[OLPC Networking] Re: NTP core dump

Hal Murray hmurray at suespammers.org
Wed Apr 19 04:17:16 EDT 2006 

> Boy, you really have become a serious time geek, Hal...

Not really.  I don't have any Cesium clocks.  (yet?)  Old ones are available 
for roughly $2K.

Here is a serious time geek.
  http://www.leapsecond.com/
(Beware - time sink.)


> I think Linux uses the Mills code.  There seems to be a Version 4.2 in
> the code; that makes it pretty up to date, I believe. 

"the Mills code" code isn't well specified.

Many years ago, he cleaned up the kernel timekeeping code.  I think it was 
incorporated into most *nix kernels.  Jeff Mogul helped get it into DEC's 
systems.  For a while, Dave had good things to say about Alphas because their 
oscillator had better temperature regulation than most systems.

I think most *nix systems ship with some version of Dave's ntp package, but I 
don't know how closely they track Dave's version.  4.2 is recent.  There is a 
release ready to go out in a week or two.  This is user code.  You could 
probably run a system without it as long as you set the TOY clock from the 
BIOS before booting and didn't need super accurate time.


> No, I suspect that mDNS is a better way these days.

> DHCP doesn't even exist in the conventional sense in IPv6. (though
> there are some things like it). 

I think there are two issues here.  First is how do you distribute the 
configuration info.  Second is how do you pass that info over to the ntp 
package.

Currently, ntpd reads /etc/ntp.conf.  Host numbers work as expected.  Host 
names work if your DNS is working.  At worst, you can hack some scripts to 
patch the config file.

You can also ship with a preconfigured magic name in the config file and do 
the server assignment at DNS lookup time.

More trivia:
  If you provide the infrastructure, NIST will install a serious server and 
run it.
      Bottom of: http://tf.nist.gov/service/time-servers.html
  Legal time is important for things like stock markets.  Official NIST 
servers are grossly overloaded, and they can't criticize DLink for (ab)using 
them.  (At least not publicly.)


> We're talking to Vint at Google around IPv6 deployment; would be good
> maybe to use a set of servers they might provide world wide, for the
> top stratum. 

Running servers to support a million sane users isn't a big deal.  Let's do 
some numbers.  Assume 1000 schools with 1000 students at each school.

I'm assuming each school has a file server.  Rounding that up to support time 
is not a big load.  1000 boxes even polling at 64 second intervals is only 16 
packets per second.  The hard problem is management and things like avoiding 
synchronization, like when they all turn on after a power blackout.  I'm 
assuming the student boxes only use 1 server.

Similarly, having NTP servers at 1000 schools will not be a serious load on a 
few central time servers.  You might want regional servers.  Mumble.  It will 
take some attention, but it's not that hard a problem.

Changing to 10000 schools with 100 students each doesn't change much.

You might want to have a separate box for NTP in order to simplify management 
and/or improve reliability.


[How to implement timekeeping in the kernel]

> yeah, and to complicate all this will be our propensity to drop into
> S3 state at the drop of a hat...  Can you say challenge? 

Doesn't seem like a problem to me.  If you are in S3, nobody is going to ask 
what time it is.

Use the 32KHz TOY clock for the main timekeeping.  Interpolate with the CPU 
ticker if you want a finer grained time.


> Yeah, the usual cause is a dead TOY battery.  Mark, how long will ours
> likely last in the field? 

Handwave: 5 years.  Less if they are hot.  More if they are plugged in so the 
wall can do most of the work.

Data point:  The Sharks we unpacked a few years ago all had dead batteries.  
The schematics say 1997 so they were built soon after that.


> Hmmm.  Do you know why the Linux support sucks?  And where we can find
> the current patch. 

It's more complicated than just "sucks" and you probably don't want to waste 
your time on the NTP patches.

The main reason that Linux sucks is that FreeBSD sets a pretty high bar as an 
example.  Poul-Henning Kamp (whistle blower on the DLink mess) is a FreeBSD 
hacker and their developer community is small enough that he can make the 
right things happen.  I think he was one of Dave Mills' students.  Also, Dave 
is happy hacking on FreeBSD.

Part of the NTP patch is changing internal timekeeping from microseconds to 
nanoseconds.  (That fits in 32 bits.)  The other part is support for 
timestamping PPS signals on modem control signals.  I think the nanosecond 
stuff will become official sometime soon.


[$100 GPS units.]
> Interesting; might be cheap enough to put one in each school or so.

Worth adding to the idea collection.

You really want them outside where they can see lots of sky.  Mine are 
inside.  They mostly work.

They won't work under tin roofs.  (Or straw roofs is there is a lot of water 
in the straw.  Or flat roofs with deep puddles.)



> Well, there are 30,000 schools in Thailand.  Manual configuration
> seems like a way to ask for a linksys or dlink disaster. 

There are two major fuckups in the DLink mess.  One is that they used servers 
without permission.  The other is that they didn't include any mechanism to 
control or change which servers they were using.  If they had compiled in 
time.dlink.com they could have fixed PHK's problems with a few keystrokes.

I assume schools are going to have names and everybody is going to have 
email.  That's a lot of administration.  You have to solve that somehow.

It might be possible to piggyback time server assignment on the next level up 
where somebody does DNS administration.

Apple provides time servers for their customers and a couple of builtin names 
in their NTP setup GUI:  time.apple.com, time.asia.apple.com, and 
time.euro.apple.com
If you could maintain and distribute a list like that from a central source 
the regional admins can probably do something like "pick the closest".

I hadn't thought of it before, but running this thing is going to be as much 
"fun" as either the hardware or the software.  Got anybody signed up yet?

Ugh.  How are you going to control spam?  (both in and out)


I assume you know about the Korea mess?  They got on the 
internet-in-the-school bandwagon very early.  They put a machine or 6 in each 
school on the end of a DSL link.  The problem is they installed mail servers 
setup as an open relay and didn't provide any sysadmin support.  Spammers 
thought it was great.  The spammer Bill Jones hired sent his crap through a 
Korean school.
  http://www.wired.com/news/politics/0,1283,50761,00.html


-- 
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's.  I hate spam.

More information about the Networking mailing list