Subscriber Discussion

Onvif Vs Proprietary, Time Synch Issues

UI
Undisclosed Integrator #1
Aug 11, 2016

Could this be an issue with ONVIF, or am I doing something wrong?

I noticed that my ONVIF cameras are 1-3 seconds out of synch (late) from the cameras that are proprietary to the NVR. 

I have a Hikvision DS-7716 NVR running IVMS-4200, using time.nist.gov

My cameras are:

3 Speco (set for ONVIF on the NVR, and they are in synch with the other Speco cameras.)

3 Hikvision   (all in synch with the other Hikvision cameras.)

I looked at the setup of the ONVIF Speco cameras and noticed the NTP is an option in a drop down menu and is time-a.nist.gov.

So, I have time.nist.gov set in the NVR, but in Speco's setup it is nist-a.gov. 

I've read the Time Synch Tutorial but, have not yet resolved this problem.  Am I making too much of a fuss over this issue?

 

Avatar
Ethan Ace
Aug 11, 2016

I actually just tried both those addresses (time-a.nist.gov and nist-a.gov) and they seem to be off by a couple of seconds, so you're not doing anything wrong.

I'd sync them both to the same server. It should solve the problem. If it doesn't, I'd be curious to hear about it.

I personally sync to north-america.pool.ntp.org but as long as they're all the same source, it shouldn't matter.

UI
Undisclosed Integrator #1
Aug 11, 2016

Ethan,

Yes, your suggestion solved my issue. Now all cameras are synchronizing superbly! I found that two of my three Speco cameras were synching to a third time server. So, I learned a valuable lesson, make sure all are synching with the same time server.

U
Undisclosed #2
Aug 11, 2016
IPVMU Certified

Something extremely strange about that nist-a.gov server. Like it shouldn't exist, since the domain is unregistered:

Nor is it part of the nist round robin, time.nist.gov:

But DNS has it and it does return time

Although it is 2 seconds slow from time-a.nist.gov

I strongly suggest you discontinue use of a-nist.gov, for obvious reasons. Best practice is to use time.nist.gov since this uses the pool.

UI
Undisclosed Integrator #1
Aug 11, 2016

Yes. The time.nist.gov seems to do fine for me. In the Speco Camera firmware time-a.nist.gov is one of the options in a drop down menu.

It took me a bit to get one of my cameras to synch. I had to restart the camera, do a manual synch, do a synch to computer time, and then synch to a time server before it finally synched to the rest of the cameras.

U
Undisclosed #2
Aug 11, 2016
IPVMU Certified
In reply to Undisclosed Integrator #1

time-a.nist.gov is fine, but where did nist-a.gov come from, is it the default?

Yes, its safer to sync all cameras on the same recorder and the recorder to the same time, but it also shouldn't be a problem if they are different, as long as they're nist.gov.

UI
Undisclosed Integrator #1
Aug 11, 2016

I don't think I mentioned "nist-a.gov", but rather "time-a.nist.gov", which is one of the default options in the Speco Camera firmware time settings drop down menu.

U
Undisclosed #2
Aug 11, 2016
IPVMU Certified
In reply to Undisclosed Integrator #1

Well, you mention 3 time servers, time.nist.gov, time-a.nist.gov and a-nist.gov:

Also, you mention being out of sync by 1-3 seconds, the only one of those addresses returning bad time is nist-a.com, 2 seconds for me, Ethan also tested.

If you had time.nist.gov in the NVR and time-a.nist.gov in the Speco cameras, you wouldn't have had a problem.

Just asking where you came across it since it may be a rogue NTP server that should be reported.

UI
Undisclosed Integrator #1
Aug 11, 2016

Good catch, I thought I looked over my original post pretty well, but you caught it. That was a mistake on my part as I meant to post just two servers, time-a.nist.gov. and time.nist.gov. So, only two servers should've been mentioned in my original post.

You are correct.

Avatar
Aaron Saks
Aug 12, 2016

The global address time.nist.gov is resolved to all of the server addresses below in a round-robin sequence to equalize the load across all of the servers.

Whether you connect to a server using the name or the IP address, it is a bad practice to “hard-code” a particular server name or address into a device so that these parameters cannot be changed by the end user if that becomes necessary at some future time.

All users should ensure that their software NEVER queries a server more frequently than once every 4 seconds. Systems that exceed this rate will be refused service. In extreme cases, systems that exceed this limit may be considered as attempting a denial-of-service attack.

http://tf.nist.gov/tf-cgi/servers.cgi

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions