Re: NIST NTP servers

[Leo Bicknell <bicknell () ufp org>]

In a message written on Mon, May 09, 2016 at 11:01:23PM -0400, b f wrote:
> In search of stable, disparate stratum 1 NTP sources.

http://wpollock.com/AUnix2/NTPstratum1PublicServers.htm

> We tried using “time.nist.gov” which returns varying round-robin addresses
> (as the link says), but Cisco IOS resolved the FQDN and embedded the
> numeric address in the “ntp server” config statement.

Depending on your hardware platform your Cisco Router is likely not
a great NTP server.  IOS is not designed for hyper-accuracy.

> After letting the new server config go through a few days of update cycles,
> the drift, offset and reachability stats are not anywhere as good as what
> the stats for the Navy time server are - 192.5.41.41 / tock.usno.navy.mil.

The correct answer here is to run multiple NTP servers in your
network.  And by servers I mean real servers, with good quality
oscellators on the motherboard.  Then configure them to talk to
_many_ sources.  You need 4 sources of time minimum to redundantly
detect false tickers.  If you're serious about it then find ~10
Stratum 1 sources (ideally authenticated and from trusted entities),
one of which could be GPS as several have suggested.  You'll then
have high quality false ticker rejection.

Configure all of your devices to get NTP from the servers you run
using authentication.

-- 
Leo Bicknell - bicknell () ufp org
PGP keys at http://www.ufp.org/~bicknell/

Attachment: _bin
Description: