Home page logo
/

nanog logo nanog mailing list archives

Re: Need trusted NTP Sources
From: Brett Frankenberger <rbf+nanog () panix com>
Date: Sun, 9 Feb 2014 15:36:25 -0600

On Sun, Feb 09, 2014 at 03:45:19PM -0500, Jay Ashworth wrote:
----- Original Message -----
From: "Saku Ytti" <saku () ytti fi>

That's only true if the two devices have common failure modes,
though, is it not?

No, we can assume arbitrary fault which causes NTP to output bad time. With
two NTP servers it's more likely that any one of them will start doing
that than with one alone. And if any of the two start doing it, you don't
know which one.

Hey, waitaminnit!  I saw you palm that card.  :-)

If I'm locked to 2 coherent upstreams and one goes insane, I'm going to
know which one it is, because the other one will still match what I already
have running, no?

If it suddenly goes insane as a step function?  Sure.  But if the one
you've selected for synchronization starts drifting off true time very
slowly, it will take your clock with it, and then ultimately the other
one (that is actually the good clock) will appear to be insane clock.

     -- Brett


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault