[189210] in North American Network Operators' Group
Re: NIST NTP servers
daemon@ATHENA.MIT.EDU (Mel Beckman)
Wed May 11 10:27:55 2016
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Andreas Ott <andreas@naund.org>
Date: Wed, 11 May 2016 14:27:47 +0000
In-Reply-To: <20160510154605.W1074@naund.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Andreas,
Most data centers will require a remotely positioned NTP server, which is a=
ctually easier and cheaper than a remotely located active GPS antenna. I ha=
ve placed the $300 commercial NTP servers in an environmental box on the ro=
of, powering t by PoE, without problems.=20
You don't need a redundant network either, nor redundant power. Just plunk =
down two of these gizmos, or as I suggested elsewhere, deploy one or more C=
DMA, GSM, or WWV-based clocks, for as much local infrastructure and signal =
source diversity as you like (I sourced some of these units earlier in the =
thread, all well less than $1K each. You pay more for diversity, but you ge=
t more too.
In response to the several DIYers on this thread: Anyone who thinks they're=
building a raspberry pi-based GPS NTP server for just $150 is kidding them=
selves. They forgot to include their labor, which is worth far more than th=
e $300 for a commercial unit. The same goes for people who complain about e=
ven the minimal $300 price, forgetting that a commercial product has to pay=
for marketing, support, and make a profit.=20
External NTP has two kinds of vulnerabilities: the ones we know, and the on=
es we don't. The ones we know are serious enough the pat the ones we don't =
should be considered with respect. Maybe diversity in Internet sources is a=
cure, maybe it isn't. But diverse RF sources is demonstrably more secure t=
han the Internet. =20
My point stands: secure external RF NTP sources are so plentiful that relyi=
ng on Internet NTP is just plain crazy.=20
-mel beckman
> On May 11, 2016, at 7:12 AM, Andreas Ott <andreas@naund.org> wrote:
>=20
> Hi,
>=20
>> Boss: That sounds expensive. How much are we talking?
>> IT guy: $300
>=20
> Beware!
>=20
> Over the past year we made engineering samples to deploy to datacenters.
> The goal was to use GPS and PPS to discipline ntpd appliances and serve=20
> as stratum 1 to other NTP distribution servers without the $5k price tag
> of commercial NTP 1RU gear. We also deliberately not pursued the path of
> running antenna coax from the roof to a receiver, as that is not an
> option in all the datacenters where we need to deploy.
>=20
> These appliances were built for lesss than $150 as=20
>=20
> (a) Raspberry-Pi with GPS receiver board
>=20
> (b) Garmin 18(x) LVC with DB-9 to an "older whitebox server"
>=20
> In my experience, most locations inside datacenters where you have good
> power and network connectivity have not "good enough" GPS signal receptio=
n
> due to servers emitting lots of RF noise in the range 1-2 GHz on the
> L-band. A brand new suite in the datacenter had OK GPS quality, but
> once we added 20+ racks with 40 servers each, GPS reception was pretty
> much gone. This hardware was an active antenna with less than 6 feet of
> cabling routed to the top of the network cabling rack. Most smartphones
> can run an app to show you the GPS signal on the phone, just walk around
> your datacenter and compare the signal.
>=20
> The only workable solution was to move the GPS clock to a location
> where it had good GPS signal but neither redundant network nor conditione=
d
> power (aka. "on my desk near a south facing window"). It also works prett=
y=20
> well "in my garage".
>=20
> In places where GPS reception is good, you can achieve 10E-06 seconds
> accuracy over time even with cheap hardware. If you chose to run the DB-9
> NMEA0183 and GPS as "serial port passthrough" to a VM on a Hypervisor
> you can still get better than 10E-03 seconds accuracy.
>=20
>=20
> -andreas
> --=20
> Andreas Ott (Time-Nut) K6OTT +1.408.431.8727 andreas@naund.org
