Need trusted NTP Sources

Jay Ashworth jra at baylink.com
Sun Feb 9 00:43:36 UTC 2014


----- Original Message -----
> From: "Saku Ytti" <saku at ytti.fi>

> On (2014-02-06 21:14 -0500), Jay Ashworth wrote:
> > My usual practice is to set up two in house servers, each of which
> > talks to:
> >
> > And then point everyone in house to both of them, assuming they
> > accept multiple server names.
> 
> Two is worst possible amount of NTP servers to have. Either one fails and your
> timing is wrong, because you cannot vote false ticker. And chance of either of
> two failing is higher than one specific of them.

Fair point.

In practice, it never bit me because nearly everything that wanted NTP
would only accept one server name (being windows) and the things that
*did* take more than one, I generally pointed to both internals, and 
something outside the firewall as well.

In the architecture I described, though, is it really true that the odds
of the common types of failure are higher than with only one?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates       http://www.bcp38.info          2000 Land Rover DII
St Petersburg FL USA      BCP38: Ask For It By Name!           +1 727 647 1274



More information about the NANOG mailing list