[ntp:questions] Peering and synching over multiple interfaces and subnets.

Danny Mayer mayer at ntp.isc.org
Sun Jul 1 03:25:00 UTC 2007


ulf.norberg at banverket.se wrote:
> Thanks Danny for your comprehensive explanation.
> 
>> I'm not sure where you think you are getting redundancy since the
>> redundancy comes from picking a sufficient number of servers to
>> provide time service to the SCADA systems. You can skip the
>> routers. They don't need to be involved here.
> 
> Just to be clear. The redundancy I mention is not really for the NTP.
> The multiple subnets and interfaces are there to ensure the
> funtionality of the SCADA-system in case of any communication
> faliure. The problem for me then, is that our supplier of the SCADA
> system also wants NTP to use the communication redundancy which
> result in multiple entries per peering neighbours or upstream servers
> in the ntp.conf file. That's why I ask about the risk of sync loops
> or other strange behavior.
> 

Just to be clear, NTP takes advantage of redundancy on in the sense of
any application using UDP. The only affect on NTP is there will likely
be a different delay to get NTP packets back. That's the only real
effect that network topology has on NTP.

> I can't skip the routers because they are a part of the NTP solution.

Not really. If you choose to use the routers to provide a source of NTP
packets, that's fine but it's just a convenience and you are not taking
any advantage of communication redundancy.

> Because of all of the different subnets in this SCADA network (not
> just around these servers) it is not possible to have the Stratum-1
> servers reachable on each subnet. The security guys won't allow it.

Why not? Don't they have enough work to do? There's no security reasn
for this.

> Therefore we are using the management subnet for the routers to
> distribute NTP time to all routers in the network and they can then
> provide NTP for all the subnets they handle respectively.
> 

Then you may as well set up the routers as broadcast/multicast NTP servers.

> Work is in progress to raise all our access routers to Stratum-2 and
> to solve NTP redundancy for clients in need of more than 1 NTP
> source. 

You seem to misunderstand. Each system needs to have multiple servers -
3 or more.  Anything less isn't useful. It's also useful to have those
servers get their own servers from multiple different sources. If it's
only getting from a single source it is not sufficient unless you don't
care about accuracy.

> It would be alot easier if the NTP protocol was VRF-aware.
> Something to work on for version 4.3 ;-)
> 

I have no idea what you mean by VRF.

Danny
> Best regards Uffe



More information about the questions mailing list