[168910] in North American Network Operators' Group
Re: Need trusted NTP Sources
daemon@ATHENA.MIT.EDU (Saku Ytti)
Thu Feb 6 11:34:35 2014
Date: Thu, 6 Feb 2014 18:34:13 +0200
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <66F884EE-08C3-4758-8160-AFEB37DA371C@deman.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On (2014-02-06 07:24 -0800), Michael DeMan wrote:
> A) Run a local set of NTP servers - these are your 'trusted' servers, under your control, properly managed/secured, fully meshed, etc.
I'm not sure if full-mesh is best practice, the external clients should have
full view of as close to source data as possible.
If in full-mesh you're already masking the data with inaccuracy, giving the
clients less information to make decision?
We used to have full-mesh in our meinbergs, until from their recommendation we
removed it completely. It makes sense to me, but I don't understand the issue
deeply.
--
++ytti
