mailing list archives
Re: Need trusted NTP Sources
From: James R Cutler <james.cutler () consultant com>
Date: Sun, 9 Feb 2014 19:42:31 -0500
On Feb 9, 2014, at 3:50 PM, Larry Sheldon <LarrySheldon () cox net> wrote:
On 2/9/2014 2:45 PM, Jay Ashworth wrote:
Or do I understand NTP less well than I think?
I am of the private opinion that if your name is not "David Mill" (and MAYBE if it IS) the answer is either "42" or
Intersection and clustering algorithms pick best true chimers and discard false tickers.
You should look at this presentation and see why Larry Sheldon’s private opinion is spot on.
I won’t begin to try explaining in technical detail how this works. The bottom line is that, within a peer group of
NTP servers looking at a reasonably large set of NTP source servers, all kinds of variations in input data are reduced
to a coherent local time truth.
My template for NTP service deployment for any organization is very simple:
1. Select four or more local systems and configure them as peer NTP servers. In many instances one can leverage local
DNS server machines running almost any OS — the NTP daemon runs on at least Windows, OS X, UNIX, Linux. Don’t forget
appropriate restrict commands.
2. Configure ntpd on the local servers to also select as servers a list of 8-10 open access servers like pool.ntp.org,
usno.navy.mil, nist-????-ustiming.org. If you can arrange authenticated access to other servers, that is possibly
3. As desired, configure ntpd on selected local servers for local clocks or GPS clocks. This has little effect on
accuracy, but may enhance reliability. In many cases, it also requires building penetrations for antennas. (Not easy
for network guys.)
4. Configure all local time consumers to select from the list of local NTP servers. Authenticate or not as you see
fit. You can even use DHCP to inform end systems of NTP server addresses. The router folks will have to include NTP
server addresses as part of each configuration package.
Over the years I have successfully applied this template for NTP service deployments to several large networks. It just
Description: Message signed with OpenPGP using GPGMail
Re: Need trusted NTP Sources Larry Sheldon (Feb 07)
Re: Need trusted NTP Sources Larry Sheldon (Feb 09)
- Re: Need trusted NTP Sources James R Cutler (Feb 10)
- Message not available
- Message not available