NTP stuff, keep NTP info intranet, not internet?

Discussion in 'Tomato Firmware' started by jsmiddleton4, Jun 13, 2008.

  1. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Dedicated thread on this subject as its spread around in different threads and wanted to see about addressing it individually.

    Not a lot of benefit to having NTP stuff stay internally but seems like there's some. Maybe a tad more secure? Maybe uses a few less resources? Would like to at least see how it all works.

    Without creating a system that is likely we all have in ur minds, from that typical system, how would one setup a timer server as part of the LAN, intranet, that acts as the time server that all clients point to in order to get time information and is the server that sends the time information to other devices connected through routers that use Tomato?

    I have this information. Is it possible we already have much of what is needed?

  2. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Also is there a way to put an NTP server in a router running tomato? So you have a field to manually enter time and choose "Act as NTP server.." and set the other routers/pc's to look to it?

    Or have one router look to the time on an external ntp server but also act as a ntp repeater (?) and then have other devices look to it?
  3. jsmiddleton4

    jsmiddleton4 Network Guru Member

  4. HennieM

    HennieM Network Guru Member

    It seems any WinXP box can be turned into an NTP server:
    Make sure, in Services, that "Windows Time" is running.
    Run "gpedit.msc"
    Computer Configuration > Administrative Templates > System > Windows Time Service > Time Providers
    enable "Enable Windows NTP Server"

    Now make sure your Windoze firewall does not block port 123, and you have an NTP server that allows NTP clients to get time from it.
    I can't vouch for what accuracy you'll get, but I guess somewhere there would be a tweak you can perform to increase the accuracy.

    The clock in routers such as WRT54xx is not good. It's therefore not a good idea to try and turn a Tomato box or so into an NTP server. (It would be possible though).
  5. pfoomer

    pfoomer LI Guru Member

    time server on local net

    Use an atomic clock or gps receiver for the time source, then set up an ntpd service.
    linux best bet for this, more stable and easier to configure.

    Not possible on routers unless you have a serial, usb or bluetooth capability for the time source, shame really.
  6. TexasFlood

    TexasFlood Network Guru Member

    Tried this, just for grins, and kept getting an error from Tomato - "The following NTP servers have been automatically blocked by request from the server {my Windows XP I}. The firewall was open so not sure what was wrong. Don't have more time to play now so set it back to the North America NTP servers.
  7. pfoomer

    pfoomer LI Guru Member


    security & integrity

    accuracy (propagation delay from GPS/Atomic Clock receiver more predictable than internet services, how accurate do you need?)

    software is out there on the internet, free.


    Loss of signal (unless you are so rich you can afford an atomic clock, or a hi spec oven controlled time source which you will still have to update at least every 24hrs)

    home routers do not have a serial/usb/bluetooth port (usually) to allow for time input.

    server may be unreliable so loss of service.

    re http://technet2.microsoft.com/windo...cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

    yes of course windows/linux/osx/whateverosyouwant can perform the time service, BUT they usually have a crappy clock, so they scuttle off to an external ntp server to update their time and pass it out to the lan, so back to square one, you need a decent time reference.
  8. pfoomer

    pfoomer LI Guru Member

    yes, run a ntpd on the router and get all the clients on the lan to look at the router for the time service, at least all clients will be using a common server, for example MAC's use Apple's server, Windoze uses Micro$ofts servers (bills rolex?), linux, well who knows.

    At least then all your computers clocks will be consistently correct/incorrect
  9. mstombs

    mstombs Network Guru Member

    Openwrt have a package for ntpd, not sure if it will compile for Tomato...
  10. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Thanks for joining in the thread. Yes I know it isn't a huge benefit and at best a minor improvement in speed, use and security. But still would be one of those "kinda cool" things.

    Seems to me there are general two scenarios that would make this worth anything. First is if you have one client on a network to do be THE time server and routers, other clients, etc., bang of it as the server. Second would be to have one of the routers use a server "out there" somewhere and let it receive the correct time from "out there" and distribute the time inside the network, clients configured to use the router as a time server, or manually set the time in one of the routers so there is no looking "out there" but still that one router serves the time to the other clients in the network. Of course as a network administrator sees fit, etc., but it would be nice to have the option to do so.

    Would be nice to have step by step to setup a PC as the time server and have routers look to it.

    As for the quick experiment that's been done so far, I read that the Windows Time Server function may not be 100% NTP and that can cause problems. Does that mean anything to those who are trying?
  11. pfoomer

    pfoomer LI Guru Member

    There used to be a bit of free/shareware called tardis that would provide ntp services with the option to allow gps/atomic/external ntp as the time source, with k9 as the client, think it was for windows.

    (dont do windows any more, quite happy to use the external ntp approach , a local server on the router with a gps input would be my ideal solution, but not a priority job at the moment)
  12. mstombs

    mstombs Network Guru Member

    Windows XP timeserver is a bit quirky, if it can't update its own time it may just stop. I don't recall if it is ntp or sntp.

    Have used Abouttime on windows 2000, but couldn't get it work on XP, but you can use Absolute Time Server which I'm sure used to be free for home use...
  13. HennieM

    HennieM Network Guru Member

    This seems to happen when Tomato encounters a stratum (I think) 16 ntp server. Your WinXP server probably needs some time, or alternatively some tweaks, to reach something better than stratum 16 - that is if it can. [Stratum 16 is, to the best of my knowledge, tech speak for "not well sync'd at all"].

    If you want Tomato to use that time source anyway, do

    nvram set ntpc_kiss_ignore=1
  14. jsmiddleton4

    jsmiddleton4 Network Guru Member

    nvram set ntpc_kiss_ignore=1


    I really appreciate your posts and your suggestions. But when you post something like that it creates more questions than it addresses. Not a bad thing mind you and not complaining that it does. Just asking that you'd include a few more pieces of the puzzle.....

    What does doing that command like look like when applied in our rotuers?

    Tardis and k9 stuff:
  15. mraneri

    mraneri Network Guru Member

    Note, your router HW may not be a good timekeeper. My router's clock, if left to run itself drifts 20+ seconds per day. I have it set to update every 6 hours, and it drifts 5 or 6 seconds every 6 hours... It IS consistent, but just not accurate.

    SO, unless you have some sort of NTP server, which can assess how accurate the clock is over time, and adjust it on the fly, OR, you have your router set to update every hour, your router may not make a very accurate time server.

    Note, each router will be different, as it depends on how the reference crystal is biased, as well as the tolerance of the crystal itself. Yours may be more or less accurate than mine.

    - Mike
  16. HennieM

    HennieM Network Guru Member

    @JS: telnet or ssh into your router (this means you start a shell on your router) and type
    nvram set ntpc_kiss_ignore=1
    and press enter.

    Nothing happens, it's just an nvram setting. It seems this setting is used by Tomato to tell the ntpc utility (the little program that talks to NTP servers and then set Tomato's time) to accept time from stratum 16 or stratum 0 time servers.

    This is how I found it http://www.linksysinfo.org/forums/showthread.php?t=56309&highlight=ntpc_kiss_ignore

    nvram is where your Tomato box stores its variables - not unlike your normal PC's hard disk. See http://en.wikipedia.org/wiki/NVRAM

    While in a shell on your Tomato box, type
    nvram show
    (and press enter)
    and you'll see a bunch of variables that's used to control your Tomato's behaviour.
  17. jsmiddleton4

    jsmiddleton4 Network Guru Member


    Thanks but that's probably a little too basic. Kinda funny actually. So what this command does is allows more NTP servers to be used by Tomato?
  18. jsmiddleton4

    jsmiddleton4 Network Guru Member

    If i understand what folks are saying about the accuracy drifting in devices if left up themselves then IF one wants the time setting in our devices to be accurate at some point at least the one that acts as a server in our system needs to get information from an outside ntp provider.

    Edit: So to keep it accurate, still limit how many devices are going "outside" and getting information to apply "inside", we're looking at having one of the clients access a NTP server, setting itself, then handing that information about on the network to other devices OR having one of the routers do essentially the same thing and maybe even handing ntp information to clients on the network.

