Networking
AIX V7.1 provides many enhancements in the networking area. Described in this chapter, they include:
7.1 Enhancement to IEEE 802.3ad Link Aggregation
This section discusses the enhancement to the Ethernet link aggregation in AIX V7.1.
This feature first became available in AIX V7.1 and is included in AIX 6.1 TL 06.
7.1.1 EtherChannel and Link Aggregation in AIX
EtherChannel and IEEE 802.3ad Link Aggregation are network port aggregation technologies that allow multiple Ethernet adapters to be teamed to form a single pseudo Ethernet device. This teaming of multiple Ethernet adapters to form a single pseudo Ethernet device is known as aggregation.
Conceptually, IEEE 802.3ad Link Aggregation works the same as EtherChannel.
Advantages of using IEEE 802.3ad Link Aggregation over EtherChannel are that IEEE 802.3ad Link Aggregation can create the link aggregations in the switch automatically, and that it allows you to use switches that support the IEEE 802.3ad standard but do not support EtherChannel.
|
Note: When using IEE 802.3ad Link Aggregation ensure that your Ethernet switch hardware supports the IEEE 802.3ad standard.
With the release of AIX V7.1 and AIX V6.1 TL06, configuring an AIX Ethernet interface to use the 802.3ad mode requires that the Ethernet switch ports also be configured in IEEE 802.3ad mode.
|
7.1.2 IEEE 802.3ad Link Aggregation functionality
The IEEE 802.3ad Link Aggregation protocol, also known as Link Aggregation Control Protocol (LACP), relies on LACP Data Units (LACPDU) to control the status of link aggregation between two parties, the actor and the partner.
The actor is the IEEE 802.3ad Link Aggregation and the partner is the Ethernet switch port.
The Link Aggregation Control Protocol Data Unit (LACPDU) contains the information about the actor and the actor’s view of its partner. Each port in the aggregation acts as an actor and a partner. LACPDU is exchanged at the rate specified by the actor. All ports under the link aggregation are required to participate in LACP activity.
Both the actor and the partner monitor LACPDU in order to ensure that communication is correctly established and that they have the correct view of the other’s capability.
The aggregated link is considered to be nonoperational when there is a disagreement between an actor and its partner. When an aggregation is considered nonoperational, that port will not be used to transfer data packets. A port will only be used to transfer data packets if both the actor and the partner have exchanged LACPDU and they agree with each other’s view.
7.1.3 AIX V7.1 enhancement to IEEE 802.3ad Link Aggregation
Prior to AIX V7.1, the AIX implementation of the IEEE 802.3ad protocol did not wait for the LACP exchange to complete before using the port for data transmission.
This could result in packet loss if the LACP partner, which may typically be an Ethernet switch, relies on LACP exchange to complete before it uses the port for data transmission. This could result in significant packet loss if the delay between the link status up and the LACP exchange complete is large.
AIX V7.1 includes an enhancement to the LACP implementation to allow ports to exchange LACPDU and agree upon each other’s state before they are ready for data transmission.
This enhancement is particularly useful when using stacked Ethernet switches.
Without this enhancement to the AIX implementation of IEEE 802.3ad, stacked Ethernet switches may experience delays between the time that an Ethernet port is activated and an LACPDU transmit occurs when integrating or reintegrating an Ethernet switch into the stacked Ethernet switch configuration.
|
Important: In previous versions of AIX, the implementation of the IEEE 802.3ad protocol did not require Ethernet switch ports to be configured to use the 802.3ad protocol.
AIX V7.1 and AIX V6.1 TL06 require the corresponding Ethernet switch ports to be configured in IEEE 802.3ad mode when the AIX Ethernet interface is operating in the 802.3ad mode.
