSS time service is running on the system. The DTSS time service should be disabled if you would like NTP to set the system time. To disable the DTSS time service, follow these steps:

Boot up normally, allowing DTSS to come up.
Set the TDF using NET$CONFIGURE OPTION 5 (set timezone).
Enter the NCL DISABLE DTSS command.
Enter the NCL DELETE DTSS command.
Put the following command in the SYLOGICALS.COM file:
$ DEFINE/SYSTEM NET$DISABLE_DTSS 1

Alternatively, you can configure the NTP server not to make clock adjustments, as described in Section 13.4.3. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.

Clock adjustments will resume. DTSS no longer active Indicates that the DTSS time service has been disabled on the system. NTP will now handle clock adjustments. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.

**Table 13-2 NTP Log File Messages**
Message	Description
Time slew time	Indicates that NTP has set the local clock by slewing the local time to match the synchronization source. This happens because the local host is no longer synchronized. For example: time slew -0.218843 s
Synchronization lost	This usually occurs after a time reset. All peer filter registers are cleared, for example, for that particular peer; all state variables are reset along with the polling interval; and the clock selection procedure is once again performed.
Couldn't resolve hostname, giving up on it	Indicates that the host name could not be resolved. This peer will not be considered for the candidate list of peers. For example: couldn't resolve 'fred', giving up on it
Send to IP-address: reason	Indicates that a problem occurred while sending a packet to its destination. The most common reason logged is "connection refused." For example: sendto(16.20.208.100): connection refused
Time Correction of delta-time seconds exceeds sanity limit (1000); set clock manually to the correct UTC time	NTP has detected a time difference greater than 1000 seconds between the local clock and the server clock. You must set the clock manually or use the NTPDATE program and then restart NTP. Once NTP sets the clock, it continuously tracks the discrepancy between the local time and NTP time and adjusts the clock accordingly.
offset: n sec freq x ppm poll: y sec error z	An hourly message, in which: `offset` is the offset (in seconds) of the peer clock relative to the local clock (that is, the amount to adjust the local clock to bring it into correspondence with the reference clock). `freq` is the computed error in the intrinsic frequency of the local clock (also known as "drift") (in parts per million). `poll` is the minimum interval (in seconds) between transmitted messages (that is, messages sent between NTP peers, as in a client to a server). `error` is the measure of network jitter (that is, latencies in computer hardware and software).
No clock adjustments will be made, DTSS is active	Indicates that the DTSS time service is running on the system. The DTSS time service should be disabled if you would like NTP to set the system time. To disable the DTSS time service, follow these steps: Boot up normally, allowing DTSS to come up. Set the TDF using NET$CONFIGURE OPTION 5 (set timezone). Enter the NCL DISABLE DTSS command. Enter the NCL DELETE DTSS command. Put the following command in the SYLOGICALS.COM file: $ DEFINE/SYSTEM NET$DISABLE_DTSS 1 Alternatively, you can configure the NTP server not to make clock adjustments, as described in Section 13.4.3. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.
Clock adjustments will resume. DTSS no longer active	Indicates that the DTSS time service has been disabled on the system. NTP will now handle clock adjustments. NTP dynamically detects whether the DTSS time service is enabled at any time and will log this message if appropriate.

Contents

Index

HP TCP/IP Services for OpenVMSManagement