NIST NTP servers
hardenrm at uchicago.edu
Tue May 10 13:28:14 UTC 2016
_Everything_ has vulnerabilities and using _any_ external source opens your network and infrastructure to disruptions. NTP has been used for DDoS amplification attacks recently, but so has DNS and other well known/heavily used protocols.
With the right protections, syncing with an external NTP source is perfectly acceptable and safe.
Further, it’s generally a good idea to ‘peer’ (not just sync) your NTP servers with a few external sources. This removes the dependence on a single source and helps ensure that your time source agrees with the rest of the world. Peering requires interaction with the owners of the remote site, which establishes a basic level of trust that they’ll provide an accurate and stable service.
I’ve attached a diagram (sanitized) of what our NTP service will look like after an upcoming refresh.
All external sources are trusted and will be peered. All time devices peer with four other sources to ensure there is always a live source to sync/peer with.
A DNS record with round-robin is used for local clients to connect to the local Stratum 2 devices. The Stratum 1 GPS will not be directly accessible by users.
[cid:5676FF89-CBC8-42F7-84CE-69F431C23E48 at int.ancker.net]
Research and Advanced Networking Architect
University of Chicago - ASN160
On May 10, 2016, at 5:48 AM, Steven Miano <mianosm at gmail.com<mailto:mianosm at gmail.com>> wrote:
NTP has vulnerabilities, so using an external source opens your networks
and infrastructure to disruptions.
Going with an internal GPS/GLONASS/RADIO based S1 allows you to restrict
incoming traffic and not rely on volunteers or external entities (which may
undergo maintenance or budget issues).
My preference is more so something akin to the GLN180PEX (I am not
affiliated or paid to endorse this product). It allows you to use commodity
hardware (like a decommissioned 1U or several preferably) and creation of
ones own reliable internal time source(s). Introducing black boxes into a
production (revenue generation or expected services by paying customers)
environment is undesirable.
From there setting up NTPd, Chronyd, and PTPd is up to you.
Relying on satellites may seem like just another external reliance, but the
next life is proposing a design life of 12 years.....
On Mon, May 9, 2016 at 11:12 PM, Majdi S. Abbas <msa at latt.net<mailto:msa at latt.net>> wrote:
On Tue, May 10, 2016 at 03:08:16AM +0000, Mel Beckman wrote:
NTP has vulnerabilities that make it generally unsuitable for
provider networks. I strongly recommend getting a GPS-based
time server. These are as cheap as $300. Here is one I use quite a bit:
So how does this stop from distributing time to their
customers via NTP?
GPS doesn't save the protocol, in particular where the S1
clocks involved are embedded devices with rather coarse clocks and
Miano, Steven M.
More information about the NANOG