When planning to upgrade or migrate to AIX V7.1 or AIX V6.1 TL06, ensure that any Ethernet switch ports in use by an AIX 802.3ad Link Aggregation are configured to support the 802.3ad protocol.
|
When operating in IEEE 802.3ad mode, the enhanced support allows for up to three LACPDUs to be missed within the interval value. Once three LACPDUs are missed within the interval value, AIX will not use the link for data transmission until such time as a new LACPDU is received.
The interval durations are displayed in Table 7-1.
Table 7-1 The LACP interval duration
|
Type of interval
|
Interval duration
|
|
Short interval
|
1 seconds
|
|
Long interval
|
30 seconds
|
In the following examples we show an IEEE 802.3ad Link Aggregation change from an operational to nonoperational state, then revert to operational status due to a hardware cabling issue.
Our IEEE 802.3ad Link Aggregation pseudo Ethernet device is defined as ent6 and consists of the two logical Ethernet devices ent2 and ent4. Example 7-1 lists the lsdev -Cc adapter command output, displaying the ent6 pseudo Ethernet device.
|
Note: The lsdev command displays the ent6 pseudo Ethernet device as an EtherChannel and IEEE 802.3ad Link Aggregation. We discuss later in the example how to determine whether the ent6 pseudo device is operating as an IEEE 802.3ad Link Aggregation.
|
Example 7-1 The lsdev -Cc adapter command
# lsdev -Cc adapter
ent0 Available Virtual I/O Ethernet Adapter (l-lan)
ent1 Available Virtual I/O Ethernet Adapter (l-lan)
ent2 Available 00-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent3 Available 00-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent4 Available 01-08 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent5 Available 01-09 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
ent6 Available EtherChannel / IEEE 802.3ad Link Aggregation
vsa0 Available LPAR Virtual Serial Adapter
vscsi0 Available Virtual SCSI Client Adapter
#
By using the lsattr -El command, we can display the logical Ethernet devices that make up the ent6 pseudo Ethernet device.
The lsattr -El command also displays in which mode the pseudo Ethernet device is operating. We can see that the ent6 pseudo Ethernet device is made up of the ent2 and ent4 logical Ethernet devices. Additionally, the ent6 pseudo Ethernet device is operating in IEEE 802.3ad mode and the interval is long.
Example 7-2 Displaying the logical Ethernet devices in the ent6 pseudo Ethernet device
# lsattr -El ent6
adapter_names ent2,ent4 EtherChannel Adapters True
alt_addr 0x000000000000 Alternate EtherChannel Address True
auto_recovery yes Enable automatic recovery after failover True
backup_adapter NONE Adapter used when whole channel fails True
hash_mode default Determines how outgoing adapter is chosen True
interval long Determines interval value for IEEE 802.3ad mode True
mode 8023ad EtherChannel mode of operation True
netaddr 0 Address to ping True
noloss_failover yes Enable lossless failover after ping failure True
num_retries 3 Times to retry ping before failing True
retry_time 1 Wait time (in seconds) between pings True
use_alt_addr no Enable Alternate EtherChannel Address True
use_jumbo_frame no Enable Gigabit Ethernet Jumbo Frames True
#
The ent2 and ent4 devices are each defined on port T1 of a 1-gigabit Ethernet adapter in the AIX V7.1 partition.
Example 7-3 lists the physical hardware locations for the ent2 and ent4 logical Ethernet devices by using the lsslot -c pci and lscfg-vl commands.
