Page MenuHomeVyOS Platform
Create Task
Maniphest T4456

NTP client in VRF tries to bind to interfaces outside VRF, logs many messages
Closed, ResolvedPublicBUG
Actions

Description

I use VRF for out of band management over a dedicated interface with DHCP client. SSH server and NTP client run on that dedicated interface, not on the public Internet.
IP address is from DHCP so can't be specified in NTP listen-address, so NTP tries to bind to all interfaces as usual.
This includes the mgmt VRF so it works (time is synchronised correctly), but repeatedly trying to bind other interfaces (default VRF) fails and spams the logs (especially on a router with many interfaces, 3 lines for each interface every minute or so).
With "set system ntp vrf mgmt" NTP should only bind to the VRF mgmt interface, and skip trying all interfaces.

Jun 2 14:23:56 router ntpd[2952]: bind(35) AF_INET 192.0.2.1#123 flags 0x19 failed: Cannot assign requested address
Jun 2 14:23:56 router ntpd[2952]: unable to create socket on eth3.3017 (6939) for 192.0.2.1#123
Jun 2 14:23:56 router ntpd[2952]: failed to init interface for address 192.0.2.1
Jun 2 14:23:56 router ntpd[2952]: bind(35) AF_INET6 2001:db8::1#123 flags 0x1 failed: Cannot assign requested address
Jun 2 14:23:56 router ntpd[2952]: unable to create socket on lo (6940) for 2001:db8::1#123
Jun 2 14:23:56 router ntpd[2952]: failed to init interface for address 2001:db8::1

Details

Difficulty level
Normal (likely a few hours)
Version
1.3.1
Why the issue appeared?
Other
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)

Related Objects

Mentioned In
1.3.2
1.3.2

Event Timeline

marekm created this task.Jun 2 2022, 3:30 PM
Viacheslav added a subscriber: Viacheslav.EditedJul 1 2022, 11:04 AM

@marekm Did you set a proper listen to address for it?

set system ntp listen-address x.x.x.x
marekm added a comment.Jul 4 2022, 9:23 AM
In T4456#125497, @Viacheslav wrote:

@marekm Did you set a proper listen to address for it?

set system ntp listen-address x.x.x.x

How can I do this with management IP from DHCP?

set interfaces ethernet eth0 address 'dhcp'
c-po claimed this task.Jul 4 2022, 5:49 PM

NTP listen option not only supports IPv4/IPv6 addresses but also interface names.

Jul 04 19:48:34 ntpd[25700]: ntpd [email protected] Wed Sep 23 11:46:38 UTC 2020 (1): Starting
Jul 04 19:48:34 ntpd[25700]: Command line: /usr/sbin/ntpd -g -p /run/ntpd/ntpd.pid -c /run/ntpd/ntpd.conf -u ntp:ntp
Jul 04 19:48:34 ntpd[25700]: ----------------------------------------------------
Jul 04 19:48:34 ntpd[25700]: ntp-4 is maintained by Network Time Foundation,
Jul 04 19:48:34 ntpd[25700]: Inc. (NTF), a non-profit 501(c)(3) public-benefit
Jul 04 19:48:34 ntpd[25700]: corporation.  Support and training for ntp-4 are
Jul 04 19:48:34 ntpd[25700]: available at https://www.nwtime.org/support
Jul 04 19:48:34 ntpd[25700]: ----------------------------------------------------
Jul 04 19:48:34 ntpd[25702]: proto: precision = 0.170 usec (-22)
Jul 04 19:48:34 ntpd[25702]: basedate set to 2020-09-11
Jul 04 19:48:34 ntpd[25702]: gps base set to 2020-09-13 (week 2123)
Jul 04 19:48:34 ntpd[25702]: Listen normally on 0 lo 127.0.0.1:123
Jul 04 19:48:34 ntpd[25702]: Listen normally on 1 eth0.10 172.16.33.145:123
Jul 04 19:48:34 ntpd[25702]: Listen normally on 2 lo [::1]:123
Jul 04 19:48:34 ntpd[25702]: Listen normally on 3 eth0.10 [fe80::250:56ff:feb3:fa0e%9]:123
[email protected]# cat /run/ntpd/ntpd.conf
### Autogenerated by ntp.py ###

#
# Non-configurable defaults
#
driftfile /var/lib/ntp/ntp.drift
# By default, only allow ntpd to query time sources, ignore any incoming requests
restrict default noquery nopeer notrap nomodify
# Allow pool associations
restrict source nomodify notrap noquery
# Local users have unrestricted access, allowing reconfiguration via ntpdc
restrict 127.0.0.1
restrict -6 ::1

#
# Configurable section
#
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst


# NTP should listen on configured addresses only
interface ignore wildcard
interface listen eth0.10
c-po edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.Jul 4 2022, 5:50 PM
c-po added a project: VyOS 1.3 Equuleus (1.3.2).Jul 4 2022, 6:02 PM
c-po changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
c-po changed Why the issue appeared? from Will be filled on close to Other.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
c-po changed Issue type from Bug (incorrect behavior) to Improvement (missing useful functionality).
pasik added a subscriber: pasik.Jul 4 2022, 6:14 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.Jul 4 2022, 6:26 PM
c-po added a comment.Jul 4 2022, 6:42 PM

PR for equuleus (upcoming 1.3.2 release https://github.com/vyos/vyos-1x/pull/1390)

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.2) board.Jul 4 2022, 6:42 PM
c-po closed this task as Resolved.Jul 7 2022, 2:42 PM
dmbaturin mentioned this in 1.3.2.Sep 5 2022, 3:14 PM
dmbaturin mentioned this in 1.3.2.Sep 15 2022, 10:42 AM