[ntp:questions] project ntp.br

Antonio M. Moreiras antonio at moreiras.eng.br
Thu Oct 4 15:59:22 UTC 2007

Dear Sirs:

NIC.br is working on the project ntp.br, that has the goal of improving 
the quality of time synchronization in (brazilian) Internet hosts and 
networks and of provide legal brazilian time.

Basically we intend to provide stratum 1 and stratum 2 servers, 
synchronized with legal brazilian time (that is kept by the observatorio 
nacional - www.on.br - and is, in last instance, UTC).

We will have 3 of the following structure (at 3 different sites, at 3
different cities: Sao Paulo, Rio de Janeiro, Brasilia):

  Observatorio Nacional (Cesium clock)
                 |(periodically assures the
                 | accuracy with the official
                 | brazilian time - that is
		| in last instance UTC)
       ** Rubidium clock **
         ** Stratum 0 **
      ** Stratum 1 Server **
       Appliance Spectracom ------------------
     or Appliance Symmetrycom                |
		|                           |(Internet)
		|(Internet or LAN)          |
                 #                           #
       ** Stratum 2 Server **            (stratum 2 "clients")
  cluster with 2 Dell blade servers      (autonomous systems)
                 |                       (big networks)
         (stratum 3 "clients")
	(home users, small
	 and medium networks)

The Rubidium clocks and stratum 1 servers will be completely independent
of each others, but each of the six stratum 2 servers will be 
synchronized by the three stratum 1 servers.

The project will start with 2 complete sites (Sao Paulo, Rio de
Janeiro). The third site (Brasilia) will have only the stratum 2
servers, and in the next year the Rubidium clock and the stratum 1
server will be added.

The stratum 2 servers will be open to the Internet, intended to be used
by home users, small and medium networks, to synchronize clients or 
stratum 3 servers..

The stratum 1 servers will have their access restricted, intended to be
used only by the Autonomous Systems and big networks to syncronize their
own stratum 2 servers. We estimate about 600 clients for each stratum 1

We need some help and advise in the following questions:

1 - Is that a good structure or it needs to be improved or corrected?

2 - The Stratum 1 Servers are appliances and do have some limitations at 
access control configuration. How can we provide access limitation by 
other means? We are studying the following possibilities:
   (a) A firewall between the Internet and the Stratum 1 servers, with a 
per client IP configuration.
   (b) A vpn (openvpn).
What would be better? Is there any other alternative?

3 - About cryptography:
   - We don´t fully understand the options and implications yet.
   - It seems to complicate a little the client side configuration.  We 
fear that it will desincourage the potencial users.
   - It seems that the majority of the servers at public pool don´t uses it.
   (a) What are the real risks of not implementing the cryptography?
   (b) What is more recommended: Autokey, or symmetrical keys? Why?
   (c) Is it possible to implement cryptography as an optional feature: 
the server configuration accepts clients with and without cryptography?

4 - We are experiencing some degree of difficulty to fully understand 
Autokey. Is there any documentation with a working configuration example?

5 - At the stratum 2 servers, what is the more advisable OS? FreeBSD? 
OpenBSD? Linux? Windows? We have read something about freebsd being the 
best choice, but without an explanation.

6 - Regarding monitoring, we intend to use basically adapted versions of 
the scripts found at http://www.schlitt.net/scripts/ntp/ and at 
http://saturn.dennishilberg.com/gathering_data.php. But we would also 
like to have some statistics about quality of the clients 
synchronization, specially of the stratum 2 servers at the autonomous 
systems. Maybe get a "ntpq -c pe" for each one from time to time. Any 
advise regarding this?

Sorry for the long post, and thanks in advance.

Antonio M. Moreiras
Project Engineer at Brazilian Network Information Center - NIC.br
moreiras at nic.br

 Posted Via Usenet.com Premium Usenet Newsgroup Services

More information about the questions mailing list