Example 7-3 The lsslot and lscfg commands display the physical Ethernet adapters
# lsslot -c pci
# Slot Description Device(s)
U78A0.001.DNWHZS4-P1-C4 PCI-X capable, 64 bit, 266MHz slot ent2 ent3
U78A0.001.DNWHZS4-P1-C5 PCI-X capable, 64 bit, 266MHz slot ent4 ent5
# lscfg -vl ent2
ent2 U78A0.001.DNWHZS4-P1-C4-T1 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
2-Port 10/100/1000 Base-TX PCI-X Adapter:
Part Number.................03N5297
FRU Number..................03N5297
EC Level....................H13845
Manufacture ID..............YL1021
Network Address.............00215E8A4072
ROM Level.(alterable).......DV0210
Hardware Location Code......U78A0.001.DNWHZS4-P1-C4-T1
# lscfg -vl ent4
ent4 U78A0.001.DNWHZS4-P1-C5-T1 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
2-Port 10/100/1000 Base-TX PCI-X Adapter:
Part Number.................03N5297
FRU Number..................03N5297
EC Level....................H13845
Manufacture ID..............YL1021
Network Address.............00215E8A41B6
ROM Level.(alterable).......DV0210
Hardware Location Code......U78A0.001.DNWHZS4-P1-C5-T1
#
Example 7-4 shows the entstat -d command being used to display the status of the ent6 pseudo Ethernet device.
|
Note: Due to the large amount of output displayed by the entstat -d command, only the fields relevant to this example are shown.
|
Example 7-4 The entstat -d ent6 output - Link Aggregation operational
# entstat -d ent6
-------------------------------------------------------------
ETHERNET STATISTICS (ent6) :
Device Type: IEEE 802.3ad Link Aggregation
Hardware Address: 00:21:5e:8a:40:72
Elapsed Time: 0 days 21 hours 43 minutes 30 seconds
-------------------------------------------------------------
ETHERNET STATISTICS (ent2) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
-------------------------------------------------------------
ETHERNET STATISTICS (ent4) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
#
In Example 7-4 on page 276, the Actor State for both the ent2 and ent4 logical Ethernet devices shows the Distributing state as Enabled and the Expired state as False. The Synchronization state is IN_SYNC.
Additionally, the Partner State for both the ent2 and ent4 logical Ethernet devices shows the Distributing state as Enabled and the Expired state as False. The Synchronization state is IN_SYNC.
This is the normal status mode for an operational IEEE 802.3a Link Aggregation.
The administrator is alerted of a connectivity issue by an error in the AIX error report. By using the entstat -d command the administrator discovers that the ent4 logical Ethernet device is no longer operational.
Example 7-5 lists the output from the entstat -d command. In this example, the Actor State and Partner State values for the ent4 logical Ethernet device status have changed. The ent2 logical Ethernet device status remains unchanged.
|
Note: Due to the large amount of output displayed by the entstat -d command, only the fields relevant to this example are shown.
|
Example 7-5 The entstat -d ent6 output - Link Aggregation nonoperational
# errpt
EC0BCCD4 0825110510 T H ent4 ETHERNET DOWN
A6DF45AA 0820181410 I O RMCdaemon The daemon is started.
# entstat -d ent6
-------------------------------------------------------------
ETHERNET STATISTICS (ent6) :
Device Type: IEEE 802.3ad Link Aggregation
Hardware Address: 00:21:5e:8a:40:72
Elapsed Time: 0 days 22 hours 12 minutes 19 seconds
-------------------------------------------------------------
ETHERNET STATISTICS (ent2) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
-------------------------------------------------------------
ETHERNET STATISTICS (ent4) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
-----------------------------------------------------------------------
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Disabled
Defaulted: False
Expired: True
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: OUT_OF_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
#
In Example 7-5 on page 278, the Actor State for the ent4 logical Ethernet device shows the Distributing state as Disabled and the Expired state as True. The Synchronization state is IN_SYNC.
Additionally, the Partner State for the ent4 logical Ethernet device shows the Distributing state as Enabled and the Expired state as False. The Synchronization state is OUT_OF_SYNC.
The ent2 logical Ethernet adapter status remains unchanged.
From this, the administrator can determine that the ent4 logical Ethernet adapter has disabled its LACPDU sending and has expired its state, because it has failed to receive three LACPDU responses from the Ethernet switch port partner. In turn, the partner is now displayed as OUT_OF_SYNC, as the actor and partner are unable to agree upon their status.
