[168940] in North American Network Operators' Group
RE: Need trusted NTP Sources
daemon@ATHENA.MIT.EDU (Frank Bulk)
Thu Feb 6 21:58:27 2014
From: "Frank Bulk" <frnkblk@iname.com>
To: "'Saku Ytti'" <saku@ytti.fi>,
<nanog@nanog.org>
In-Reply-To: <20140206163413.GA21496@pob.ytti.fi>
Date: Thu, 6 Feb 2014 20:57:21 -0600
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This doesn't address the full-mesh part, but this discussion suggests at
least four servers, but better to have five.
http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers#Section_5
.3.3.
Frank
-----Original Message-----
From: Saku Ytti [mailto:saku@ytti.fi]
Sent: Thursday, February 06, 2014 10:34 AM
To: nanog@nanog.org
Subject: Re: Need trusted NTP Sources
On (2014-02-06 07:24 -0800), Michael DeMan wrote:
> A) Run a local set of NTP servers - these are your 'trusted' servers,
under your control, properly managed/secured, fully meshed, etc.
I'm not sure if full-mesh is best practice, the external clients should have
full view of as close to source data as possible.
If in full-mesh you're already masking the data with inaccuracy, giving the
clients less information to make decision?
We used to have full-mesh in our meinbergs, until from their recommendation
we
removed it completely. It makes sense to me, but I don't understand the
issue
deeply.
--
++ytti
