[ntp:questions] ntp architecture
Riccardo Castellani
ric.castellani at alice.it
Fri May 24 05:42:34 UTC 2013
What do you think for my architecture about this configuration in my ntp.conf
for all 3 servers:
server 127.127.1.0
fudge 127.127.1.0
restrict 127.127.1.0
mask 255.255.255.255
NTP technicians people says:
Never put those lines in
any ntp config outside of some test environment in a lab.
(unfortunately many
manufacturers put those lines in example configs)
on 21/05/2013 14:31,
Riccardo Castellani wrote:
> n.4 srv Internet--> server A
>
> server A -->
server B
> server
> A --> server C
>
> A is my internal source
> B,C are
cluster machine so hardware
> is reliable but I don't want to present these
servers directly on pubblic network
>>My comments:
>>1) two servers is maybe
the worst situation; use one, or three, or four if f possible, but not two.
>>
See http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO
I'll create 3rd
server as D, server A -> D
>> 2) both servers pointing to A: A is a single
point of failure. If A dies, B and C will both be left to their own devices.
>>
I had a similar problem -- I needed to feed clients in a private network that
were not NAT'ed to the public network, and did as follows.
True ! You are
right but I'm not interesting if for a day, server A failures and clients will
be left to their devices.
>> I have four servers on the public network, Pu1..
Pu4; each of those server uses four different public sources,
>> and no public
source is shared between two different servers (so they are 16 in total).
>> I
have four servers on the private network, Pr1..Pr4. Each one of them uses Pu1..
Pu4 as sources,
>> but PrX marks PuX as preferred. This way, in >> normal
conditions they all follow a separate source (in a sense, PrX is a "repeater"
of PuX in the private network).
>> If a public servers fails, say Pu1, then Pr1
will follow the one among Pu2..Pu4 it thinks it's the best.
>> The service on
both public and private will be a bit degraded, but the resulting configuration
will still be good enough to give us time to fix problems safely.
Good
solution !
Did you use for your 4 servers on the public network and for your 4
server on the private network the following lines:
server 127.127.1.0
fudge
127.127.1.0
restrict 127.127.1.0 mask 255.255.255.255
>> HTH
>> Ciao
>> --
bronto
More information about the questions
mailing list