Prior to the IEEE 802.3ad enhancement in AIX V7.1, the entstat output may not have reliably displayed the status for devices that do not report their up/down state, which could result in significant packet loss.
With the AIX V7.1 enhancement to IEEE 802.3ad Link Aggregation, the actor determines that the partner is not responding to three LACPDU packets and discontinues activity on that logical Ethernet adapter, until such time as it receives an LACPDU packet from the partner.
|
Note: In this example, the interval is set to long (30 seconds).
AIX V7.1 still supports device up/down status reporting, but if no device down status was reported, then the link status would be changed after 90 seconds (3*long interval).
The interval may be changed to short, which would reduce the link status change to 3 seconds (3*short interval). Such changes should be tested to determine whether long or short interval is suitable for your specific environment.
|
It was determined that the loss of connectivity was due to a network change that resulted in the network cable connecting the ent4 logical Ethernet device to the Ethernet switch port being moved to another switch port that was not enabled. Once the cabling was reinstated, the administrator again checked the ent6 pseudo Ethernet device with the entstat -d command.
|
Note: Due to the large amount of output displayed by the entstat -d command, only the fields relevant to this example are shown.
|
Example 7-6 The entstat -d ent6 output - Link Aggregation recovered and operational
# entstat -d ent6
-------------------------------------------------------------
ETHERNET STATISTICS (ent6) :
Device Type: IEEE 802.3ad Link Aggregation
Hardware Address: 00:21:5e:8a:40:72
Elapsed Time: 0 days 22 hours 33 minutes 50 seconds
=============================================================
ETHERNET STATISTICS (ent2) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
-------------------------------------------------------------
ETHERNET STATISTICS (ent4) :
Device Type: 2-Port 10/100/1000 Base-TX PCI-X Adapter (14108902)
Hardware Address: 00:21:5e:8a:40:72
IEEE 802.3ad Port Statistics:
-----------------------------
Actor State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
Partner State:
LACP activity: Active
LACP timeout: Long
Aggregation: Aggregatable
Synchronization: IN_SYNC
Collecting: Enabled
Distributing: Enabled
Defaulted: False
Expired: False
#
In Example 7-6 on page 281 the Actor State for the ent4 logical Ethernet device once more shows the Distributing state as Enabled and the Expired state as False. The Synchronization state is IN_SYNC.
Additionally, the Partner State for the ent4 logical Ethernet device shows the Distributing state as Enabled and the Expired state as False. The Synchronization state is IN_SYNC.
The ent2 logical Ethernet adapter status remains unchanged.
From this, the administrator can determine that the ent4 logical Ethernet adapter has received an LACPDU from its Ethernet switch partner and enabled link state. The link state is now synchronized and the IEEE 802.3ad Link Aggregation is again operating normally.
7.2 Removal of BIND 8 application code
Berkeley Internet Name Domain (BIND) is a widely used implementation of the Domain Name System (DNS) protocol, since the general availability of AIX V6.1 Technology Level 2 in November 2008 AIX supports BIND 9 (version 9.4.1). In comparison to the previous version, BIND 8, the majority of the code was redesigned for BIND 9 to effectively exploit the underlying BIND architecture, to introduce many new features and in particular to support the DNS Security Extensions. The Internet System Consortium (ISC http://www.isc.org) maintains the BIND code and officially declared the end-of life for BIND 8 in August 2007. Ever since no code updates have been implemented in BIND 8. Also, the ISC only provides support for security-related issues to BIND version 9 or higher.
In consideration of the named facts AIX Version 7.1 only supports BIND version 9 and the BIND 8 application code has been removed from the AIX V7.1 code base and is no longer provided on the product media. However, the complete BIND 8 library code in /usr/ccs/lib/libbind.a is retained since many AIX applications are using the provided functionality.