    That about sum it up?
  19. pfoomer

    pfoomer LI Guru Member

    Complete with diagrams


    >What does doing that command like look like when applied in our rotuers?

    Nothing obvious unless you look at a time readout on a client computer, then you may see the system time adjust it self, or for example in the log, see a correction.

    As is pointed out in this thread, the hardware providing the timing for both the router and a PC is usually poor, a crystal that is not temperature controlled so it will drift.

    There are really only for high accuracy, the solutions all ready posted, but getting the time once an hour and passing it on the lan should suffice, so all clients are at the same level of accuracy, until they drift, then corrected at the next npt query, ad infinitum.
  20. Kiwi8

    Kiwi8 LI Guru Member

    Yeah I think having just the main router in the network connect to the outside NTP server to sync its clock, and making itself an NTP server for the rest of the routers, is a very nifty feature that I would like to have too.

    I suppose we will need some open source Linux application that can do that and is small enough to fit in a firmware. :)
  21. mraneri

    mraneri Network Guru Member

    Exactly... Problem is that for a router to act as a good NTP server... It has to go out 12-24 times per hour to get the right time. A PC probably has to go out only once a day...

    So a PC may be a better NTP server.

    Currently, I have all my PC's go out every other day, and the router 4 times per day.. So in total, my network is only looking for 5 or 6 NTP requests per day... Better than 12 or 24 I would need to do if my router was hosting the time server.
  22. jsmiddleton4

    jsmiddleton4 Network Guru Member

    What if we had a button that checked the external ntp server as configured in our router but only when we pushed it? So if we went two weeks that would be up to us. If we wanted to endlessly hit the button, that would be up to us?

    I still like the idea of one client in the network being an internal ntp server, when you want to have it go "out there" to set itself to make sure that one client is accurate, accurate as you define that variable, and then that one client sets the time for everyone/everything else. So routers and other clients internally point to that one client.

    That seems doable, reduces traffic flow and increases security, again I now very very little for both issues, but it does even if minor and being able to do something like that is kinda kewl. As it is Tomato is already able to "hear" from a NTP server and do something with that information even if its only set its own internal clock. What is involved to give Tomato the extra piece? The "here's what I heard, let me pass that on to you, did you hear what I just sent you correctly?" piece.

    A click box for "Let this router be a NTP server", a click box and a address field, (MAC or IP or both) for "Let me listen to this place for time..." or a click box and field for "I want to listen to this client/device on my network/domain for the time..."

    The last one might be pretty easy since we already have captured device IP/MAC addresses in the dhcp server data on whichever router is the dhcp server.

    In the Basic setup a box

    "Do you want time set for this device?


    If No, you are done. Don't need to mess with it. And for most folks I'm thinking setting time in the router while cool, is not required nor critical. Turning it off is a good thing if you don't need it.

    If Yes

    " From time server, from local device or manually configured?"

    If time server which one?
    If local device which one? (IP/MAC)
    If manually then the firmware presents fields for time/date information and "Save".

    Do you want this router to share time information with other devices?

    If "No", you are done.

    If yes, whatever needs to be turned "On" or "Opened" to allow time information to be shared is turned on/opened. Maybe even choose which ports, etc., and then you can tweak any firewall device for the port you pick for safety/security reasons?

    If you don't want to setup your network devices that way just leave everything to auto, don't turn on the share option.

    I'm not a programmer in terms of the language but isn't that about all that we need? You setup one router to look "out there" and get the time, check the option to share with others, than point pc's, routers, whatever to look at that router's ip/mac for the time information.

    I'm sure there is more to it but even with that "more" it doesn't seem like an unreachable star.....
  23. fyellin

    fyellin LI Guru Member

    I'm still trying to figure out why you think this is worth the effort.

    The security gain is minimal. The decrease in network traffic is minimal, unless you many many devices inside your LAN. Sure this would be "cool", but I'd much rather our wonderful Tomato gurus spent time on "important" and "useful" rather than "cool."
  24. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "I'm still trying to figure out why you think this is worth the effort."

