ntpdate synchronization b/w two ntpservers - SUN

This is a discussion on ntpdate synchronization b/w two ntpservers - SUN ; BismillahirRehmanirRahim Hi Sun Admins, may i know is it possible to synchronize time using ntpdate b/w two ntpservers ? the problem is that our servers are unable to synchronize with our ntp server as its behind the firewall. As far ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: ntpdate synchronization b/w two ntpservers

  1. ntpdate synchronization b/w two ntpservers


    BismillahirRehmanirRahim

    Hi Sun Admins,

    may i know is it possible to synchronize time using ntpdate b/w two
    ntpservers ?

    the problem is that our servers are unable to synchronize with our ntp
    server as its behind the firewall.

    As far as i know, ntpdate uses port 123 UDP to connect to ntp Server

    the source port used by the client is choose randomnly >1023.

    so ntp server reply to ntp client request to that randomnly choose
    port.

    The problem is that we have bidirectional firewall. and they wont open
    firewall for randomn ports.

    the destination port should be specified or the range of ports should
    be
    specified.

    Do you know what range of ports will be used by ntp client when
    connect to
    the ntp server.

    As a workaround i decide to run ntpserver on my ntpclient. so in that
    case
    the both source & destination ports will be 123.

    So i want to know if it is possible to synchronise my Server if
    installed
    ntpserver on it and then it get sync with remote ntp server.

    2ndly what is the range of ports ntp client use to sync with ntp
    server.

    I hope i clearly describe my problem.

    Appreciate your expert inputs.

    Your Junior Admin
    Muhammad Salman Faheem

  2. Re: ntpdate synchronization b/w two ntpservers

    In article
    <03516e05-83a7-430d-9415-1d8f7a6ff446@d4g2000prg.googlegroups.com>,
    Salman wrote:

    > BismillahirRehmanirRahim
    >
    > Hi Sun Admins,
    >
    > may i know is it possible to synchronize time using ntpdate b/w two
    > ntpservers ?
    >
    > the problem is that our servers are unable to synchronize with our ntp
    > server as its behind the firewall.
    >
    > As far as i know, ntpdate uses port 123 UDP to connect to ntp Server
    >
    > the source port used by the client is choose randomnly >1023.
    >
    > so ntp server reply to ntp client request to that randomnly choose
    > port.
    >
    > The problem is that we have bidirectional firewall. and they wont open
    > firewall for randomn ports.
    >
    > the destination port should be specified or the range of ports should
    > be
    > specified.
    >
    > Do you know what range of ports will be used by ntp client when
    > connect to
    > the ntp server.
    >
    > As a workaround i decide to run ntpserver on my ntpclient. so in that
    > case
    > the both source & destination ports will be 123.
    >
    > So i want to know if it is possible to synchronise my Server if
    > installed
    > ntpserver on it and then it get sync with remote ntp server.
    >
    > 2ndly what is the range of ports ntp client use to sync with ntp
    > server.
    >
    > I hope i clearly describe my problem.
    >
    > Appreciate your expert inputs.
    >
    > Your Junior Admin
    > Muhammad Salman Faheem


    Since ntpd is a known service, you'll either have to make a business
    case for opening the firewall up to allow ONE machine access to a
    stratum 2 server outside your network or you'll have to setup a router
    with a GPS to use as the synching host. If your upper management won't
    allow for a reference time source, you can't really run ntpd using the
    stratum model. At best, you can set one machine's date and have all the
    other synch off of it, but they'll drift along with this reference
    machine.

    It will become someone's daily job to synchronize this machine to wall
    clock time. Good luck when that person goes on vacation and all your
    machines go south.

    Sometimes management has to be shown how stupid they are. I had a
    colleague tell the story of his time at VLSI working for an absolute
    half-wit as the IT manager. The guy didn't have a clue about networks
    and was insistent about severing the link between key segments of the
    network. My colleague warned him _in writing_ including a CC to his
    boss that this was a Bad Idea(tm) and that all sorts of things would
    break. The PHB ordered him _in writing_ to make the changes, so he did,
    acknowleging the changes to the PHB's boss and boss' boss. Then he went
    on a 2 week vacation. On his return, he immediately hands in his
    resignation. The PHB is forced to have him fix the network and cannot
    fire him. If he escorts him out the door, the knowledge of the network
    goes with him. After my colleague left, the entire IT department quit
    en masse a month later. For some reason, the PHB wasn't fired for this.
    Go figure.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...




