ntpMerlin ntpMerlin - NTP Daemon for AsusWRT Merlin

[gattaca]

Polite Parameters for public NTP servers

• Minpoll defaults to 6 (64 seconds). Minpoll should never be set lower than six.
• Maxpoll defaults to 10 (1024 seconds). It is acceptable to go as low as six. Most clocks perform poorly, so wide clock offsets from changes in ambient temperature and computer load may make maxpoll as low as 6 desirable.
• Iburst is acceptable but burst is not acceptable

If you also have your own NTP server

• Minpoll can be set to the minimum of 3 (8 seconds) but is not very effective unless NTP server is connected to GPS
• Set iburst to your NTP server and remove iburst from the public NTP servers in your ntp.conf.

I corrected the example by removing the min/max polling. Sorry for posting the example which I had not explicitly tested on the ASUS router.
Yes, your statements are accurate.
My warnings about NOT using burst and being careful with Publics are clearly notated in the example. Maybe it was not clear. Thanks for the clarifications.

I explained why we use maxpoll 7 - too many less than ideal "internal" NTP sources mostly driven by commodity PC's (very bad choice by IT) and routers both using drifting time-chips never designed to be reliable NTP sources.

BTW, as long as you have a highly accurate time-base minpoll can be lowered. For instance, if you have mainframe-class machines as part of an enterprise NTP network, their clocks are very accurate and good-enough to be stratum 2 easily. Far too often I see what I described earlier where IT thinks anything running an NTP server is just fine. That's also why I'm cautious with the "public" networks and really prefer to go after specific targets. You just need to make sure you have 3-5 reliable sources to thwart MIM attacks. I'm sure there's a paper or discussion floating around about that too somewhere. You would not believe the time I had just getting that point across our local IT team!!

My apologies for all the confusion above!

 

[Jack Yaz]

You should be able to download from this link -

https://drive.google.com/open?id=1sJFNxcMHCkRVgdKl-OwUHedLUg2_PZeu

Thanks, can you try 1.2.4 from the develop branch?

 

[PeterR]

Thanks, can you try 1.2.4 from the develop branch?

Hi Jack,

There's an error at the end of the install script:

Configuring libart.
Configuring librrd.
Configuring rrdtool.
cp: can't stat '/www/require/modules/menuTree.js': No such file or directory
cp: can't stat '/www/require/modules/menuTree.js': No such file or directory
sed: /tmp/menuTree.js: No such file or directory
cp: can't stat '/tmp/menuTree.js': No such file or directory
mount: mounting /jffs/scripts/custom_menuTree.js on /www/require/modules/menuTree.js failed: No such file or directory

​

The menu is available:

##########################################################

##                                                      ##
##         _           __  __              _  _         ##
##        | |         |  \/  |            | |(_)        ##
##  _ __  | |_  _ __  | \  / |  ___  _ __ | | _  _ __   ##
## | '_ \ | __|| '_ \ | |\/| | / _ \| '__|| || || '_ \  ##
## | | | || |_ | |_) || |  | ||  __/| |   | || || | | | ##
## |_| |_| \__|| .__/ |_|  |_| \___||_|   |_||_||_| |_| ##
##             | |                                      ##
##             |_|                                      ##
##                                                      ##
##                  v1.2.4 on RT-AC66U                  ##
##                                                      ##
##       https://github.com/jackyaz/ntpMerlin           ##
##                                                      ##
##                                                      ##
##               DST is currently Inactive              ##
##                                                      ##
##    DST starts on Month  Week  Weekday  Hour          ##
##    DST ends on Month  Week  Weekday  Hour            ##
##                                                      ##
##########################################################

1.    Generate updated ntpMerlin graphs now

2.    Toggle redirect of all NTP traffic to ntpMerlin
      (currently Disabled)

3.    Edit ntpMerlin config

u.    Check for updates
uf.   Update ntpMerlin with latest version (force update)

e.    Exit ntpMerlin

z.    Uninstall ntpMerlin

##########################################################

But not the graphs in the web interface

 

[Jack Yaz]

Hi Jack,

There's an error at the end of the install script:

Configuring libart.
Configuring librrd.
Configuring rrdtool.
cp: can't stat '/www/require/modules/menuTree.js': No such file or directory
cp: can't stat '/www/require/modules/menuTree.js': No such file or directory
sed: /tmp/menuTree.js: No such file or directory
cp: can't stat '/tmp/menuTree.js': No such file or directory
mount: mounting /jffs/scripts/custom_menuTree.js on /www/require/modules/menuTree.js failed: No such file or directory

​

The menu is available:

##########################################################

##                                                      ##
##         _           __  __              _  _         ##
##        | |         |  \/  |            | |(_)        ##
##  _ __  | |_  _ __  | \  / |  ___  _ __ | | _  _ __   ##
## | '_ \ | __|| '_ \ | |\/| | / _ \| '__|| || || '_ \  ##
## | | | || |_ | |_) || |  | ||  __/| |   | || || | | | ##
## |_| |_| \__|| .__/ |_|  |_| \___||_|   |_||_||_| |_| ##
##             | |                                      ##
##             |_|                                      ##
##                                                      ##
##                  v1.2.4 on RT-AC66U                  ##
##                                                      ##
##       https://github.com/jackyaz/ntpMerlin           ##
##                                                      ##
##                                                      ##
##               DST is currently Inactive              ##
##                                                      ##
##    DST starts on Month  Week  Weekday  Hour          ##
##    DST ends on Month  Week  Weekday  Hour            ##
##                                                      ##
##########################################################

1.    Generate updated ntpMerlin graphs now

2.    Toggle redirect of all NTP traffic to ntpMerlin
      (currently Disabled)

3.    Edit ntpMerlin config

u.    Check for updates
uf.   Update ntpMerlin with latest version (force update)

e.    Exit ntpMerlin

z.    Uninstall ntpMerlin

##########################################################

But not the graphs in the web interface

Apologies i goofed some of the logic, that error should be fixed now.

Regarding the graphs, does the page appear and its just the graphs missing?

 

[PeterR]

Apologies i goofed some of the logic, that error should be fixed now.

Regarding the graphs, does the page appear and its just the graphs missing?

I did a clean install - no errors this time however the gui menu doesn't appear:

 

[heysoundude]

Polite Parameters for public NTP servers

• Minpoll defaults to 6 (64 seconds). Minpoll should never be set lower than six.
• Maxpoll defaults to 10 (1024 seconds). It is acceptable to go as low as six. Most clocks perform poorly, so wide clock offsets from changes in ambient temperature and computer load may make maxpoll as low as 6 desirable.
• Iburst is acceptable but burst is not acceptable

If you also have your own NTP server

• Minpoll can be set to the minimum of 3 (8 seconds) but is not very effective unless NTP server is connected to GPS
• Set iburst to your NTP server and remove iburst from the public NTP servers in your ntp.conf.

Oooh, now THIS is cool stuff, and I'm not sure if people understand what all is actually happening with the man behind the curtain/in the accounting dep't so:

with minpoll set to 6, every 64 seconds the router does a self audit of whether it is ahead of or behind the ntp reference clock. so somewhere in second 63, it pings (listens to? for?) the ntp reference, then corrects

maxpoll is a redundancy to check that minpoll is accurate: set to 8, every 255 seconds it verifies that minpoll is correct and functioning, by pinging/listening to the ntp clock, and correcting again

From this process, a jitter number is determined, and an offset is reported.

Remember, jitter is the perceived stability of the clock source, and that number is the difference between what was expected and what was observed when comparing external and internal clocks. Offset is how much correction needed applying to keep everybody happy

I'd (that is me, personally; you might not be as OCD about time) set min to 6 and max to 7 so that every 2nd minpoll gets verified: the ONE-BOTH-ONE-BOTH... cycle becomes as regular as a ticking clock. which should keep your jitter number low, and your offset at a minimum....without becoming too much of a burden on your connection/system/network.
Nice to see that I'm on the same page as a network architect/IT pro like @gattaca in my thinking here...

 

[gattaca]

Oooh, now THIS is cool stuff, and I'm not sure if people understand what all is actually happening with the man behind the curtain/in the accounting dep't so...

You are correct. We wanted the NTP jitter to remain as flat as possible. Some applications are extremely sensitive, other's are not. So you have to build a profile which fits the use cases or build a compromise model. You also have instances where you need both "internal to the business" and "external/public" NPT sources or you need the profile to use a subset of those.

FWIW, I typically like to select 5-8 reliable NTP stratum 2/3 systems. With the public pools you get what's participating so selecting pools with more physical locale to you (US etc..) usually helps with the jitter too and meets 99.999% of most people's needs. Just be sure you end up with 5-8 actual reliable timeservers. Use ntpq -p to see what ntpd selected when it started.

 

[heysoundude]

You are correct. We wanted the NTP jitter to remain as flat as possible. Some applications are extremely sensitive, other's are not. So you have to build a profile which fits the use cases or build a compromise model. You also have instances where you need both "internal to the business" and "external/public" NPT sources or you need the profile to use a subset of those.

FWIW, I typically like to select 5-8 reliable NTP stratum 2/3 systems. With the public pools you get what's participating so selecting pools with more physical locale to you (US etc..) usually helps with the jitter too and meets 99.999% of most people's needs. Just be sure you end up with 5-8 actual reliable timeservers. Use ntpq -p to see what ntpd selected when it started.

My understanding is the pool servers would be among the most jittery, due to needing to establish a consensus and THEN transmit it, so I've gone looking for lone-wolf servers...like people do when referencing GPS time.

Lucky for me, the constellation of servers near me are all within 30 miles and are stratum 2.

 

[XIII]

Just tried Asuswrt-Merlin 384.11 Alpha 2. Somehow ntpMerlin no longer worked (despite adding server=/pool.ntp.org/1.1.1.1 to /jffs/configs/dnsmasq.conf.add); it got stuck on "S77ntpd: Waiting for NTP to sync before starting...".

When I tried to check settings via amtm I got this message: "ntpMerlin: New version of S77ntpd downloaded". However, that actually removed S77ntpd: "/jffs/scripts/ntpmerlin: line 881: /opt/etc/init.d/S77ntpd: not found"! (I manually checked; the file was indeed gone)

Looks like something weird happens when running the script if DNS is not working properly?

(unbound did not resolve names because the system date/time was wrong)

 

[Jack Yaz]

Just tried Asuswrt-Merlin 384.11 Alpha 2. Somehow ntpMerlin no longer worked (despite adding server=/pool.ntp.org/1.1.1.1 to /jffs/configs/dnsmasq.conf.add); it got stuck on "S77ntpd: Waiting for NTP to sync before starting...".

When I tried to check settings via amtm I got this message: "ntpMerlin: New version of S77ntpd downloaded". However, that actually removed S77ntpd: "/jffs/scripts/ntpmerlin: line 881: /opt/etc/init.d/S77ntpd: not found"! (I manually checked; the file was indeed gone)

Looks like something weird happens when running the script if DNS is not working properly?

(unbound did not resolve names because the system date/time was wrong)

The script deletes the file as it assumes the download will succeed (since it just queried the repository). I can tidy that up.

The waiting for sync bit relies on the ntp_ready nvram variable being set - it's possible this no longer gets set in the new alpha ?

 

[XIII]

The waiting for sync bit relies on the ntp_ready nvram variable being set - it's possible this no longer gets set in the new alpha ?

I downgraded to 384.10_2 and have the same issue now: S77ntpd: Waiting for NTP to sync before starting...

# nvram show | grep ntp_ready
ntp_ready=0

 

[Jack Yaz]

Anything in syslog as to why ntp hasn't been set? Is pool.ntp.org what you've set for the ntp server in the webui?

 

[XIII]

Anything in syslog as to why ntp hasn't been set? Is pool.ntp.org what you've set for the ntp server in the webui?

Oops: it was <2-letter-country-code>.pool.ntp.org; I had to use that in dnsmasq.conf.add it seems?

(example: us.pool.ntp.org instead of pool.ntp.org)

 

[Jack Yaz]

Oops: it was <2-letter-country-code>.pool.ntp.org; I had to use that in dnsmasq.conf.add it seems?

(example: us.pool.ntp.org instead of pool.ntp.org)

Yes, if you're using stubby it needs to match what the ntp client is configured to use

 

[XIII]

Yes, if you're using stubby it needs to match what the ntp client is configured to use

I'm not using stubby (manual unbound configuration instead).

(should try again with 384.11 Alpha, but don't have more time for that now)

 

[XIII]

Seems to work; also after a router reboot (and a little patience).

 

[Jack Yaz]

1.2.4 is now available
Changelog:

Add compatibility for connmon
Add missing averages and increase accuracy of figures reported under graphs

 

[Jack Yaz]

I did a clean install - no errors this time however the gui menu doesn't appear:

Can you check if custom_state.js exists in JFFS?

 

[XIII]

(should try again with 384.11 Alpha, but don't have more time for that now)

While adding that server entry does work for 384.10_2, it does not seem to work for 384.11 Alpha 2...

Even after a few minutes: "S77ntpd: Waiting for NTP to sync before starting..."

 

[Jack Yaz]

While adding that server entry does work for 384.10_2, it does not seem to work for 384.11 Alpha 2...

Even after a few minutes: "S77ntpd: Waiting for NTP to sync before starting..."

Probably worth asking Merlin if the nvram variable is still used