[ntp:questions] Peering and synching over multiple interfaces and subnets.
Danny Mayer
mayer at ntp.isc.org
Sun Jul 1 03:25:00 UTC 2007
ulf.norberg at banverket.se wrote:
> Thanks Danny for your comprehensive explanation.
>
>> I'm not sure where you think you are getting redundancy since the
>> redundancy comes from picking a sufficient number of servers to
>> provide time service to the SCADA systems. You can skip the
>> routers. They don't need to be involved here.
>
> Just to be clear. The redundancy I mention is not really for the NTP.
> The multiple subnets and interfaces are there to ensure the
> funtionality of the SCADA-system in case of any communication
> faliure. The problem for me then, is that our supplier of the SCADA
> system also wants NTP to use the communication redundancy which
> result in multiple entries per peering neighbours or upstream servers
> in the ntp.conf file. That's why I ask about the risk of sync loops
> or other strange behavior.
>
Just to be clear, NTP takes advantage of redundancy on in the sense of
any application using UDP. The only affect on NTP is there will likely
be a different delay to get NTP packets back. That's the only real
effect that network topology has on NTP.
> I can't skip the routers because they are a part of the NTP solution.
Not really. If you choose to use the routers to provide a source of NTP
packets, that's fine but it's just a convenience and you are not taking
any advantage of communication redundancy.
> Because of all of the different subnets in this SCADA network (not
> just around these servers) it is not possible to have the Stratum-1
> servers reachable on each subnet. The security guys won't allow it.
Why not? Don't they have enough work to do? There's no security reasn
for this.
> Therefore we are using the management subnet for the routers to
> distribute NTP time to all routers in the network and they can then
> provide NTP for all the subnets they handle respectively.
>
Then you may as well set up the routers as broadcast/multicast NTP servers.
> Work is in progress to raise all our access routers to Stratum-2 and
> to solve NTP redundancy for clients in need of more than 1 NTP
> source.
You seem to misunderstand. Each system needs to have multiple servers -
3 or more. Anything less isn't useful. It's also useful to have those
servers get their own servers from multiple different sources. If it's
only getting from a single source it is not sufficient unless you don't
care about accuracy.
> It would be alot easier if the NTP protocol was VRF-aware.
> Something to work on for version 4.3 ;-)
>
I have no idea what you mean by VRF.
Danny
> Best regards Uffe
More information about the questions
mailing list