    Two things. 1. That is a different question. The "is it worth" it is not unimportant and not trying to dismiss it. Just that "if it can" and "how do we do it" is not the same question as "is it worth it". 2. I've said all along that from where I sit there may be some gain, some increase in security but hardly seems like much in regards to both. That may not be 100% true as something behind the "scenes" may make this more valuable in terms of performance/security. But as far as I can tell, very little benefit to either of those things specifically.

    Move over to the "cool" side.... Not sure how we answer that. Those "customer service" issues that really may not mean much when its all said and done but folks like them. Could be that kind of thing. As in "Look what I can do ma...." thing. One of those things that makes Tomato a little more "fun"? If so and if that is the only impact, I'd say that's enough to do it.
  25. jsmiddleton4

    jsmiddleton4 Network Guru Member

    spent time on "important" and "useful" rather than "cool."

    I think I might disagree with you on that. NO I don't want all kinds of "cool" that is useless, doesn't work, and makes Tomato a bloated piece of hard to use firmware. And we'll just let that stand by itself and not go to all sorts of other places that it could go.... However at the same time I do want "cool" in the mix. I mean isn't that part of Tomato's appeal? Just looks and feels "cool". Certainly way more than having to be a linux gpl end programmer "feel" to it that dd-wrt has......
  26. fyellin

    fyellin LI Guru Member

    Let me word my response better. I agree that it would be interesting to try and get a time server running on my router. And I might even try doing it. But even given that, I think it's a terrible idea to put into a general release. I want tomato to be filled with useful features that are useful to a wide variety of users and programmers; I don't want it overloaded with every possibly whimsy.

    If I really have an operation that needs a centralized in-house time server, then I'm not going to put it on my router. I'm going to put it on a server or workstation that has the horsepower and memory to do the job right.
  27. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "I want tomato to be filled with useful features that are useful to a wide variety of users and programmers; I don't want it overloaded with every possibly whimsy."

    I agree however I'm up on the edge of being offended by that comment. Nothing about this idea is "every possible whimsy". And if anything about doing something as I've described comes anywhere near overloading your router that has Tomato on it, you need a new router fy..... Not an anemic firmware.

    My preference would also be to have a pc/mac client be the time server and the routers look to it for the time information. However IF one is going to put the few tweaks needed in Tomato to do that easily, we aren't talking about all that many more lines of code to do what I suggest. So if someone ONLY did the time from the PC/Mac client thing, that would seem like cutting the thing unnecessarily short in development. In my humble opinion. And no one has to do anything other than is being right now despite the options being available. So IF its added, you don't have to overwhelm you router fy....

    And if you think its a bad idea, no one is asking you to participate in this thread in way that is moving the idea along fy.... So honestly why are you here then? To put a damper on the idea? Sorry and I'm not trying to be a wise guy and not throwing down any gaunlet while nothing about this forum could ever really bother me, I'm sorta getting ready to be a tad bothered. If you want to move the idea from an idea phase to a possible implementation phase, then please help as you are obviously way more knowledgeable than I about these things. But if you think its a bad idea, than drop it and stay out. Hanging around and then tossing in sour grapes just doesn't make sense to me. Sorry, but there it is.....
  28. LLigetfa

    LLigetfa LI Guru Member

    When this thread started, there was no mention of hosting a NTP server on a router. It was simply about having a NTP server internal to the network. You are taking it just too personal when someone disagrees with you. This is a public forum and we have a right to voice our opinion.

    You are also contradicting yourself. In one breath you don't want Tomato to be loaded up with features like dd-wrt is but on the other hand you want to load a feature that very few people would use.
  29. jsmiddleton4

    jsmiddleton4 Network Guru Member


    Sorry but no one is contradicting themselves. And again, not taking it personally. I simply question why a person joins a thread about a thing and then says they don't want a thing. Somehow doing so makes no sense to me. I have not then question in any personal say fy..... And in fact I complemented him. Are you like looking for something to bust my chops about LL....?

    And having the ability to use a router with Tomato to act like a time server, have it read from a PC/Mac to do so, is in no way anything similar to my consistent and continued opinion that I don't want Tomato to be DD-WRT. The one who seems to be jumping across that line from the subject matter in a post TO the person who posts it is you LL.... As well as those who think they can read "tone" from words in a post and then tell me what they thing of my "tone".

    The topic IS about the ntp thing. The topic is not me, not if I'm consistent, or anything about me in any way. So if you'd like to pm me and tell me what you think is wrong with me and what you think my issues are, please feel free to do so. As far as posting, please try at least to keep subject matter first and foremost and opinions or judgments of posters to yourself.
  30. LLigetfa

    LLigetfa LI Guru Member

    Well, you were the one that opened Pandora's box.
    Not to debate "tone" but it appears to be getting quite personal.
  31. fyellin

    fyellin LI Guru Member

    Okay, let's try one more time.

    Getting and maintaining accurate time is a lot of work. Try typing "man ntpd" into a linux box to see all the various options that a real ntp client needs to have configured in order to maintain accurate time. The current time software on Tomato is naive in comparison. It consults a time server every so often (as specified by the user), and updates its clock accordingly

    So you want to take a router with a not-really-accurate (but good enough for its own purposes, so who cares) clock and use that as the time server for everyone else. And yet there are a half-a-dozen better solutions already available.

    On a different thread, jmiddleton4, you asked a question that indicated you were bright, but that you didn't have a lot of experience with server code. I was happy to help you there. Please don't throw my help in my face.

    Enough. I'm done with this thread. I'm here to get advice and help, not to have my motives questioned. Continue without me.
  32. HennieM

    HennieM Network Guru Member

    And the nanny then made all the kids go to bed early....

    JS, if you really want to pursue an ntp server on a router, it's been done it seems: http://forum.openwrt.org/viewtopic.php?id=285
    From other threats I came across it seems the ntp server's stratum jumped around quite a bit when ran on a set top box. This, IMO, is because the clock in a router type device is just not reliable enough to keep accurate time.
    I did not google too much, so there's probably more info out there.

    What I could suggest (if you really want to pursue this), is to download the ipkg for openntpd or ntpd onto a shared disk somewhere. Then mount that shared disk with Tomato's CIFS options, and run it on your Tomato box via a CIFS start-up script or something like that.
    This way you could keep all your configurations, etc. on this CIFS share, and start ntpd with options to read its config from the mounted share. Thus, no changes to Tomato, save from perhaps turning off the ntp client running on Tomato. (I run kismet this way on my Tomato or dd-wrt when I need to).

    Just to be clear: When an ntp server is set up properly, it would, right after start-up, check with its time source every few minutes. As it gets its own clock under control with slight adjustments, it would go out to the time source less often.

    These frequencies of checking can be tweaked, but if the ntp server's clock is not reliable, the frequency of checking the external time source may stay high.

    My P1 Linux box running ntpd starts off checking the external ntp server every 10 minutes or so, and then, after perhaps 16 hours, it goes down to like every 4 hours, and after like a day down to perhaps every 8 hours or so.
  33. Maggard

    Maggard LI Guru Member

    Just to correct a misapprehension far upstream in this thread, it generally doesn't matter where one get's NTP service time. Be it microsoft or apple or one's ISP or the generic pools of NTP servers; they're all off one set of master clocks*.

    As to jitter due to network congestion, that problem space was explored & pretty much solved four generations of grad students ago. It just isn't an issue nowadays for anything but crazy-accurate timing, the sort of stuff beyond the resolution of most PCs (MS Windows doesn't offer better then 1-2 second accuracy, *nix & MacOS X are better but without special provision don't reach the typical 10ms accuracy of NTP.)

    For a good overview of NTP see http://en.wikipedia.org/wiki/Network_Time_Protocol & the canonical source is http://www.ntp.org/.

    *Obviously use of unqualified independent time servers may give different results, but the various well-known & pool servers have proven extraordinarily robust.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice