Community discussions

MikroTik App
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Sep 12, 2022 12:44 am

Hey there!

I've upgraded to the new RB5009 from my old HAP AC, and I've noticed a strange behavior of the system clock. Many times a day the clock is being adjusted a second or even two
21:08:36 echo: system,critical,info ntp change time Sep/11/2022 21:08:37 => Sep/11/2022 21:08:36
21:58:52 echo: system,critical,info ntp change time Sep/11/2022 21:58:53 => Sep/11/2022 21:58:52
22:46:02 echo: system,critical,info ntp change time Sep/11/2022 22:46:03 => Sep/11/2022 22:46:02
23:35:15 echo: system,critical,info ntp change time Sep/11/2022 23:35:16 => Sep/11/2022 23:35:15
00:34:09 echo: system,critical,info ntp change time Sep/12/2022 00:34:11 => Sep/12/2022 00:34:09
The ntp client configuration:
 > system ntp client print
         enabled: yes
            mode: unicast
         servers: timeserver.iix.net.il
             vrf: main
      freq-drift: 442.319 PPM
          status: synchronized
   synced-server: timeserver.iix.net.il
  synced-stratum: 2
   system-offset: -251.803 ms
Here is the list of servers:
 > system ntp client servers print
Flags: X - disabled; D - dynamic
 0    address=timeserver.iix.net.il resolved-address=192.114.63.250 min-poll=6 max-poll=10 iburst=yes auth-key=none
 

I can't imagine how a clock can be that off. It looks to me more like some competing time updates but I don't know what alternative source of time could be there.
Any ideas?
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Sep 12, 2022 6:05 pm

So, after writing this yesterday, I've decided to disable the NTP client and see if the clock really drifts that much. With the PPM error advertised, I should have seen tens of seconds difference over the 12 hr period, and I've checked now that the clock is still perfectly aligned with my computer clock, within a 0.5 seconds error of perception.

So I'm starting to think that maybe I've accidentally imported the drift setting from my old router. I'll reset my frequency drift and see if that changes the picture
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Sep 12, 2022 6:17 pm

If you restored binary backup from hAP ac to RB5009, then you imported quite a few potential problems ... binary backups are not meant to transfer config between different device models (even if backup is restored on another device of same model it can cause some surprises). So the erroneous drift value might only be a beginning ...
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Sep 12, 2022 11:33 pm

:/

well, I did restore binary and then quickly realized it was not a good idea and restored back to the factory settings, then manually imported the relevant config via scripting.

After playing with this for a while I can see that resetting the frequency drift didn't really help; after starting the ntp client again I have observed the frequency drift get back to ~500 PPM and the constant time update messages returned
 20:35:18 system,info ntp settings changed by leo
 20:35:27 system,info ntp change time Sep/12/2022 20:35:27 => Sep/12/2022 20:35:27
 20:56:49 system,info ntp change time Sep/12/2022 20:56:49 => Sep/12/2022 20:56:49
 20:56:49 ntp,warning WARNING: frequency out of range: -0.000541. MAX: 0.000500
 21:15:03 system,info ntp change time Sep/12/2022 21:15:03 => Sep/12/2022 21:15:03
 21:32:15 system,info ntp change time Sep/12/2022 21:32:14 => Sep/12/2022 21:32:15
 21:53:41 system,info ntp change time Sep/12/2022 21:53:41 => Sep/12/2022 21:53:41
 22:16:08 system,info ntp change time Sep/12/2022 22:16:08 => Sep/12/2022 22:16:08
 22:37:32 system,info ntp change time Sep/12/2022 22:37:31 => Sep/12/2022 22:37:32
 22:53:38 system,info ntp change time Sep/12/2022 22:53:38 => Sep/12/2022 22:53:38
 23:18:13 system,info ntp change time Sep/12/2022 23:18:12 => Sep/12/2022 23:18:13
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 8:57 am

Changing the ntp server to `pool.ntp.org` (and resetting drift again) I still have the same issue
 23:36:55 system,info ntp change time Sep/12/2022 23:36:55 => Sep/12/2022 23:36:55
 23:54:06 system,info ntp change time Sep/12/2022 23:54:06 => Sep/12/2022 23:54:06
 00:09:08 system,info ntp change time Sep/13/2022 00:09:07 => Sep/13/2022 00:09:08
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 12:39 pm

I am not that confident factory reset will effectively clear all settings (but it should).

Might be the safer option to netinstall that device and start again from scratch importing from rsc export.
Best to be 100% sure.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 12:43 pm

You did disable "Update Time" from IP/Cloud, right?
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 10:30 pm

You did disable "Update Time" from IP/Cloud, right?
OMG! There was that tickmark, indeed! unchecking it and will report tomorrow.
> ip cloud print
          ddns-enabled: no
  ddns-update-interval: none
           update-time: yes
        public-address:
Thanks Znevna 🙏🏼
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 10:40 pm

While I do hope that will help, there's also this in the docs (https://help.mikrotik.com/docs/display/ ... Properties):
update-time (yes | no; Default: yes) If set to yes then router clock will be set to time, provided by cloud server IF there is no NTP or SNTP client enabled. If set to no, then IP/Cloud service will never update the device's clock. If update-time is set to yes, Clock will be updated even when ddns-enabled is set to no.
so, technically, since I had the NTP client enabled, that setting should have been ignored. We'll see about that soon.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 10:43 pm

I didn't check the docs sadly, sorry, hopefully you've found a bug.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 10:59 pm

First netinstall before jumping to conclusions, please.
I'm still not convinced all the rubbish from previous digital import was cleared with factory reset.
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Tue Sep 13, 2022 11:33 pm

Sadly,
 22:58:11 system,info ntp change time Sep/13/2022 22:58:11 => Sep/13/2022 22:58:11
 23:23:50 system,info ntp change time Sep/13/2022 23:23:50 => Sep/13/2022 23:23:50
I'm starting to wonder if this is a WAD. Cause, otherwise, I'd have to follow holvoetn's advice but that's _painful_ 🙈
Last edited by ulysses on Wed Sep 14, 2022 9:26 am, edited 1 time in total.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Wed Sep 14, 2022 12:04 am

What needs to be done, needs to be done.
At least you can be 100% sure then that mishap with previous restore is not the root cause.
 
janda
just joined
Posts: 10
Joined: Mon Jan 11, 2021 4:42 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Feb 20, 2023 9:01 pm

Hi, did you fix it?

i have the same issue after, power outage, until mikrotik sync with NTP servers, it sends many warning emails with same warning "ntp change time" :(
 
jjdperryman
just joined
Posts: 10
Joined: Fri Nov 17, 2017 7:17 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Wed May 17, 2023 6:33 pm

I'm actually having the same issue too on several different mikrotiks. Any update on this?
 
wbc
just joined
Posts: 3
Joined: Thu Dec 31, 2009 7:42 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon May 29, 2023 6:13 pm

I started to notice this in the logs after upgrading from 6 to 7. I turned off /ip/cloud/update-time and it fixed it for me. I am using a local NTP server.
 
kobuki
Member Candidate
Member Candidate
Posts: 198
Joined: Sat Apr 02, 2011 5:59 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Fri Jul 14, 2023 6:59 pm

I'm seeing the same issue on a CHR instance in a KVM VM (on Proxmox VE). Cloud time sync is off, 4 ntp servers are configured, all work. The offset is weirdly high. Can it be caused by something like CPU frequency scaling?
 13:56:55 system,info ntp change time Jul/14/2023 13:56:55 => Jul/14/2023 13:56:55
 14:13:59 system,critical,info ntp change time Jul/14/2023 14:14:00 => Jul/14/2023 14:13:59
 14:30:00 system,info ntp change time Jul/14/2023 14:30:00 => Jul/14/2023 14:30:00
 14:47:00 system,info ntp change time Jul/14/2023 14:47:00 => Jul/14/2023 14:47:00
 15:03:03 system,info ntp change time Jul/14/2023 15:03:03 => Jul/14/2023 15:03:03
 15:21:11 system,critical,info ntp change time Jul/14/2023 15:21:12 => Jul/14/2023 15:21:11
 15:38:17 system,info ntp change time Jul/14/2023 15:38:17 => Jul/14/2023 15:38:17
 15:54:23 system,info ntp change time Jul/14/2023 15:54:23 => Jul/14/2023 15:54:23
 16:13:37 system,critical,info ntp change time Jul/14/2023 16:13:39 => Jul/14/2023 16:13:37
 16:34:02 system,info ntp change time Jul/14/2023 16:34:02 => Jul/14/2023 16:34:02
 16:51:00 system,info ntp change time Jul/14/2023 16:51:00 => Jul/14/2023 16:51:00
 17:06:52 system,critical,info ntp change time Jul/14/2023 17:06:53 => Jul/14/2023 17:06:52
 17:29:16 system,info ntp change time Jul/14/2023 17:29:16 => Jul/14/2023 17:29:16

