NTP leap smear incompatibility

Solution Verified - Updated -

Red Hat Insights can detect this issue

Proactively detect and remediate issues impacting your systems.
View matching systems and remediation

Environment

  • Red Hat Enterprise Linux (RHEL) 6, 7 and 8
  • chrony
  • ntp

Issue

Configuration of the NTP client (chronyd or ntpd) is not compatible with a server leap smear, which may cause it to make an unexpected correction of the clock, or fail to synchronize during a leap smear.

Resolution

  • Remove from /etc/chrony.conf or /etc/ntp.conf any leapsectz or leapfile directives respectively.
  • Modify the configuration file to use only NTP servers that perform the same leap smear. Do not mix different leap-smearing servers, or leap-smearing servers with standard NTP servers.
  • Restart the chronyd or ntpd service.

Root Cause

An NTP server can be configured to perform a "leap smear" in order to hide a leap second from its clients. Typically, it is used in larger networks with different NTP clients which cannot handle leap seconds in an expected way, or where it would be impractical to configure them all to do that. Some companies use leap-smearing NTP servers internally and also provide that service publicly on the internet.

A leap-smearing NTP server does not announce the leap second in NTP responses to prevent the clients from handling the leap second on their own (e.g. by stepping the clock). It slowly adjusts the served time to compensate for the one-second error. This adjustment usually takes a day and it can be performed before, around, or after the leap second. Different functions for the adjustment can be used (e.g. linear or quadratic).

The leap smear can work well only if the client does not know about the leap second from another NTP server, tzdata (chronyd configured with the leapsectz directive), or a leap file (ntpd configured with the leapfile directive). If it does know about the leap second, it will make its own adjustment of the clock for the leap second, which will be wrong and will have to be corrected again in order to synchronize with the leap-smearing server.

If the client is configured with multiple servers and they don't implement the same leap smear, or they don't all implement a leap smear, the client will get different times from different servers during the leap smear and it may stop updating its clock, or jump randomly between the servers.

It is not possible to detect a leap-smearing server before it starts the leap smear. It is a non-standard behavior (it is not described in the NTP specification) and it needs to be used carefully.

  • Component
  • ntp

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.