[131457] in North American Network Operators' Group
Re: NTP Server
daemon@ATHENA.MIT.EDU (Cutler James R)
Sun Oct 24 22:39:44 2010
From: Cutler James R <james.cutler@consultant.com>
Date: Sun, 24 Oct 2010 22:39:33 -0400
To: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Routers are not a good choice for time servers as it complicates =
configuration and, to some extent, constrains deployment methodology for =
routers to be effective with time service. We don't run DNS on routers, =
it is a service. Time service via NTP is a service as well. The NTP =
daemon in a router is not implemented in hardware and requires CPU =
resources better dedicated to RIB management.
In my experience, a reliable NTP peer group can be implemented on the =
same set of boxes as DNS (bind, etc.) with little or no impact on DNS =
performance. If you can count to four or more, you can make a reliable =
peer group of time servers.
On Oct 24, 2010, at 8:15 PM, Brandon Kim wrote:
>=20
> Hi Sean:
>=20
> By local I meant in-house, on-site in our datacenter. As far as what =
applications could use our NTP service, I would
> leave that up to each client and what they are running. For my own =
personal purposes, it would just be for log purposes.=20
> (error logs, syslogs, etc etc)
>=20
> I have heard that routers don't make good NTP servers since they =
weren't designed to keep track of time. This, I have read
> from a Cisco source. Can't remember where though. Or maybe they were =
just referring to older less powerful routers like 2500 series...
>=20
> Brandon
>=20
>=20
>=20
>=20
>=20
>=20
>> Date: Sun, 24 Oct 2010 14:42:24 -0400
>> From: sean@donelan.com
>> To: nanog@nanog.org
>> Subject: Re: NTP Server
>>=20
>> On Sun, 24 Oct 2010, Brandon Kim wrote:
>>> 1) How necessary do you believe in local NTP servers? Do you really=20=
>>> need the logs to be perfectly accurate?
>>> 2) If you do have a local NTP server, is it only for local internal=20=
>>> use, or do you provide this NTP server to your clients as an added=20=
>>> service?
>>> 3) If you do have a local NTP server, do you have a standby local =
NTP=20
>>> server or do you use the internet as your standby server?
>>=20
>> First terminology. What do you mean by a local NTP server?
>>=20
>> Almost any Cisco/Juniper router, Unix server and some recent Windows=20=
>> servers have NTP server software and can synchronize clocks in your=20=
>> network. So you may already have a NTP server capable device. You =
just=20
>> need to configure it, and give it a good source of time. It would be =
a=20
>> Stratum 2 or greater NTP server because the good source of time is=20
>> another NTP server. Left to itself, NTP is pretty good at keeping =
clocks=20
>> in arbitrary networks synchronized with each other. But most people =
are=20
>> also interested in synchronizing clocks with some official time =
source.
>>=20
>> The Network Time Protocol doesn't really have the notion of a =
"standby"=20
>> server. It uses multiple time sources together, and works best with =
about=20
>> four time sources. But for many end-systems, the Simple Network Time=20=
>> Protocol with a single time source may be sufficient.
>>=20
>> If you are in a regulated industry (stock broker, electric utility, =
9-1-1=20
>> answering point, etc) there are specific time and frequency standards =
you=20
>> must follow.
>>=20
>> On the other hand, are you are asking about a local clock receiver =
(radio,=20
>> satellite, etc) for a stratum 1 NTP server? Clock receivers are =
getting=20
>> cheaper, the problem is usually the antenna location.
>>=20
>> Or on the third hand, are you asking about local primary reference =
clock=20
>> (caesium, rubium, etc) for a stratum 1 NTP server? These are still=20=
>> relatively expensive up to extremely expensive.
>>=20
>> Or on the fourth hand, are you a time scientist working to improve=20
>> international time standards. If you are one of these folks, you =
already
>> know.
>>=20
>>=20
>> Most major ISPs use NTP across their router backbone, and incidently=20=
>> provide it to their customers. The local ISP router connected to your=20=
>> circuit probably has NTP enabled.
>>=20
>> Required accuracy is in the eye of the beholder. NASDAQ requires =
brokers=20
>> to have their clocks synchronized within 3 seconds of UTC(NIST). =
9-1-1=20
>> centers are required to have their clocks synchronized within 0.5 =
seconds=20
>> of UTC. Kerberos/Active Directory requires clocks to be synchronized=20=
>> within 5 minutes of each other.
>>=20
>> If your log files have a resolution of 1 second, you probably won't =
see=20
>> much benefit of sub-second clock precision or accuracy. If you are=20=
>> conducting distributed measurements with sub-microsecond resolution, =
you
>> probably will want something more.
>>=20
>>=20
>>=20
> =3D
James R. Cutler
james.cutler@consultant.com
