nanog mailing list archives
Re: NTP, possible solutions, and best implementation
From: Michael.Dillon () radianz com
Date: Thu, 2 Oct 2003 16:51:57 +0100
Assuming one wanted to provide a high profile (say, at the TLD level)
NTP
service, how would you go about it ?
First of all, NTP should be done at the geographical level, not the TLD level. Generally, unless political reasons prevent it, you should try to implement an NTP service that covers a region roughly as large as Europe to avoid too much fate sharing caused by proximity.
The possibilities I encountered are diverse, the problem is not the back-end device (be it a GPS based NTP source + atomic clock backup,
based on
cesium or similar),
Beware the single point of failure. If all your clocks come from GPS, then GPS is the SPOF. If they all come fram brand X manufacturer then that is the SPOF. A commercial service should be robust and use a combination of atomic clocks, GPS, radio time services, CDMA/GSM clocks combined with a sanity checker to watch all the clocks and detect bad timekeepers.
However, when you put such a device on a network, you want to have
some
kind of clue about the investment made in that product when security
comes to
mind,
Indeed. Hide this clock behind a packet filtering firewall or else use udprelay and an application layer gateway on UNIX to block everything except NTP. In fact, if this is a commercial service you should hack udprelay so that it knows about the NTP protocol and can block non-customer traffic or malformed traffic or high volumes of traffic. That way, the UNIX server/firewall in between the NTP device and the net protects it from abuse, but since this UNIX server is a pass-through device from the point of view of NTP, it does not change the stratum level of the service any more than an IP router does. --Michael Dillon
Current thread:
- NTP, possible solutions, and best implementation Ariel Biener (Oct 02)
- Re: NTP, possible solutions, and best implementation David G. Andersen (Oct 02)
- Re: NTP, possible solutions, and best implementation Scott McGrath (Oct 03)
- Re: NTP, possible solutions, and best implementation Ariel Biener (Oct 03)
- Re: NTP, possible solutions, and best implementation Nathan J. Mehl (Oct 03)
- Re: NTP, possible solutions, and best implementation Robert E. Seastrom (Oct 03)
- <Possible follow-ups>
- Re: NTP, possible solutions, and best implementation Michael . Dillon (Oct 02)
- Re: NTP, possible solutions, and best implementation Ariel Biener (Oct 02)
- Re: NTP, possible solutions, and best implementation Eliot Lear (Oct 02)
- Re: NTP, possible solutions, and best implementation just me (Oct 02)
- Re: NTP, possible solutions, and best implementation Gary E. Miller (Oct 02)
- Re: NTP, possible solutions, and best implementation Eliot Lear (Oct 02)
- RE: NTP, possible solutions, and best implementation David Schwartz (Oct 02)
- Re: NTP, possible solutions, and best implementation joe mcguckin (Oct 02)
- RE: NTP, possible solutions, and best implementation David Schwartz (Oct 02)
- RE: NTP, possible solutions, and best implementation Owen DeLong (Oct 03)
- Re: NTP, possible solutions, and best implementation Marshall Eubanks (Oct 03)