nanog mailing list archives
Re: NIST NTP servers
From: "Majdi S. Abbas" <msa () latt net>
Date: Wed, 11 May 2016 13:42:54 -0400
On Wed, May 11, 2016 at 03:24:43PM +0000, Jay R. Ashworth wrote:
We're all aware this project is underway, right? https://www.ntpsec.org/
Despite the name, I'm not aware of any significant protocol changes. It's just a recent fork of the reference implementation minus the refclocks, which isn't particularly helpful if you /don't/ trust network time sources. Long term, be looking at NTS: https://datatracker.ietf.org/doc/draft-ietf-ntp-network-time-security/ In the meanwhile, I'd recommend something along the following lines: - Several nearby upstream servers configured per time server, per site (As diversely as possible.) - Diverse reference clocks (I run everything from WWV to GPS here.) providing authenticated time to your servers. - That all your time servers in all sites be configured in an authenticated full mesh of symmetric peers, allowing the other sites to provide time to a site that has lost its upstream servers or for whatever reason does not trust them at the moment. And of course, ensure any hosts whose clocks you care about are talking to at least a few of these, and preferably several. I know the common case configuration is either default/ntp-pool, or "we have two time servers in this site and everything just chimes from them," but neither is that great of a configuration. --msa
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Valdis . Kletnieks (May 11)
- Re: NIST NTP servers Eric Kuhnke (May 11)
- Re: NIST NTP servers Valdis . Kletnieks (May 11)
- Re: NIST NTP servers Sharon Goldberg (May 11)
- Re: NIST NTP servers Sharon Goldberg (May 11)
- Re: NIST NTP servers Harlan Stenn (May 11)
- Re: NIST NTP servers Harlan Stenn (May 11)
- Re: NIST NTP servers Andreas Ott (May 11)
- Re: NIST NTP servers Mel Beckman (May 11)
- Re: NIST NTP servers Jay R. Ashworth (May 11)
- Re: NIST NTP servers Majdi S. Abbas (May 11)
- Re: NIST NTP servers Jared Mauch (May 12)
- Re: NIST NTP servers Mike (May 12)
- Re: NIST NTP servers Gary E. Miller (May 11)
- Re: NIST NTP servers Eygene Ryabinkin (May 11)
- Re: NIST NTP servers Gary E. Miller (May 11)
- Re: NIST NTP servers Lyndon Nerenberg (May 11)