Re: NIST NTP servers

[Harlan Stenn <stenn () ntp org>]

Leo Bicknell writes:
> ...
>
> The correct answer here is to run multiple NTP servers in your
> network.  And by servers I mean real servers, with good quality
> oscellators on the motherboard.  Then configure them to talk to
> _many_ sources.  You need 4 sources of time minimum to redundantly
> detect false tickers.  If you're serious about it then find ~10
> Stratum 1 sources (ideally authenticated and from trusted entities),

Byzantine General's problem.

With 3 sources you can detect *1* false ticker.

But if one of those becomes unreachable you only have 2 time sources.
Dilemma.

With 4 sources you run the risk of 2 going one way, and 2 going another
way.  This happened to several folks recently, when some sites put NTP
servers on the 'net that offered leap-smeared time.  That's really a
different problem where one of the effects is that it causes "time
islands".

> one of which could be GPS as several have suggested.  You'll then
> have high quality false ticker rejection.

For extra points, use GPS receivers from different manufacturers, using
whatever "variety" you can get for all of the components involved.

Are you mounting each GPS receiver inside a coffee can to prevent
drive-by jamming?

Are the cables properly grounded?  Using gas discharge tubes?
Periodically tested/inspected?

How much fun do you want to have thinking about all of these cases?

> Configure all of your devices to get NTP from the servers you run
> using authentication.

Yes, and properly monitor your ntpd instances.

-- 
Harlan Stenn <stenn () ntp org>
http://networktimefoundation.org - be a member!