NIST NTP servers

Leo Bicknell bicknell at ufp.org
Tue May 10 15:22:19 UTC 2016


In a message written on Mon, May 09, 2016 at 11:01:23PM -0400, b f wrote:
> In search of stable, disparate stratum 1 NTP sources.

http://wpollock.com/AUnix2/NTPstratum1PublicServers.htm

> We tried using “time.nist.gov” which returns varying round-robin addresses
> (as the link says), but Cisco IOS resolved the FQDN and embedded the
> numeric address in the “ntp server” config statement.

Depending on your hardware platform your Cisco Router is likely not
a great NTP server.  IOS is not designed for hyper-accuracy.

> After letting the new server config go through a few days of update cycles,
> the drift, offset and reachability stats are not anywhere as good as what
> the stats for the Navy time server are - 192.5.41.41 / tock.usno.navy.mil.

The correct answer here is to run multiple NTP servers in your
network.  And by servers I mean real servers, with good quality
oscellators on the motherboard.  Then configure them to talk to
_many_ sources.  You need 4 sources of time minimum to redundantly
detect false tickers.  If you're serious about it then find ~10
Stratum 1 sources (ideally authenticated and from trusted entities),
one of which could be GPS as several have suggested.  You'll then
have high quality false ticker rejection.

Configure all of your devices to get NTP from the servers you run
using authentication.

-- 
Leo Bicknell - bicknell at ufp.org
PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 811 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160510/e21c9463/attachment.pgp>


More information about the NANOG mailing list