> /system/ntp/client/print 
         enabled: yes
            mode: unicast
         servers: 0.hu.pool.ntp.org,1.hu.pool.ntp.org,2.hu.pool.ntp.org,3.hu.pool.ntp.org
             vrf: main
      freq-drift: 487.389 PPM
          status: synchronized
   synced-server: 3.hu.pool.ntp.org
  synced-stratum: 2
   system-offset: -787.488 ms
 
ulysses
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Fri Sep 25, 2015 1:26 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Aug 07, 2023 12:17 pm

Hi all!

I apologize for not responding earlier, somehow the notifications from the forum got lost.

As was suggested above, I have restored to factory settings and re-configured the router from scratch. It was painful, but I was able to salvage some blocks of config from the config exports lying around. It looks like my original attempt to restore from a binary backup has misconfigured the hardware or something like that. In any case, after the reset I stopped seeing this issue
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Aug 07, 2023 12:20 pm

Thanks for the feedback !
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Aug 07, 2023 4:15 pm

Yes, it is a really nasty problem.
I think RouterOS should post a big warning when restoring a backup from a different device.
When same hardware -> warning and pointing to some info page on how to reset MAC addresses etc
When different hardware model -> plainly refuse to restore.

And then offer a service in the mikrotik account to convert a .backup file to a .rsc file that the user can use to recover their config manually.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Aug 07, 2023 4:17 pm

Yes, it is a really nasty problem.
I think RouterOS should post a big warning when restoring a backup from a different device.
When same hardware -> warning and pointing to some info page on how to reset MAC addresses etc
When different hardware model -> plainly refuse to restore.

And then offer a service in the mikrotik account to convert a .backup file to a .rsc file that the user can use to recover their config manually.
Or rather, create .rsc files with exported certificates, ssh keys,etc. inside them and other things actually not currently exported to .rsc................
No .backup needed if the .rsc is complete and the original machine is damaged, or to be cloned...
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Mon Aug 07, 2023 5:19 pm

I recently raised in another topic, but MikroTik remains on their standpoint that "it works as designed".
It apparently is "broken as designed" and it will be difficult to convince them about that.
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 11:08 am

I have the same issue on Mikrotik RB5009UPr+. The Router is running on 7.9 and does not have a connection to internet. In NTP Client an internal NTP Server is configured and synced, but in Log we see the messages about ntp. A RB1100 in another Building, running on 7.6, uses the same NTP Server and this works properly. Only the 5009 doesn't. With this issue also the connected Clients aren't able to synchronize with the NTP Server on 5009. The 5009 was configured by scratch and is energized by the delivered PDU. The Checkbox for Cloud sync is disabled. Has anyone ideas to solve this problem?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 11:16 am

To get this right...

Your rb5009 is slave to some existing ntp server in your network.
Why don't you let the clients sync with that server then .

What does log indicate about not being able to sync from rb5009 ?
That needs to be solved first.
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 11:36 am

Yes, you are right. Because i'm not sure about security configuration of the site ntp server, i just want to let the traffic "inhouse". For sync of all connected clients, i need to mask the traffic to the site ntp so there would be a lot of ntp requests from the same ip so it could be possible, that site ntp drops when too much requests arrive from the same ip.

I didn't make a trace about ntp requests to the RB5009. Yesterday i configured the FC Switches to sync with RB5009 ntp, but it reports only not possible. Then i tried on the synology Rackstation and get the same error. Sometimes it works, so i think the problem is the drift on rb5009 and the internal ntp server doesn't bring time to clients because of that. The logs on rb5009 are full of messages like in other replies.

As example
 15:03:03 system,info ntp change time Jul/14/2023 15:03:03 => Jul/14/2023 15:03:03
 15:21:11 system,critical,info ntp change time Jul/14/2023 15:21:12 => Jul/14/2023 15:21:11
 15:38:17 system,info ntp change time Jul/14/2023 15:38:17 => Jul/14/2023 15:38:17
 15:54:23 system,info ntp change time Jul/14/2023 15:54:23 => Jul/14/2023 15:54:23
 
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 11:59 am

Start disabling ntp server on rb5009.
It doesn't work so it does not make sense to keep it polluting your network while troubleshooting.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 12:00 pm

And post config of rb5009, exclude serial and public wan ip.
Post between code quotes for easier readability.
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 12:44 pm

Ok, the router is running on 7.10.

Here is the export:
# 2023-08-12 11:23:12 by RouterOS 7.10.1
# software id = JQBE-MDU8
#
# model = RB5009UPr+S+
# serial number = xx
/interface ethernet
set [ find default-name=ether1 ] poe-out=off
set [ find default-name=ether2 ] disabled=yes poe-out=off
set [ find default-name=ether3 ] disabled=yes poe-out=off
set [ find default-name=ether4 ] disabled=yes poe-out=off
set [ find default-name=ether5 ] poe-out=off
set [ find default-name=ether6 ] disabled=yes poe-out=off
set [ find default-name=ether7 ] disabled=yes poe-out=off
set [ find default-name=ether8 ] poe-out=off
/interface wireguard
add listen-port=13231 mtu=1420 name=wg-1
/interface list
add name=L3BCN
add name=Int_NAS
add name=Int_Manag
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/ipv6 settings
set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes \
    forward=no
/interface list member
add interface=sfp-sfpplus1 list=L3BCN
add interface=ether1 list=Int_Manag
add interface=ether5 list=Int_NAS
/interface wireguard peers
add allowed-address=172.18.5.2/32,192.168.2.0/24,192.168.10.100/32 comment=\
    "WG Loc1" interface=wg-1 public-key=\
    "xxx"
/ip address
add address=172.17.4.253/22 interface=ether8 network=172.17.4.0
add address=172.17.189.150/28 interface=sfp-sfpplus1 network=172.17.189.144
add address=192.168.45.1/24 interface=ether5 network=192.168.45.0
add address=172.18.5.1/28 interface=wg-1 network=172.18.5.0
add address=192.168.40.1/24 interface=ether1 network=192.168.40.0
/ip cloud
set update-time=no
/ip dns
set cache-max-ttl=1d servers=172.16.32.251,172.16.32.252,172.16.33.225
/ip firewall address-list
add address=172.16.33.225 list=Site_DNS_NTP
add address=172.16.32.251-172.16.32.252 list=Site_DNS_NTP
add address=192.168.2.191-192.168.2.199 list=Loc1_WLAN_Clients
add address=192.168.10.100 list=Loc1_ESXi
add address=172.17.189.151 list=L3_allowedHosts
add address=192.168.45.25 list=Loc2_NAS
add address=192.168.40.0/24 list=Loc2_Int_Host
/ip firewall filter
add action=drop chain=input comment="Drop invalid Input" connection-state=\
    invalid
add action=accept chain=input comment="est, rel Input" connection-state=\
    established,related,untracked
add action=accept chain=input comment="Allow Ping known Host" \
    in-interface-list=L3BCN protocol=icmp src-address-list=L3_allowedHosts
add action=accept chain=input comment="Allow WG known Host" connection-state=\
    new dst-port=13231 in-interface-list=L3BCN protocol=udp src-address-list=\
    L3_allowedHosts
add action=drop chain=input comment="Drop all other L3" in-interface-list=\
    L3BCN log=yes
add action=accept chain=input dst-port=8291 in-interface=wg-1 protocol=tcp
add action=accept chain=input in-interface=wg-1 protocol=icmp
add action=accept chain=input protocol=icmp src-address=192.168.40.0/24
add action=accept chain=input disabled=yes dst-port=80 in-interface-list=\
    Int_Manag protocol=tcp
add action=accept chain=input dst-port=443 in-interface-list=Int_Manag \
    protocol=tcp
add action=accept chain=input disabled=yes dst-port=80 in-interface-list=\
    Int_NAS protocol=tcp
add action=accept chain=input dst-port=443 in-interface-list=Int_NAS \
    protocol=tcp
add action=accept chain=input disabled=yes dst-port=80 in-interface=wg-1 \
    protocol=tcp
add action=accept chain=input dst-port=443 in-interface=wg-1 protocol=tcp
add action=accept chain=input dst-port=123 protocol=udp src-address-list=\
    Loc2_Int_Host
add action=accept chain=input dst-port=123 protocol=udp src-address-list=\
    Loc2_NAS
add action=accept chain=input dst-port=123 in-interface-list=!L3BCN protocol=\
    udp
add action=accept chain=input comment="Anti Lockout Rule" in-interface=ether8
add action=drop chain=input comment=Broadcast dst-address=172.17.7.255
add action=drop chain=input dst-address=192.168.40.255
add action=drop chain=input dst-address=192.168.45.255
add action=drop chain=input dst-address=255.255.255.255
add action=drop chain=input comment="Drop all Input" log=yes log-prefix=\
    "in Drop: "
add action=drop chain=forward comment="Drop invalid Forward" \
    connection-state=invalid
add action=accept chain=forward comment="est, rel forward" connection-state=\
    established,related,untracked
add action=accept chain=forward dst-address-list=Loc1_WLAN_Clients \
    out-interface=wg-1 protocol=tcp src-address-list=Loc2_NAS src-port=5510
add action=accept chain=forward dst-address-list=Loc1_ESXi dst-port=443 \
    out-interface=wg-1 protocol=tcp src-address-list=Loc2_NAS
add action=accept chain=forward dst-address-list=Loc1_ESXi dst-port=902 \
    out-interface=wg-1 protocol=tcp src-address-list=Loc2_NAS
add action=accept chain=forward dst-address-list=Loc2_NAS dst-port=5510 \
    in-interface=wg-1 protocol=tcp src-address-list=Loc1_WLAN_Clients
add action=accept chain=forward dst-address-list=Loc2_NAS in-interface=wg-1
add action=accept chain=forward dst-address=192.168.40.51 dst-port=443 \
    in-interface=wg-1 protocol=tcp
add action=accept chain=forward dst-address=192.168.40.53 dst-port=443 \
    in-interface=wg-1 protocol=tcp
add action=accept chain=forward dst-address=192.168.40.21 dst-port=443 \
    in-interface=wg-1 protocol=tcp
add action=accept chain=forward in-interface=wg-1 protocol=icmp
add action=drop chain=forward comment="Drop all Forward" log=yes log-prefix=\
    "fw DROP: "
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Site_DNS_NTP
add action=masquerade chain=srcnat dst-address-list=L3_allowedHosts
add action=masquerade chain=srcnat out-interface=sfp-sfpplus1
add action=masquerade chain=srcnat dst-address=192.168.40.53
add action=masquerade chain=srcnat dst-address=192.168.40.21
/ip route
add disabled=no distance=1 dst-address=172.16.33.225/32 gateway=172.17.189.145 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=172.16.32.251/32 gateway=172.17.189.145 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no distance=1 dst-address=172.16.32.252/32 gateway=172.17.189.145 \
    pref-src=0.0.0.0 routing-table=main scope=30 suppress-hw-offload=no \
    target-scope=10
add disabled=no dst-address=192.168.2.0/24 gateway=wg-1 routing-table=main \
    suppress-hw-offload=no
add disabled=no dst-address=192.168.10.100/32 gateway=wg-1 routing-table=main \
    suppress-hw-offload=no
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=webfig disabled=no
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Berlin
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=172.16.32.251
 
holvoetn
Forum Guru
Forum Guru
Posts: 5323
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 12:58 pm

Your NTP server is still on.
Switch it off.

