nanog mailing list archives
Re: Need trusted NTP Sources
From: Saku Ytti <saku () ytti fi>
Date: Sun, 9 Feb 2014 10:03:46 +0200
On (2014-02-08 19:43 -0500), Jay Ashworth wrote:
In the architecture I described, though, is it really true that the odds of the common types of failure are higher than with only one?
I think so, lets assume arbitrarily that probability of NTP server not starting to give incorrect time is 99% over 1 year time. Then either of two servers not giving incorrect time is 0.99**2 i.e. 98%, so two NTP servers would be 1% point more likely to give incorrect time than one over 1 year time. Obviously the chance of working is more than 99% maybe it's something like 99.999%? And is that really typical failure-mode or is typical failure-mode complete loss of connectivity? Two NTP servers would protect from this, single not. However loss-of-connectivity minor impact on clients, wrong time has major impact of client. Maybe if loss-of-connectivity is fixed in somewhat short period of time, single NTP always win, if loss-of-connectivity is fixed typically in very long period of time, single NTP loses. I don't really have exact data, but best practice is >2. Matthew said 4, which gives the advantage that in single failure you are still operating redundantly and do not have urgency to fix, with 3 in single failure another failure must not occur before it is fixed. I think 3 is enough, networks are typically designed to handle 1 arbitrary failure at the same time and 2 arbitrary failures in most networks, when chosen correctly, will cause SLA breaking faults (Cheaper to pay SLA compensations than to recover from any 2 failures). But NTP servers are cheap, so if you want to be robust and recover from n false tickers, have 3+n. -- ++ytti
Current thread:
- Re: Need trusted NTP Sources, (continued)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Roy (Feb 07)
- RE: Need trusted NTP Sources Matthew Huff (Feb 07)
- Re: Need trusted NTP Sources Jared Mauch (Feb 07)
- Re: Need trusted NTP Sources Anthony Williams (Feb 07)
- You need a VLAN to the foot of NIST ITS services - no problem - we got you covered. Re: Need trusted NTP Sources TGLASSEY (Feb 07)
- Re: Need trusted NTP Sources Bryan Seitz (Feb 07)
- Re: Need trusted NTP Sources Majdi S. Abbas (Feb 08)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Andriy Bilous (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Andriy Bilous (Feb 09)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Lyle Giese (Feb 09)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 09)
- Re: Need trusted NTP Sources Brett Frankenberger (Feb 09)