[ntp:questions] peer command and clusters

E-Mail Sent to this address will be added to the BlackLists Null at BlackList.Anitech-Systems.invalid
Tue Mar 29 21:01:17 UTC 2011


Florin Andrei wrote:
> Let's assume I upgrade to a newer version that accepts
>  the "source" keyword.  Then how about this config?
>
> Is there are risk of too many internal servers picking
>  other internal servers to sync their time - and not
>  enough servers using external sources?
> Should I skew the selection using "prefer" with the
>  external servers?
>
> Ideally, I'd like most of my NTP servers to use the
>  public pool most of the time.
>   The peers are there "just in case".
>  But if some of my servers sync up preferentially
>   to some other internal servers, that's fine.
>
> server 0.us.pool.ntp.org
> server 1.us.pool.ntp.org
> server 2.us.pool.ntp.org
> server 3.us.pool.ntp.org

pool us.pool.ntp.org iburst preempt prefer  # current NTP will spin up as many as it needs (up to maxclock).


> peer ntp1 iburst
  peer ntp2 iburst # NTP tosses loops by itself, not necessary to comment out your own name
> peer ntp3 iburst
> peer ntp4 iburst
> peer ntp5 iburst
> peer ntp6 iburst
>
> driftfile /var/lib/ntp/drift
>
> restrict source nomodify notrap noquery

restrict source nomodify notrap  # noquery seems unnecessary on that line?


> restrict XXX.YYY.ZZZ.0 mask 255.255.255.0 nomodify notrap # allow NTP clients to query this server

As long as _all_ your peers and clients are within XXX.YYY.ZZZ. IP space?


> restrict 127.0.0.0 mask 255.0.0.0 # allow local queries
> restrict default ignore # disallow everybody else

# Perhaps
tos cohort 1              # allows sync to server at the same stratum
tos minclock 5 minsane 4  # only for your servers / peers

# manycast can be used to allow your clients to automatically discover your servers, e.g.
keys "/etc/ntp.keys"      # e.g. contains: 123 M YOUR_MD5_KEY
trustedkey 123
manycastclient 224.0.1.1 key 123 preempt prefer
manycastserver 224.0.1.1  # only for your servers


-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.




More information about the questions mailing list