  3. Re: ntpdate synchronization b/w two ntpservers

    On Dec 11, 3:00 am, Salman wrote:

    > may i know is it possible to synchronize time using ntpdate b/w two
    > ntpservers ?
    >
    > the problem is that our servers are unable to synchronize with our ntp
    > server as its behind the firewall.
    >
    > As far as i know, ntpdate uses port 123 UDP to connect to ntp Server
    >
    > the source port used by the client is choose randomnly >1023.


    I am fairly sure that ntpdate, when run with suitable privilege will
    source traffic from port 123. ntpd certainly will. So you'd need a
    firewall hole with src and dest being UDP/123 between client and
    server.

    Yes you can use ntpd to sync with a remote ntp server, and that woud
    be the normal way of doing it in fact: other than ntpdate (which is
    really intended for once-off-use at boot time or what have you), there
    is no distinct client-side ntp daemon.


  4. Re: ntpdate synchronization b/w two ntpservers

    In article ,
    Michael Vilain wrote:

    > In article
    > <03516e05-83a7-430d-9415-1d8f7a6ff446@d4g2000prg.googlegroups.com>,
    > Salman wrote:
    >
    > > BismillahirRehmanirRahim
    > >
    > > Hi Sun Admins,
    > >
    > > may i know is it possible to synchronize time using ntpdate b/w two
    > > ntpservers ?
    > >
    > > the problem is that our servers are unable to synchronize with our ntp
    > > server as its behind the firewall.
    > >
    > > As far as i know, ntpdate uses port 123 UDP to connect to ntp Server
    > >
    > > the source port used by the client is choose randomnly >1023.
    > >
    > > so ntp server reply to ntp client request to that randomnly choose
    > > port.
    > >
    > > The problem is that we have bidirectional firewall. and they wont open
    > > firewall for randomn ports.
    > >
    > > the destination port should be specified or the range of ports should
    > > be
    > > specified.
    > >
    > > Do you know what range of ports will be used by ntp client when
    > > connect to
    > > the ntp server.
    > >
    > > As a workaround i decide to run ntpserver on my ntpclient. so in that
    > > case
    > > the both source & destination ports will be 123.
    > >
    > > So i want to know if it is possible to synchronise my Server if
    > > installed
    > > ntpserver on it and then it get sync with remote ntp server.
    > >
    > > 2ndly what is the range of ports ntp client use to sync with ntp
    > > server.
    > >
    > > I hope i clearly describe my problem.
    > >
    > > Appreciate your expert inputs.
    > >
    > > Your Junior Admin
    > > Muhammad Salman Faheem

    >
    > Since ntpd is a known service, you'll either have to make a business
    > case for opening the firewall up to allow ONE machine access to a
    > stratum 2 server outside your network or you'll have to setup a router
    > with a GPS to use as the synching host. If your upper management won't
    > allow for a reference time source, you can't really run ntpd using the
    > stratum model. At best, you can set one machine's date and have all the
    > other synch off of it, but they'll drift along with this reference
    > machine.
    >
    > It will become someone's daily job to synchronize this machine to wall
    > clock time. Good luck when that person goes on vacation and all your
    > machines go south.
    >
    > Sometimes management has to be shown how stupid they are. I had a
    > colleague tell the story of his time at VLSI working for an absolute
    > half-wit as the IT manager. The guy didn't have a clue about networks
    > and was insistent about severing the link between key segments of the
    > network. My colleague warned him _in writing_ including a CC to his
    > boss that this was a Bad Idea(tm) and that all sorts of things would
    > break. The PHB ordered him _in writing_ to make the changes, so he did,
    > acknowleging the changes to the PHB's boss and boss' boss. Then he went
    > on a 2 week vacation. On his return, he immediately hands in his
    > resignation. The PHB is forced to have him fix the network and cannot
    > fire him. If he escorts him out the door, the knowledge of the network
    > goes with him. After my colleague left, the entire IT department quit
    > en masse a month later. For some reason, the PHB wasn't fired for this.
    > Go figure.


    http://www.wired.com/science/discove...2/time_hackers

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...




