nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NTP Server

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Mon, 25 Oct 2010 02:09:59 +0000

On Oct 25, 2010, at 3:48 AM, Matthew Petach wrote:


NTP can potentially be used as a DoS vector by your upstream clocks, if you're not running your own.



+1

Also, if you experience a network partition event for any reason (DDoS attack, backhoe attack, et. al.) which disrupts 
communications between your network and the one(s) on the Internet where the public ntp servers you're using live, the 
accuracy of your time-hack becomes a concern just at the moment when you need it the most for combinatorial analysis of 
multiple forms of telemetry.

And of course, time services for your infrastructure/services/apps ought to run across your DCN, anyways, which should 
be kept isolated from your production network (you don't want to rely upon proxies to enable something as critical as 
time service, IMHO).

As Sean pointed out, all your routers from modern vendors are ntp-capable, and getting a couple of radio cards for 
servers to sync with WWVB isn't very expensive, assuming you can plug into an aerial which gets good reception:

<http://www.nist.gov/pml/div688/grp40/wwvb.cfm>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.
Previous By Date Next
Previous By Thread Next

Current thread: