Hi all,
Recently I noticed that ntpd was not syncing with any external NTP servers (stuck in .INIT.) on a FreeBSD 14.1 machine. Other machines on the network were also not able to sync their time with this machine as they should have been able to. I think it has always been like this and Ive only just noticed it now as nothing has changed software or configuration wise. But after a bit of digging it appeared to be related to one of two things:
1. ntpd was configured to listen on a bridge interface
2. the bridge interface is in FIB 1, not FIB 0
The bridge interface is used in conjunction with some jails, and they are in FIB 1 to separate them from the management interface of the machine, and that all seems to be working just fine.
As a first test, I moved ntpd to operate from the management interface of the machine (igb0) which is in FIB 0, and at this point it was able to sync just fine.
Given that the above change affected two things, it was a bit hard to determine which was the cause. But I have a feeling that it is more FIB related than bridge related, because as a second test I tried moving the IP configuration from the bridge interface to its physical interface (ixl0.29), still in FIB 1, and tried again, but still ntpd could not sync with any external servers (stuck in .INIT.). Connectivity is fine when doing
The interface that ntpd is currently operating from is the management interface of the machine, and I'd kind of like to keep that interface dedicated to management traffic and not have other machines on the network accessing services on that interface.
So I guess my question is, are there any known limitations with ntpd in respect to FIBs, and is there a way to tell it to use another FIB? I'd have thought that opening a socket on an interface would naturally cause communication to happen via the FIB that the interface lives in, but maybe theres something that I dont understand about all of this.
Thanks
Recently I noticed that ntpd was not syncing with any external NTP servers (stuck in .INIT.) on a FreeBSD 14.1 machine. Other machines on the network were also not able to sync their time with this machine as they should have been able to. I think it has always been like this and Ive only just noticed it now as nothing has changed software or configuration wise. But after a bit of digging it appeared to be related to one of two things:
1. ntpd was configured to listen on a bridge interface
2. the bridge interface is in FIB 1, not FIB 0
The bridge interface is used in conjunction with some jails, and they are in FIB 1 to separate them from the management interface of the machine, and that all seems to be working just fine.
As a first test, I moved ntpd to operate from the management interface of the machine (igb0) which is in FIB 0, and at this point it was able to sync just fine.
Given that the above change affected two things, it was a bit hard to determine which was the cause. But I have a feeling that it is more FIB related than bridge related, because as a second test I tried moving the IP configuration from the bridge interface to its physical interface (ixl0.29), still in FIB 1, and tried again, but still ntpd could not sync with any external servers (stuck in .INIT.). Connectivity is fine when doing
setfib 1 ping x.x.x.x type tests.The interface that ntpd is currently operating from is the management interface of the machine, and I'd kind of like to keep that interface dedicated to management traffic and not have other machines on the network accessing services on that interface.
So I guess my question is, are there any known limitations with ntpd in respect to FIBs, and is there a way to tell it to use another FIB? I'd have thought that opening a socket on an interface would naturally cause communication to happen via the FIB that the interface lives in, but maybe theres something that I dont understand about all of this.
Thanks