[ntp:questions] Re: NTP sync on a standalone network (Windows 2k)
mayer at ntp.isc.org
Sun Aug 20 02:16:22 UTC 2006
Alexandre Carrausse wrote:
> I have used the tool NTPmonitor V18.104.22.168 - from David Taylor and I can
> confirm that everything is synchronised, so at least my main goal is
> If you think there is more I could do (within my constraints), I am open to
Meinberg also has a pretty good tool for monitoring and can look at
>>> But providing the fact that the remote clients will sync with the main
>>> time server at the central site, over a 64 kbps network, is it reliable?
>> It's your net network! You should be in a far better position than I to
>> say if it's reliable or not. You also need to specify what degree of
>> reliability you need. If you cannot afford the failure of a network, you
>> need redundant network connections
> Let me ask the question in a different way : is the NTP protocol running
> without any problem over a 64 kbps, or is there any configuration to think
> about, that would tell the remote "hold on mate, don't be too impatient
> because I am sending my packets over a 64 kbps line". I have seen somewhere
> that it could be necessary to implement the huff'n'puff option. Is it true?
It should. NTP was originally designed in the days when networks were
not only unreliable but also over slow, by today's standards, networks.
You also have a closed environment so the worst you will likely get is a
switch outage or similar.
> In fact my application which is based on clusters of servers, is running
> over DCE Encina (IBM). In order to run, the servers must be very well
> synchronised between them, and the time difference must never exceed 180 s.
> If the time diff exceeds the threshold, everything will crash and will be
> I agree that my solution is not acurate, but it is quite stable (based on
> the spec above), and for the reliability, I may have not to rely only on
> one time server, but several...
Yes, DCE needs time accuracy, but only relative to the other nodes so I
don't think that's a real concern.
> OK. So it means that if someone change the time on the main server (+/-1000s
> ie approx 20 mins) the NTP daemon will stop to provide time, and all the
> machine on the network will start to drift appart?... until someone realise
> that the NTPDaemon is not started.
If someone does that on the main server then the leaf nodes are likely
to decide that it's crazy and not take time from it. Be warned however
that if it's really acting as a domain controller, those nodes will be
unable to verify things like passwords. As usual a domain controller
needs to be secured against unauthorized access and in a secure
environment like yours should be standard procedure.
Because of your environment I wouldn't bother with all of these schemes
to synchronize one system to the outside world. Just go with the scheme
you already have in place, though do consider upgrading your ntpd
software if you can.
More information about the questions