Re: NTP Sync Issue Across Tata (Europe)

["Giovane C. M. Moura via NANOG" <nanog () nanog org>]

Hi Mark,


> I have NTP servers in Europe that are choosing Tata (6453) to get to
>  0.freebsd.pool.ntp.org which lives on 197.224.66.40:
>
>
> NTP is not sync'ing to that address, and sessions stay in an Init
> state.
TL;DR: I'd guess your NTP Server IP address is geolocated to Mauritius. 
The Mauritius zone[0] on the pool has only one server, so you'll only 
see this one. To fix it, use europe.pool.ntp.org (_do not_ use 
pool.ntp.org).


Longer answer:

NTP pool folks use GeoDNS[1], which is their DNS server to map clients 
to servers.

The `0.freebsd.pool.ntp.org` name is just an alias for them -- what they 
really do is this:

 * Get geolocation_data(client_IP_address): <country, continent>
 * check country subzone in NTP pool (e.g, nl.pool.ntp.org [2]):
   * If there are >=1  servers in the zone, return (up to) 4 or them
   * If there is one, then return just one (this is a _known issue_)
   * if there is none, then fall back to the continent zone (Europe[3])

I've seen the same issue before with Guernsey clients (only one server). 
We have contact the pool operators and they are working now on a new 
GeoDNS version to prevent this from happening [4]

More details in [5].

In short, change your ntp configuration; the issue you have is that 
despite having 4k servers on the Pool, this strict GeoDNS mapping 
prevents you from accessing the other servers just bc of your IP 
address. The reasoning is to prevent asymmetric routing [4], but they 
are working on a fix to prevent these scenarios.


/giovane

[0] https://www.ntppool.org/zone/mu
[1] https://github.com/abh/geodns
[2] https://www.ntppool.org/zone/nl
[3] https://www.ntppool.org/zone/europe
[4] https://community.ntppool.org/t/minor-new-features-on-the-website/2947/8
[5] 
https://www.sidnlabs.nl/downloads/5aPx86UtFmvKs6WE3LHwbU/c6acce6a012fe07256bab8caefff54af/Diving_into_the_NTP_Pool.pdf