[SATLUG] ntp hosts (was tamu.edu)

Brad Knowles brad at shub-internet.org
Mon Aug 4 13:18:52 CDT 2008


Don Wright wrote:

> Brad--  Based on your experience, would you recommend the multi-system
> ntp pools for most small users? For example, Debian now defaults to this
> in /etc/ntp.conf:
> 
> server 0.debian.pool.ntp.org iburst dynamic
> server 1.debian.pool.ntp.org iburst dynamic
> server 2.debian.pool.ntp.org iburst dynamic
> server 3.debian.pool.ntp.org iburst dynamic 
> 
> This should eliminate the single host failure, but what are the
> drawbacks? Is there a certain network size that needs a local ntp server?

Well, I wrote the page at 
<http://support.ntp.org/Support/SelectingOffsiteNTPServers>, and I tried to 
encode as much of my knowledge on the subject on that page.


However, to summarize, assuming you've got good hardware all around, you've 
configured your OSes correctly, etc... then the one remaining factor that 
you worry about is latency.  And statistical accuracy and precision goes 
down as latency goes up.

So, if you can configure a set of local time servers robustly, with a 
sufficient number of upstream time servers, etc... then the rest of your 
clients are better off using those robust local time servers than trying to 
track all the same sets of external time servers themselves.

See section 5.3.1.2 at 
<http://support.ntp.org/Support/SelectingOffsiteNTPServers#Section_5.3.1.2.>. 
  There are other recommendations on that page to help get you increased 
robustness in your configuration, but proximity is key.


As for number of upstream servers to configure, I like to use at least five 
or seven.  Using only four will only protect you against one "false ticker" 
(i.e., a machine upstream going insane), whereas five will protect you 
against two false tickers.

Seven will protect you against three false tickers.  Nine will protect you 
against four, but for my part I think seven is a better compromise between 
minimizing unnecessary traffic and protecting yourself in case upstream 
machines go insane.


If you want to learn more about how to build a robust NTP server 
infrastructure, I've got a whole article I just wrote which is going to be 
published in the November issue of _;login:_ magazine.

I'd be glad to share a copy with you, but only if you promise not to share 
it with anyone else, at least not without my express approval.  I really 
don't want to tick off the people at USENIX, especially my editor.  I would 
like to write more articles for them in the future, so I want to make sure I 
annoy them by having this article get too widely distributed before November.

-- 
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>


More information about the SATLUG mailing list