NIST NTP servers
Majdi S. Abbas
msa at latt.net
Wed May 11 17:42:54 UTC 2016
On Wed, May 11, 2016 at 03:24:43PM +0000, Jay R. Ashworth wrote:
> We're all aware this project is underway, right?
Despite the name, I'm not aware of any significant protocol
changes. It's just a recent fork of the reference implementation
minus the refclocks, which isn't particularly helpful if you /don't/
trust network time sources.
Long term, be looking at NTS:
In the meanwhile, I'd recommend something along the following
- Several nearby upstream servers configured per time server, per site
(As diversely as possible.)
- Diverse reference clocks (I run everything from WWV to GPS
here.) providing authenticated time to your servers.
- That all your time servers in all sites be configured in an
authenticated full mesh of symmetric peers, allowing the other
sites to provide time to a site that has lost its upstream
servers or for whatever reason does not trust them at the moment.
And of course, ensure any hosts whose clocks you care about are
talking to at least a few of these, and preferably several. I know the
common case configuration is either default/ntp-pool, or "we have two
time servers in this site and everything just chimes from them," but
neither is that great of a configuration.
More information about the NANOG