[ntp:questions] ntp architecture

Riccardo Castellani ric.castellani at alice.it
Fri May 24 05:42:34 UTC 2013

What do you think for my architecture about this configuration in my ntp.conf 
for all 3 servers:


NTP technicians people says: 

Never put those lines in 
any ntp config outside of some test environment in a lab.
(unfortunately many 
manufacturers put those lines in example configs)

on 21/05/2013 14:31, 
Riccardo Castellani wrote:
> n.4 srv Internet--> server A
> server A --> 
server B
> server
> A --> server C
> A is my internal source
> B,C are 
cluster machine so hardware
> is reliable but I don't want to present these 
servers directly on pubblic network

>>My comments:
>>1) two servers is maybe 
the worst situation; use one, or three, or four if f possible, but not two.
See http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO
I'll create 3rd 
server as D, server A -> D

>> 2) both servers pointing to A: A is a single 
point of failure. If A dies, B and C will both be left to their own devices.
I had a similar problem -- I needed to feed clients in a private network that 
were not NAT'ed to the public network, and did as follows.

True ! You are 
right but I'm not interesting if for a day, server A failures and clients will 
be left to their devices.

>> I have four servers on the public network, Pu1..
Pu4; each of those server uses four different public sources, 
>> and no public 
source is shared between two different servers (so they are 16 in total). 
>> I 
have four servers on the private network, Pr1..Pr4. Each one of them uses Pu1..
Pu4 as sources, 
>> but PrX marks PuX as preferred. This way, in >> normal 
conditions they all follow a separate source (in a sense, PrX is a "repeater" 
of PuX in the private network).
>> If a public servers fails, say Pu1, then Pr1 
will follow the one among Pu2..Pu4 it thinks it's the best. 
>> The service on 
both public and private will be a bit degraded, but the resulting configuration 
will still be good enough to give us time to fix problems safely.

solution !
Did you use for your 4 servers on the public network and for your 4 
server on the private network the following lines:

restrict mask

>> HTH
>> Ciao
>> -- 

More information about the questions mailing list