[ntp:questions] Re: Sufficient # servers to sync to

Brad Knowles brad at stop.mail-abuse.org
Wed Mar 23 07:46:30 UTC 2005


At 1:59 AM +0000 2005-03-23, John Sasso wrote:

>  Am I correct in my interpretation of your posts that it is sufficient for an
>  NTP client (not a peering server, but purely an NTP client that nobody syncs
>  with and that does not peer with anyone), having it sync off of a minimum of
>  3 NTP servers is sufficient?

	If they are all correctly operating, three servers will work.

>                                This way, if 1 out of the 3 was a falseticker,
>  the 2 truechimers would essentially "override" (i.e. prove out-of-sync) the
>  falseticker.

	No.  Despite all of his claims to the contrary, that is not how 
the algorithms work.  If you want protection from one falseticker, 
you need at least four upstream time sources defined.  If you want 
protection from "n" falestickers (where n>1), you need at least 2n+1 
upstream time sources defined.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.



More information about the questions mailing list