NTP version 4 Release Notes HP-UX 11i v3 (5900-3073, March 2013)
Sometimes an NTP subnet gets isolated from all UTC sources such as local reference clocks or
Internet time servers. In such cases, it might be necessary that the subnet servers and clients remain
synchronized to a common timescale, not necessarily the UTC timescale. Previously, this function
was provided by the local clock driver to simulate a UTC source. A server with the local clock
driver is used to synchronize other hosts in the subnet directly or indirectly. There are many
disadvantages for the local clock driver, primarily that the subnet is vulnerable to single-point
failures and multiple server redundancy is not possible.
The Orphan mode is intended to replace the local clock driver. If UTC sources are not available
to any core server, one of them can provide a simulated UTC source for all other hosts in the subnet.
However, only one core server can simulate the UTC source and all direct dependents (known as
orphan children) must select the same server (known as orphan parent). It provides a single simulated
UTC source with multiple servers and provides seamless switching as servers fail and recover.
Hosts sharing the same common subnet, including the potential orphan parents and potential
orphan children, is enabled for the Orphan mode using the orphan stratum option of the tos
command in the ntp.conf file, where the value of stratum is less than 16 and greater than
any anticipated stratum that might occur with configured Internet time servers.
However, sufficient headroom must remain so every subnet host dependent on the orphan children
has a stratum less than 16. In case where associations for other servers or reference clocks are
not configured, the orphan stratum is set to 1. These are the same considerations that guide the
local clock driver stratum selection.
In order to avoid premature enabling of Orphan mode, a hold off delay occurs when the daemon
is first started, and when all the time servers are lost. The delay is intended to allow time for other
sources to become reachable and selectable. The Orphan mode is enabled only when the delay
expires with no time servers. By default, the delay is 300 seconds (five minutes). To change this
delay, use the orphanwait command in the ntp.conf in the following way:
tos orphan stratum orphanwait delay
tos: Alters certain system variables used by the clock selection and clustering algorithms.
orphan stratum: Specify the orphan stratum with the default number 16. If less than 16, this
is the stratum assumed by the root servers.
orphanwait delay: Specify the delay in seconds from the time all the sources are lost until the
orphan parent mode is enabled with the default 300 seconds (five minutes). During this period,
the local clock driver and the modem driver are not selectable, unless marked with the prefer
keyword. This allows time for one or more primary sources to become reachable and selectable
before using the backup sources, and avoids transient use of the backup sources at startup.
Kiss-o'-Death (KoD) packet
NTP v4 has comprehensive packet rate management tools to help reduce the level of spurious
network traffic and protect the busy servers from overload. There is a support for the optional
Kiss-o'-Death (KoD) packet intended to slow down an abusive client. The most frequent scenario
is a broken client that attempts to send packets at rates of one per second or more. The servers
need to defend themselves against all manners of broken client implementations that can clog the
server and network infrastructure.
Ordinarily, packets which are denied service are simply dropped with no further action except
incrementing statistics counters. Sometimes a more proactive response is needed to cause the client
to slow down. A special packet, called Kiss-o'-Death (KoD), is created for this purpose. The KoD
packets have leap indicator 3, stratum 0 and the reference identifier set to a four-octet ASCII code.
At present, only one code RATE is sent by the server if the limited and kod flags of the restrict
command are present and either the guard time or MAH (Minimum Average Headway) time are
violated.
kod: Send a KoD packet if the limited flag is present and a packet violates the rate limits
established by the discard command. KoD packets are themselves rate limited for each source
8 What is new in NTP v4 ?