Re: Need trusted NTP Sources

[Andriy Bilous <andriy.bilous () gmail com>]

Unfortunately I don't have the book handy. May be I am wrong too. Just
checked and 4 looks to be a valid solution for 1 falseticker according to
Byzantine Generals' Problem.


On Sun, Feb 9, 2014 at 10:03 PM, Saku Ytti <saku () ytti fi> wrote:

> On (2014-02-09 21:08 +0100), Andriy Bilous wrote:
>
> > Best practice is five. =) I don't remember if it's in FAQ on ntp.org or
> in
> > David Mills' book. Your local clock is kind of gullible "push-over" which
> > will "vote" for the "party" providing most reasonable data. The algorithm
> > would filter out insane sources which run too far from the rest and then
> > group sane sources into 2 "parties" - your clock will follow the one
> where
> > runners are closer to each other. That is why uneven number of
> trustworthy
> > sources at least at start is required. With 2 sources you will blindly
> > follow the one which is closer to your own clock. You're also having the
> > the risk to degrade into this situation when you lose 1 out of 3 sources.
> > Four is again 2:2 and only with five you have a good chance to start
> > disciplining your clock into the right direction at the right pace, so
> when
> > 1 source is lost you (most probably) won't run into insanity.
>
> I'm having bit difficulties understanding the issue with 4.
>
> Is the implication that you have two groups which all agree with each other
> reasonably well, but do not agree between the groups. Which would mean
> that 4
> cannot handle situation where 2 develop problem where they agree with each
> other but are wrong.
> But even in that case, you'd still recover from 1 of them being wrong. So
>
> 3 = correct time, no redundancy
> 4 = correct time, 1 can fail
> 5 = correct time, 2 can fail
> and so forth?
>
> But not sure here, just stabbing in the dark. For the fun of it, threw
> email
> to Mills, if he replies, I'll patch it back here.
>
> --
>   ++ytti