  5. Re: ntpdate synchronization b/w two ntpservers

    On Tue, 11 Dec 2007 09:50:17 -0800 Michael Vilain wrote:
    > In article ,
    > Michael Vilain wrote:
    >
    >> In article
    >> <03516e05-83a7-430d-9415-1d8f7a6ff446@d4g2000prg.googlegroups.com>,
    >> Salman wrote:
    >>
    >> > BismillahirRehmanirRahim
    >> >
    >> > Hi Sun Admins,
    >> >
    >> > may i know is it possible to synchronize time using ntpdate b/w two
    >> > ntpservers ?
    >> >
    >> > the problem is that our servers are unable to synchronize with our ntp
    >> > server as its behind the firewall.
    >> >
    >> > As far as i know, ntpdate uses port 123 UDP to connect to ntp Server
    >> >
    >> > the source port used by the client is choose randomnly >1023.
    >> >
    >> > so ntp server reply to ntp client request to that randomnly choose
    >> > port.
    >> >
    >> > The problem is that we have bidirectional firewall. and they wont open
    >> > firewall for randomn ports.
    >> >
    >> > the destination port should be specified or the range of ports should
    >> > be
    >> > specified.
    >> >
    >> > Do you know what range of ports will be used by ntp client when
    >> > connect to
    >> > the ntp server.
    >> >
    >> > As a workaround i decide to run ntpserver on my ntpclient. so in that
    >> > case
    >> > the both source & destination ports will be 123.
    >> >
    >> > So i want to know if it is possible to synchronise my Server if
    >> > installed
    >> > ntpserver on it and then it get sync with remote ntp server.
    >> >
    >> > 2ndly what is the range of ports ntp client use to sync with ntp
    >> > server.
    >> >
    >> > I hope i clearly describe my problem.
    >> >
    >> > Appreciate your expert inputs.
    >> >
    >> > Your Junior Admin
    >> > Muhammad Salman Faheem

    >>
    >> Since ntpd is a known service, you'll either have to make a business
    >> case for opening the firewall up to allow ONE machine access to a
    >> stratum 2 server outside your network or you'll have to setup a router
    >> with a GPS to use as the synching host. If your upper management won't
    >> allow for a reference time source, you can't really run ntpd using the
    >> stratum model. At best, you can set one machine's date and have all the
    >> other synch off of it, but they'll drift along with this reference
    >> machine.
    >>
    >> It will become someone's daily job to synchronize this machine to wall
    >> clock time. Good luck when that person goes on vacation and all your
    >> machines go south.
    >>
    >> Sometimes management has to be shown how stupid they are. I had a
    >> colleague tell the story of his time at VLSI working for an absolute
    >> half-wit as the IT manager. The guy didn't have a clue about networks
    >> and was insistent about severing the link between key segments of the
    >> network. My colleague warned him _in writing_ including a CC to his
    >> boss that this was a Bad Idea(tm) and that all sorts of things would
    >> break. The PHB ordered him _in writing_ to make the changes, so he did,
    >> acknowleging the changes to the PHB's boss and boss' boss. Then he went
    >> on a 2 week vacation. On his return, he immediately hands in his
    >> resignation. The PHB is forced to have him fix the network and cannot
    >> fire him. If he escorts him out the door, the knowledge of the network
    >> goes with him. After my colleague left, the entire IT department quit
    >> en masse a month later. For some reason, the PHB wasn't fired for this.
    >> Go figure.

    >
    > http://www.wired.com/science/discove...2/time_hackers


    cool! but how is it related to the 76 lines of text you quoted?

    -frank

  6. PHBs (was: ntpdate synchronization b/w two ntpservers)

    On Mon, 10 Dec 2007 21:26:22 -0800 Michael Vilain wrote:
    > Sometimes management has to be shown how stupid they are. I had a
    > colleague tell the story of his time at VLSI working for an absolute
    > half-wit as the IT manager. The guy didn't have a clue about networks
    > and was insistent about severing the link between key segments of the
    > network. My colleague warned him _in writing_ including a CC to his
    > boss that this was a Bad Idea(tm) and that all sorts of things would
    > break. The PHB ordered him _in writing_ to make the changes, so he did,
    > acknowleging the changes to the PHB's boss and boss' boss. Then he went
    > on a 2 week vacation. On his return, he immediately hands in his
    > resignation. The PHB is forced to have him fix the network and cannot
    > fire him. If he escorts him out the door, the knowledge of the network
    > goes with him. After my colleague left, the entire IT department quit
    > en masse a month later. For some reason, the PHB wasn't fired for this.
    > Go figure.


    The sad thing is, this is totally believable.

    My only question is I am surprised a company like VLSI would allow the
    situation to exist where only 1 person "knows" the network and there is
    no documentation. But I suppose that again reflects on poor management.

    -frank

  7. Re: PHBs (was: ntpdate synchronization b/w two ntpservers)

    BismillahirRehmanirRahim

    Hi Sun Admins,

    Appreciate good feedback on this issue.

    Your Junior Admin
    Muhammad Salman Faheem



+ Reply to Thread