nanog mailing list archives
Re: NTP Sync Issue Across Tata (Europe)
From: "Forrest Christian (List Account)" <lists () packetflux com>
Date: Wed, 9 Aug 2023 18:42:20 -0600
The recommendation tends to be the following: 1) Run your GPS-derived NTP appliances, but DO NOT point end-user clients at it. 2) Run a set of internal NTPd servers, and configure them to pull time from all of your GPS-derived NTP servers, AND trusted public NTP servers 3) Point your clients at the internal NTPd servers. Note that it's not entirely unreasonable to go out and buy numerous GPS appliances, deploy them at multiple locations, and point your NTPd servers at those. With enough sites, your NTPd server will skip over any defective NTP appliance. At some point, using publicly available NTP sources is redundant unless one wants to mitigate away the risks behind failure of the GPS system itself. What I'm advocating against is the seemingly common practice to go buy an off-the-shelf lower-cost GPS-NTP appliance (under $1K or so), stick an antenna in a window or maybe on the rooftop, and point all your devices at that device. This is asking for a failure for reasons I've covered previously. Robust time needs multiple time sources in order to mitigate against any one source being spoofed or jammed. The more time sources you incorporate into your solution, the less likely it is that any one of them going haywire would cause a timing failure. On Wed, Aug 9, 2023 at 6:12 PM Mel Beckman <mel () beckman org> wrote:
Seth, My point exactly. Use GPS as primary, and have anti-PS back up, and if you want automatic fail over, do that in an intermediate server on your site that makes a conscious test and decision to fail over to regular NTP -mel via cellOn Aug 9, 2023, at 5:01 PM, Seth Mattinen via NANOG <nanog () nanog org>wrote:On 8/9/23 3:25 PM, Forrest Christian (List Account) wrote:Note that NIST operates a pool of 24 time servers for public use.These are spread across four different locations in two different states. My understanding is that they all get their time directly from the official NIST clocks without GPS or NTP being involved.I used to jump through all the hoops for that but honestly I like theappliances better (they are also PTP grandmaster clocks). I can always disable the GPS inputs if any of the doom and gloom actually comes to pass.~Seth
-- - Forrest
Current thread:
- Re: NTP Sync Issue Across Tata (Europe), (continued)
- Re: NTP Sync Issue Across Tata (Europe) Jay Hennigan (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Chris Adams (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Mel Beckman (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Jay R. Ashworth (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Jay R. Ashworth (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Seth Mattinen via NANOG (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Mel Beckman (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) John Gilmore (Aug 12)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Mel Beckman (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) sronan (Aug 16)
- Re: NTP Sync Issue Across Tata (Europe) James R Cutler (Aug 14)