NTP Server

Robert E. Seastrom rs at seastrom.com
Mon Oct 25 07:00:43 CDT 2010


Leo Bicknell <bicknell at ufp.org> writes:

> For instance, for a couple of thousand dollars you can get a
> Symmetricom appliance that will do GPS timing with analog dial
> backup to NIST.  That gives you two non-internet sources at relatively
> low cost and low effort.  Deploy four in different POP's and you
> have redundancy on your own network, and can market that you provide
> high quality NTP to your customers.  It's nearly fire and forget,
> and a check for alarms from the box and make sure you watch for
> patches, that's about it.
> ...
> Notice in both cases I said deploy 4.  If you understand the protocol,
> and in particular the decision process that really is the minimum
> number to have high quality NTP.  Syncing everything to one or two
> NTP servers really doesn't work so well.

You can deploy four, which is the appropriate minimum number to deploy
if you're doing it in-house, but four of the same brand and model does
not protect you against *other* failure modes, like the problem we all
experienced with TrueTime almost 9 years ago.  A brief review is here:

http://groups.google.com/group/comp.protocols.time.ntp/msg/5f4e774dccf34c47

Not only is it wise to have more than one chipset in play (I have
Motorola and Garmin here), but it is good to have time sources from
more than one place.  Sure, the odds of the GPS C/A code getting it
wrong on a global scale are pretty small and if it happens will create
an enormous news event...

Here in the future, we've taken an enormous step backwards in terms of
precision time sources.  Here, I only have GPS and WWVB as sources,
and WWVB is not a 24-hour source (a better antenna might help this
after I move, but the signal strength is not particularly good here on
the east coast).  Remember GOES?  It's gone.  LORAN?  Canceled and
shut down.  GLONASS is fully restored to service as of last month
after a bad multi-year post-Soviet hit, but good luck finding
commodity-priced chipsets or reasonably priced NTP appliances that
talk to it.  It looks like Duke Nukem Forever may finally ship next
year, but until it does I'll continue to draw unfavorable comparisons
between it and Galileo.

In answer to the original question, running a small constellation
(four is the right number) of local stratum 2 servers in each
datacenter is a no-brainer.  A strong case can be made for running
your own stratum 1 servers.  They do not have to be on the same subnet
as has been suggested (and in fact, you don't want that kind of
non-redundancy as a general rule), but NTP really does want the path
to the server to be symmetric, which is a big argument in favor of
your own inside your network.

The folks at NRC in Canada will do cryptographically authenticated NTP
with you for an annual fee.  I have no idea if there is something
similar available from NIST in the US, but if they do I sure hope it
doesn't go over the same links as time-a and time-b - from my location
anyway, those two get tossed out as falsetickers on weekday afternoon
due to too much jitter.

-r





More information about the NANOG mailing list