What's this for ?
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Site_DNS_NTP
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 1:11 pm

I've made the export with the running config, so the ntp server was still enabled.

This rule is to mask the traffic wich is transmitted to the site DNS/NTP Servers. Ok, i could delete this rule and therefor the mask rule on out-interface sfp will match. In future maybe some traffic needs to be masked.
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 1:59 pm

Ok, just made a ntp debug on RB5009. On client request the log shows:
 peer is not fit because root distance (3.xxxx) > (1.xxx)
So now i changed the rule
/ip firewall nat
add action=masquerade chain=srcnat dst-address-list=Site_DNS_NTP
to
/ip firewall nat
add action=accept chain=srcnat src=172.17.189.150 dst-address-list=Site_DNS_NTP
to not masquerade the entire traffic on sfp port. Now I have to wait.
 
noob78
just joined
Posts: 8
Joined: Wed Jan 18, 2023 7:45 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Aug 12, 2023 3:39 pm

Meanwhile i've found this question in Mikrotik forum and it seems the same behaviour:
Hello,
We are using many (~1000) MTs without internet access for telemetry purposes. On our network are only NTP servers based on Windows. They are famous for large Root Dispersion and it causes, that MTs' NTP clients not working properly
Checking peer (10.0.0.172). Peer is: NOT FIT, because rootDist(10.450385) > 1.000960
Checking peer (10.0.0.181). Peer is: NOT FIT, because rootDist(10.312271) > 1.000960

In chronyd is special option maxdistance: https://chrony.tuxfamily.org/faq.html#_ ... ntp_server
Is there similar option in ROS?
viewtopic.php?t=196761

I don't know which type are our NTP servers of, but it could be windows. But why is the error only on RB5009? Ok, on RB1100 there are just some windows client, maybe thats the reason why there are no entries in the log of the RB1100.
 
alfred998
Frequent Visitor
Frequent Visitor
Posts: 76
Joined: Fri Apr 27, 2018 4:58 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sun Nov 05, 2023 11:44 pm

I have the same problem on a new RB5009UG. Has anyone found a solution ?
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sat Dec 30, 2023 5:38 pm

Ran across this on a hAP ac lite that had 7.12.1 installed via Netinstall. System is running NTP Server and Client with Cloud DDNS feature enabled. Debugging issue now.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sun Dec 31, 2023 12:20 pm

When one runs NTP client on ROS device, then I'd suggest to disable cloud time
/ip/cloud/set update-time=no

if cloud is not entirely disabled. It is known that cloud time service is low-precision and will interfere with high-precision NTP client.

In theory cloud time should be disabled if NTP client has established sync with server(s), but this may not be implemented at all or the implementation may be buggy.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sun Dec 31, 2023 4:08 pm

My issue was resolved by removing an unneeded Nat rule. I had it enabled just in case this ISP caused issues with NTP syncing. After removal I reset the drift and rebooted the router.

/ip firewall nat 
add action=src-nat chain=srcnat out-interface-list=WAN protocol=udp src-port=123 to-ports=12300
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sun Dec 31, 2023 4:22 pm

Was this rule on another device? It doesn't affect router's own traffic.
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Wed Jan 03, 2024 2:38 am

Was this rule on another device? It doesn't affect router's own traffic.

On the same device.
 
GiovanniG
Member
Member
Posts: 338
Joined: Sun Nov 15, 2015 4:12 pm

Re: Unstable clock on RB5009UPr+; critical,info ntp change time

Sun Mar 03, 2024 2:01 pm

How to do that?
Reading around I've found a post talkng about possibile interferences between Mikrotic low precision cloud time service" and the NTP, maybe it's a bug of the newer versions, when a NTP client is active the cliund doesn't have to work more, if works there will be continous time differences.
I'm testing an a router, I've disabled cloud
/ip/cloud/set update-time=no

Who is online

Users browsing this forum: No registered users and 90 guests