NTP Server

Dobbins, Roland rdobbins at arbor.net
Mon Oct 25 02:09:59 UTC 2010


On Oct 25, 2010, at 3:48 AM, Matthew Petach wrote:

> NTP can potentially be used as a DoS vector by your upstream clocks, if you're not running your own.


+1

Also, if you experience a network partition event for any reason (DDoS attack, backhoe attack, et. al.) which disrupts communications between your network and the one(s) on the Internet where the public ntp servers you're using live, the accuracy of your time-hack becomes a concern just at the moment when you need it the most for combinatorial analysis of multiple forms of telemetry.

And of course, time services for your infrastructure/services/apps ought to run across your DCN, anyways, which should be kept isolated from your production network (you don't want to rely upon proxies to enable something as critical as time service, IMHO).

As Sean pointed out, all your routers from modern vendors are ntp-capable, and getting a couple of radio cards for servers to sync with WWVB isn't very expensive, assuming you can plug into an aerial which gets good reception:

<http://www.nist.gov/pml/div688/grp40/wwvb.cfm>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

 	       Sell your computer and buy a guitar.








More information about the NANOG mailing list