Need trusted NTP Sources

Saku Ytti saku at
Sun Feb 9 21:03:28 UTC 2014

On (2014-02-09 21:08 +0100), Andriy Bilous wrote:

> Best practice is five. =) I don't remember if it's in FAQ on or in
> David Mills' book. Your local clock is kind of gullible "push-over" which
> will "vote" for the "party" providing most reasonable data. The algorithm
> would filter out insane sources which run too far from the rest and then
> group sane sources into 2 "parties" - your clock will follow the one where
> runners are closer to each other. That is why uneven number of trustworthy
> sources at least at start is required. With 2 sources you will blindly
> follow the one which is closer to your own clock. You're also having the
> the risk to degrade into this situation when you lose 1 out of 3 sources.
> Four is again 2:2 and only with five you have a good chance to start
> disciplining your clock into the right direction at the right pace, so when
> 1 source is lost you (most probably) won't run into insanity.

I'm having bit difficulties understanding the issue with 4.

Is the implication that you have two groups which all agree with each other
reasonably well, but do not agree between the groups. Which would mean that 4
cannot handle situation where 2 develop problem where they agree with each
other but are wrong.
But even in that case, you'd still recover from 1 of them being wrong. So

3 = correct time, no redundancy
4 = correct time, 1 can fail
5 = correct time, 2 can fail
and so forth?

But not sure here, just stabbing in the dark. For the fun of it, threw email
to Mills, if he replies, I'll patch it back here.


More information about the NANOG mailing list