As consequence of the BIND 8 application code removal the following application programs are no longer available with AIX 7:
•/usr/sbin/named8
•/usr/sbin/named8-xfer
On an AIX 7 system the symbolic link of the named daemon is defined to point to the BIND 9 application, which provides the server function for the Domain Name Protocol:
# cd /usr/sbin
# ls -l named
lrwxrwxrwx 1 root system 16 Aug 19 21:23 named -> /usr/sbin/named9
In previous AIX releases /usr/sbin/named-xfer is linked to the /usr/sbin/named8-xfer BIND 8 binary but because there is no equivalent program in BIND 9, the symbolic link /usr/sbin/named-xfer no longer exists on AIX 7 systems.
7.3 Network Time Protocol version 4
The Network Time Protocol (NTP) is an Internet protocol used to synchronize the clocks of computers to some time reference, usually the Coordinated Universal Time (UTC). NTP is an Internet standard protocol originally developed by Professor David L. Mills at the University of Delaware.
The NTP version 3 (NTPv3) Internet draft standard is formalized in the Request for Comments (RFC) 1305 (Network Time Protocol (Version 3) Specification, Implementation and Analysis). NTP version 4 (NTPv4) is a significant revision of the NTP standard, and is the current development version. NTPv4 has not been formalized but is described in the proposed standard RFC 5905 (Network Time Protocol Version 4: Protocol and Algorithms Specification).
The NTP subnet operates with a hierarchy of levels, where each level is assigned a number called the stratum. Stratum 1 (primary) servers at the lowest level are directly synchronized to national time services. Stratum 2 (secondary) servers at the next higher level are synchronized to stratum 1 servers and so on. Normally, NTP clients and servers with a relatively small number of clients do not synchronize to public primary servers. There are several hundred public secondary servers operating at higher strata and they are the preferred choice.
According to a 1999 survey1 of the NTP network there were at least 175,000 hosts running NTP on the Internet. Among these there were over 300 valid stratum 1 servers. In addition there were over 20,000 servers at stratum 2, and over 80,000 servers at stratum 3.
Beginning with AIX V7.1 and AIX V6.1 TL 6100-06 the AIX operating system supports NTP version 4 in addition to the older NTP version 3. The AIX NTPv4 implementation is based on the port of the ntp-4.2.4 version of the Internet Systems Consortium (ISC) code and is in full compliance with RFC 2030 (Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI).
Additional information about the Network Time Protocol project, the Internet Systems Consortium, and the Request for Comments can be found at:
As in previous AIX releases, the NTPv3 code is included with the bos.net.tcp.client fileset that is provided on the AIX product media and installed by default. The new NTPv4 functionality is delivered via the ntp.rte and the ntp.man.en_US filesets of the AIX Expansion Pack.
The ntp.rte fileset for the NTP runtime environment installs the following NTPv4 programs under the /usr/sbin/ntp4 directory:
ntptrace4 Perl script that traces a chain of NTP hosts back to their master time source.
sntp4 SNTP client that queries an NTP server and displays the offset time of the system clock with respect to the server clock.
ntpq4 Standard NTP query program.
ntp-keygen4 Command that generates public and private keys.
ntpdc4 Special NTP query program.
ntpdate4 Sets the date and time using the NTPv4 protocol.
ntpd4 NTPv4 daemon.
System administrators can use the lslpp command to get a full listing of the ntp.rte fileset content:
7501lp01:sbin/ntp4> lslpp -f ntp.rte
Fileset File
-----------------------------------------------------------------------
Path: /usr/lib/objrepos
ntp.rte 6.1.6.0 /usr/lib/nls/msg/en_US/ntpdate4.cat
/usr/lib/nls/msg/en_US/ntpq4.cat
/usr/sbin/ntp4/ntptrace4
/usr/sbin/ntp4/sntp4
/usr/sbin/ntp4/ntpq4
/usr/sbin/ntp4/ntp-keygen4
/usr/sbin/ntp4/ntpdc4
/usr/sbin/ntp4/ntpdate4
/usr/lib/nls/msg/en_US/ntpdc4.cat
/usr/lib/nls/msg/en_US/ntpd4.cat
/usr/sbin/ntp4
/usr/lib/nls/msg/en_US/libntp4.cat
/usr/sbin/ntp4/ntpd4
The NTPv3 and NTPv4 binaries can coexist on an AIX system. The NTPv3 functionality is installed by default via the bos.net.tcp.client fileset and the commands are placed in the /usr/sbin subdirectory.
