NTP Issues Today

Jay Ashworth jra at baylink.com
Tue Nov 20 19:28:19 UTC 2012


----- Original Message -----
> From: "Leo Bicknell" <bicknell at ufp.org>

> To protect against two falseticking servers (tick and tock, as we saw on
> the 19th) you need _FIVE_ servers minimum configured if they are both in
> the list. More importantly, if you want to protect against a source
> (GPS, CDMA, IRIG, WWIV, ACTS, etc) false ticking, you need a minimum of
> _FOUR_ different source technologies in the list as well.
> 
> It's not hard, my box that I posted the logs from peers with 18
> servers using 8 source technologies, all freely available on the Internet...

I'm curious, Leo, what your internal setup looks like.  Do you have an
internal pair of masters, all slaved to those externals and one another, 
with your machines homed to them?  Full mesh?  Or something else?

In my last big gig, it was recommended to me that I have all the machines 
which had to speak to my DBMS NTP *to it*, and have only it connect to the
rest of my NTP infrastructure.  It coming unstuck was of less operational
impact than *pieces of it* going out of sync with one another...

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274




More information about the NANOG mailing list