mailing list archives
Re: Need trusted NTP Sources
From: Jimmy Hess <mysidia () gmail com>
Date: Sun, 9 Feb 2014 15:00:29 -0600
On Sun, Feb 9, 2014 at 2:45 PM, Jay Ashworth <jra () baylink com> wrote:
If I'm locked to 2 coherent upstreams and one goes insane, I'm going to
know which one it is, because the other one will still match what I already
have running, no?
The question should be how assured is the reliability of the clocks of the
2 upstream servers. I think I am pretty happy with the concept of
having two local centralized NTP servers, used by various servers in an
environment ---- some SNTP some NTP, each of the local centralized NTP
servers using 5 external time sources.
These external time sources need to be periodically checked, to ensure the
central NTP servers continue to synchronize with them, and that they
continue to be accurate.
So the pair of NTP servers is not redundant in the sense that the time is
allowed to be wrong, but they are resilient in the sense of being
configured, so their own clock should always be correct, unless there
is a once in 100 years failure scenario.
Each of the local servers, then has two NTP peers as time source, and the
local clock discipline, except for virtual machines: which should use
just the two NTP servers.
A local pair of NTP servers are not "redundant" in the sense of being able
to survive a catastrophic software bug in NTP; the local time sources
should be redundant to survive the more highly frequent condition of
temporary total failure of a local NTP server.
Or do I understand NTP less well than I think?
Re: Need trusted NTP Sources Chris Keladis (Feb 06)
Re: Need trusted NTP Sources Alexander Maassen (Feb 06)