NTP server Issue

rplant · March 29, 2020, 8:00am

ROSV7 Beta 5
HAPAC2,
In bridge mode, (all ports bridged, bridge interface marked as LAN)

The NTP server response to the client seems likely to always be port 123

Trace below is from (userland client) from port 55188 to server on port 123
Server sends response to client but with destination port of 123 (not 55188)

Client doesn’t get response…
Response won’t traverse nat.

Also the reference ID it sent was: 18.178.46.202
It is configured to use 192.168.1.24

See Below
Thanks

/system logging
add topics=ntp
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes local-clock-stratum=3 manycast=yes
/system ntp client servers
add address=192.168.1.24

1 0.000000 192.168.1.141 192.168.1.26 NTP 90 NTP Version 1, client

Frame 1: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0
Ethernet II, Src: IntelCor_aa:4e:b1 (94:e6:f7:aa:4e:b1), Dst: Routerbo_eb:1d:a4 (cc:2d:e0:eb:1d:a4)
Internet Protocol Version 4, Src: 192.168.1.141, Dst: 192.168.1.26
User Datagram Protocol, Src Port: 55188, Dst Port: 123
Network Time Protocol (NTP Version 1, client)
Flags: 0x0b, Leap Indicator: no warning, Version number: NTP Version 1, Mode: client
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: invalid (0)
Peer Clock Precision: 1.000000 seconds
Root Delay: 0.000000 seconds
Root Dispersion: 0.000000 seconds
Reference ID: NULL
Reference Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Origin Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Receive Timestamp: Feb 7, 2036 06:28:16.000000000 UTC
Transmit Timestamp: Mar 29, 2020 07:38:27.889999999 UTC

2 0.001508 192.168.1.26 192.168.1.141 NTP 90 NTP Version 1, server

Frame 2: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface 0
Ethernet II, Src: Routerbo_eb:1d:a4 (cc:2d:e0:eb:1d:a4), Dst: IntelCor_aa:4e:b1 (94:e6:f7:aa:4e:b1)
Internet Protocol Version 4, Src: 192.168.1.26, Dst: 192.168.1.141
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 1, server)
Flags: 0x0c, Leap Indicator: no warning, Version number: NTP Version 1, Mode: server
Peer Clock Stratum: secondary reference (4)
Peer Polling Interval: invalid (0)
Peer Clock Precision: 0.000001 seconds
Root Delay: 0.000519 seconds
Root Dispersion: 0.020782 seconds
Reference ID: 18.178.46.202
Reference Timestamp: Mar 29, 2020 07:15:14.591022968 UTC
Origin Timestamp: Mar 29, 2020 07:38:27.889999999 UTC
Receive Timestamp: Mar 29, 2020 07:38:27.819204999 UTC
Transmit Timestamp: Mar 29, 2020 07:38:27.819517999 UTC

rplant · May 4, 2020, 10:10am

Hi,

I had a bit of a further trial with this, (behind some src-nat, which put me on the right port), it seems to work ok.
I quite like that you can specify the Local Clock Stratum. I would like it if it continued to use the specified stratum when you enabled
the NTP Client, (Perhaps with a warning when you do this)

Perhaps (if you have lots of spare engineering time) Mikrotik could make a tiny dedicated NTP server dongle which plugs into the USB port of a router
(looking like an ethernet connected device to the router) with the other end providing connections for a common GPS module (with pulse), and giving a very accurate time.

Thanks

pe1chl · May 4, 2020, 12:49pm

Unfortunately USB devices do not give very accurate time.
There already is support for “GPS mouse” devices in RouterOS but frankly the time quality is lousy when compared to network devices.
Also, the NTP server in RouterOS v6 is not of very good quality, hopefully it is better in v7 (cannot really test that yet).

When you require a good quality NTP service look at standalone network devices like the Leo Bodnar NTP server.

rplant · May 5, 2020, 11:28pm

I had a look at one of the Leo Bodnar NTP server’s, it is rather cool, but way beyond what I need.

Thanks

On thinking about it I doubt I actually need anything better than 0.5 to 1 second accuracy. (I would like 10-50mS)
The main reason I want GPS, is because of the very rare occasion when I find everything is 5 or 10 minutes out
because of some broken internet NTP server(s),

I would like to be isolated from that mess.

But then I want internet as a backup for when the GPS is broken.
Currently the GPS connected Mikrotik (Ros V6) spits out a stratum 6, so the internet is preferred.

pe1chl · May 6, 2020, 9:01am

Yes but that should be fine, as usually an internet time server will get you better time than a GPS mouse.
(of course assuming the internet connection is decent and not completely overloaded)

Remember a GPS mouse gives time that is accurate only to about 1 second. The thing itself has very accurate time inside but then it sends out random messages over serial with the “time of last fix”, and the timestamp of sending those messages is not related to the time inside the messages (which is the time it last calculated a position from the satellite signals).
That is why having a large stratum on the GPS mouse really isn’t a bad idea.
And when you use it as a backup for internet time, it should still work OK. You will have much better time than “5 or 10 minutes out”, but unfortunately not 10-50ms…

When you mentioned “a very accurate time” I presumed you wanted something within a millisecond or so.
That is not doable with a GPS mouse without additional “1 pulse per second” support, which most GPS mice don’t have (sometimes you can solder an extra wire and have it).
The NTP server in v7 looks to be more like the standard “ntpd”, at least w.r.t features. Maybe it will support such constructs in the future?

mutluit · May 6, 2020, 2:10pm

I would recommend to use only the ntp server(s) of your ISP, and feed it to an own ntp server in your LAN, and let all clients use that your very own local ntp server…

pe1chl · May 6, 2020, 2:14pm

You can do that with RouterOS by installing the NTP package, however it does not work very well.
In version 7 beta it is much better.

mutluit · May 6, 2020, 2:18pm

Yes, if that’s not working satisfactorily then one can install an ntp server also on any normal server box, for example from the package repository of the OS, usually named ntp or ntpd or openntp etc.
And: of course the firewall(s) in the LAN must have the port 123/udp+tcp opened in the outgoing direction for the clients, and in the incoming direction for the ntp-server.
As was pointed out also by @pe1chl: an own ntp server in LAN should serve the LAN only, not WAN too.

Update: fixed some statements regarding ntp ports on firewall(s).

pe1chl · May 6, 2020, 4:41pm

I would not recommend opening an NTP server on a router to clients on internet.
Normally you setup the firewall so that the clients on the LAN can access your server, and your server is client to servers on internet (which is covered by an established/related rule in the input firewall).

mutluit · May 6, 2020, 5:06pm

Yes, true, an own ntp server should serve the LAN only. I now updated my previous post accordingly. Thx.