nanog mailing list archives
Re: NIST NTP servers
From: Harlan Stenn <stenn () ntp org>
Date: Tue, 10 May 2016 20:21:20 +0000
Leo Bicknell writes:
... The correct answer here is to run multiple NTP servers in your network. And by servers I mean real servers, with good quality oscellators on the motherboard. Then configure them to talk to _many_ sources. You need 4 sources of time minimum to redundantly detect false tickers. If you're serious about it then find ~10 Stratum 1 sources (ideally authenticated and from trusted entities),
Byzantine General's problem. With 3 sources you can detect *1* false ticker. But if one of those becomes unreachable you only have 2 time sources. Dilemma. With 4 sources you run the risk of 2 going one way, and 2 going another way. This happened to several folks recently, when some sites put NTP servers on the 'net that offered leap-smeared time. That's really a different problem where one of the effects is that it causes "time islands".
one of which could be GPS as several have suggested. You'll then have high quality false ticker rejection.
For extra points, use GPS receivers from different manufacturers, using whatever "variety" you can get for all of the components involved. Are you mounting each GPS receiver inside a coffee can to prevent drive-by jamming? Are the cables properly grounded? Using gas discharge tubes? Periodically tested/inspected? How much fun do you want to have thinking about all of these cases?
Configure all of your devices to get NTP from the servers you run using authentication.
Yes, and properly monitor your ntpd instances. -- Harlan Stenn <stenn () ntp org> http://networktimefoundation.org - be a member!
Current thread:
- Re: NIST NTP servers, (continued)
- Re: NIST NTP servers Chris Adams (May 12)
- RE: NIST NTP servers John Souvestre (May 12)
- RE: NIST NTP servers Chuck Church (May 11)
- Re: NIST NTP servers George Herbert (May 12)
- RE: NIST NTP servers Allan Liska (May 11)
- RE: NIST NTP servers Chuck Church (May 10)
- Re: NIST NTP servers Mike (May 10)
- Re: NIST NTP servers Laszlo Hanyecz (May 10)
- Re: NIST NTP servers Harlan Stenn (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Gary E. Miller (May 10)
- Re: NIST NTP servers Jared Mauch (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Chris Adams (May 10)
- Re: NIST NTP servers Mel Beckman (May 10)
- Re: NIST NTP servers Roland Dobbins (May 10)
- Re: NIST NTP servers Joe Klein (May 10)
- Re: NIST NTP servers Eric Kuhnke (May 10)
- Re: NIST NTP servers Mel Beckman (May 11)