nanog mailing list archives
Re: Need trusted NTP Sources
From: Jimmy Hess <mysidia () gmail com>
Date: Sun, 9 Feb 2014 15:00:29 -0600
On Sun, Feb 9, 2014 at 2:45 PM, Jay Ashworth <jra () baylink com> wrote: [snip]
If I'm locked to 2 coherent upstreams and one goes insane, I'm going to know which one it is, because the other one will still match what I already have running, no?
The question should be how assured is the reliability of the clocks of the 2 upstream servers. I think I am pretty happy with the concept of having two local centralized NTP servers, used by various servers in an environment ---- some SNTP some NTP, each of the local centralized NTP servers using 5 external time sources. These external time sources need to be periodically checked, to ensure the central NTP servers continue to synchronize with them, and that they continue to be accurate. So the pair of NTP servers is not redundant in the sense that the time is allowed to be wrong, but they are resilient in the sense of being configured, so their own clock should always be correct, unless there is a once in 100 years failure scenario. Each of the local servers, then has two NTP peers as time source, and the local clock discipline, except for virtual machines: which should use just the two NTP servers. A local pair of NTP servers are not "redundant" in the sense of being able to survive a catastrophic software bug in NTP; the local time sources should be redundant to survive the more highly frequent condition of temporary total failure of a local NTP server.
Or do I understand NTP less well than I think?
Cheres, -- jra
-- -JH
Current thread:
- Re: Need trusted NTP Sources, (continued)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 08)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Andriy Bilous (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Andriy Bilous (Feb 09)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 09)
- Re: Need trusted NTP Sources Saku Ytti (Feb 09)
- Re: Need trusted NTP Sources Lyle Giese (Feb 09)
- Re: Need trusted NTP Sources Jimmy Hess (Feb 09)
- Re: Need trusted NTP Sources Brett Frankenberger (Feb 09)
- Message not available
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Re: Need trusted NTP Sources Jay Ashworth (Feb 06)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Need trusted NTP Sources Larry Sheldon (Feb 06)
- Re: Need trusted NTP Sources Michael DeMan (Feb 06)
- Re: Need trusted NTP Sources Saku Ytti (Feb 06)
- RE: Need trusted NTP Sources Frank Bulk (Feb 06)