If the system administrator likes to use the NTPv4 services, all the commands will be in the /usr/sbin/ntp4 directory after the NTPv4 code has been installed from the AIX Expansion Pack. Table 7-2 provides a list of the NTPv4 binaries and the NTPv3 binaries on AIX.
Table 7-2 NTP binaries directory mapping on AIX
|
NTPv4 binaries in /usr/sbin/ntp4
|
NTPv3 binaries in /usr/sbin
|
|
ntpd4
|
xntpd
|
|
ntpdate4
|
ntpdate
|
|
ntpdc4
|
xntpdc
|
|
ntpq4
|
ntpq
|
|
ntp-keygen4
|
Not available
|
|
ntptrace4
|
ntptrace
|
|
sntp4
|
sntp
|
In comparison with the NTPv3 protocol, the utilization of NTPv4 offers improved functionality, and many new features and refinements. A comprehensive list that summarizes the differences between the NTPv4 and the NTPv3 versions is provided by the NTP Version 4 Release Notes, which can be found at:
The following list is an extract of the release notes that gives an overview of the new features pertaining to AIX.
•Support for the IPv6 addressing family. If the Basic Socket Interface Extensions for IPv6 (RFC 2553) is detected, support for the IPv6 address family is generated in addition to the default support for the IPv4 address family.
•Most calculations are now done using 64-bit floating double format, rather than 64-bit fixed point format. The motivation for this is to reduce size, improve speed, and avoid messy bounds checking.
•The clock discipline algorithm has been redesigned to improve accuracy, reduce the impact of network jitter and allow increase in poll intervals to 36 hours with only moderate sacrifice in accuracy.
•The clock selection algorithm has been redesigned to reduce clockhopping when the choice of servers changes frequently as the result of comparatively insignificant quality changes.
•This release includes support for Autokey public-key cryptography, which is the preferred scheme for authenticating servers to clients.
•The OpenSSL cryptographic library has replaced the library formerly available from RSA Laboratories. All cryptographic routines except a version of the MD5 message digest routine have been removed from the base distribution.
•NTPv4 includes three new server discovery schemes, which in most applications can avoid per-host configuration altogether. Two of these are based on IP multicast technology, while the remaining one is based on crafted DNS lookups.
•This release includes comprehensive packet rate management tools to help reduce the level of spurious network traffic and protect the busiest servers from overload.
•This release includes support for the orphan mode, which replaces the local clock driver for most configurations. Orphan mode provides an automatic, subnet-wide synchronization feature with multiple sources. It can be used in isolated networks or in Internet subnets where the servers or Internet connection have failed.
•There are two new burst mode features available where special conditions apply. One of these is enabled by the iburst keyword in the server configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the burst keyword in the server configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure.
•The reference clock driver interface is smaller, more rational, and more accurate.
•In all except a very few cases, all timing intervals are randomized, so that the tendency for NTPv3 to self-synchronize and bunch messages, especially with a large number of configured associations, is minimized.
•Several new options have been added for the ntpd command line. For the system administrators, several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the tinker and tos commands can be used to adjust thresholds, throw switches and change limits.
•The ntpd daemon can be operated in a one-time mode similar to ntpdate, which will become obsolete over time.
1 Source: A Survey of the NTP Network, found at: http://alumni.media.mit.edu/~nelson/research/ntp-survey99
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.