[131431] in North American Network Operators' Group
Re: NTP Server
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Sun Oct 24 13:22:27 2010
Date: Sun, 24 Oct 2010 10:20:22 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <SNT119-W15B39169090F986ADCF07ADC400@phx.gbl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Sun, Oct 24, 2010 at 11:34:12AM -0400, Brandon Kim =
wrote:
>From a service provider/ISP standpoint, does anyone think that having a l=
ocal NTP server is really necessary?
Do you provide NTP to your customers?
If you do there is probably an obligation there to make a reasonable
effort to have accurate times. I'm not sure relying on random
servers across the internet rises to that standard. I think you
should have at least four clocks getting time not from the internet
to compare.
For instance, for a couple of thousand dollars you can get a
Symmetricom appliance that will do GPS timing with analog dial
backup to NIST. That gives you two non-internet sources at relatively
low cost and low effort. Deploy four in different POP's and you
have redundancy on your own network, and can market that you provide
high quality NTP to your customers. It's nearly fire and forget,
and a check for alarms from the box and make sure you watch for
patches, that's about it.
If you don't offer NTP to your customers whatever you need for your
own internal logging is fine. Generally as long as they all sync
to the same set of servers they will be accurate to each other, so
you can compare times across servers. Set up 4 NTP servers, let
them sync to the outside world, let all of your internal boxes sync
to them.
Notice in both cases I said deploy 4. If you understand the protocol,
and in particular the decision process that really is the minimum
number to have high quality NTP. Syncing everything to one or two
NTP servers really doesn't work so well.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
iQIVAwUBTMRq1rN3O8aJIdTMAQLf6A//b6C5T9ButPSdkeGMnWlnIDClI/tOZQRc
qi7ku59rOnS8SDwTO8+oXUQAJdK1eLenf3j2VdVAtyQ08zex/U5494n92gQyz6r1
DqlhtKTPkjPYttbocr0PkF2m6DxMZAFAO+EbtEs5HY00Z8+RSKzvmFSZFnycv9ga
pNC3nTxyrgI19oul8lcd+VELLd9okxtk14Biv6Cu/0ThkAf3QxiyQYlxWGpsSooM
g3dPg6T4WfhQhg5StBKcw6rYKFxoKOQlpFn+eNnPkHrrTI0Wq9rKL19Y7v5P726j
4aKZX8F4NJsewAaglIGDjYkS1G1aVdnB/G4cfL7vhxaO9jksT7+qYMm1Ile8FMOZ
yhybGZ87UajgMjdTV27TnILgTGDKDa1As+L2g6OnR4Q4zBCKWT3ROgyr5HcSyAa1
IF0B3boCTEjIPDv467XZ30qvW3PBQ85Z4hPa7VgYE2wPPqIvwugjyGXMRWmGXnV/
BF0A0IJRJKYNcD2qdQzU28Q3UzrBh5hNsLnrUkIXoP3VjiUCxW8rA1wJY1QYc6MJ
wpfo65fjkcILLvWOo/nzyZxMedv8Zcw0uc5HzcjHjR00yVw7g2CBvbZmXEL23clk
3Ey+xZNMNaKTHMAGY3b1U8s28+24i0z4GghePqHjGKUAF8mWuXiiadSTf7bV+cn4
l8+FUFhMHEc=
=lbOh
-----END PGP SIGNATURE-----
--EeQfGwPcQSOJBaQU--
