[ntp:questions] Advice on a private stratum 2 pool

Dan Geist dan at polter.net
Tue Jul 2 13:17:32 UTC 2019

Hi, Youssef. First, it all depends a lot on how you want your timing architecture to behave. Do you want the vast majority of your clients to be accurate with respect to EACH OTHER or do you want each and every individual client to be as accurate as possible (i.e. if a small number of client devices skew a little vs. the reference source, does that matter as long as they still match each other?)

The peer directive works like the server, but in both directions, so it's helpful for situations where you have a free-run with multiple devices, but not really otherwise.

The DNS round-robin is a good way to go on the end clients. Be careful if you add more service nodes and also if you use IPv6. The limitations of the DNS response message size may limit the number of devices in the pool.

There is nothing wrong with configuring the same offsite S1 clocks as your reference, but know that if your stratum2 devices are in different geographies, they'll likely lock onto different S1s anyway. You could also have a few S1 sources that are in all your configs, then select an additional one that is different between all of them. That gives you a bit better diversity. if your goal is to have all your infrastructure exactly in sync with itself, then 3rd party S1 sources probably aren't the right way to go (except for backup).

If you can afford it, consider adding at least one on-network GNSS or terrestrial radio source for reference time. You can protect/abstract it by having only your S2 devices point to it. It's good to have piece of mind if there are issues traversing partner networks or upstream providers.

Finally, capture metrics! They are invaluable, and things like traffic counts, and especially the ones from ntpd such as jitter, offset from referenced source, etc. lets you know if your infrastructure is performing as you expect. For linux-based servers, the combination of the "telegraf" agent on each node and "influxdb" and "grafana" for data storage and graphing/alerting is what I've used with good success.


----- On Jul 1, 2019, at 6:12 AM, Youssef Ghorbal youssef.ghorbal at gmail.com wrote:

> Hello,
> I'm seeking advice on what would be the best configuration to build a
> private/internal stratum 2 pool. The idea is to provide internal
> hosts/servers (~5000) with an NTP pool to sync to.
> I'm not seeking very high precision/accuracy, I'm just hoping to
> provide reliable and uniform time reference.
> I've settled on running 4 ntpd on 4 different servers (the "4" comes
> from NTP FAQ regarding the minimum number of hosts) I've also selected
> 4 stratum 1 available and public servers in my area.
> I'm currently reviewing NTP FAQ regarding what would be the best
> architecture but I've no clue :
> - Option 1 : each one of the ntpd is configured to sync to one and
> only one upstream stratum 1 server. In this option my stratum 2 hosts
> are not aware of each other. On the client side I configure a pool
> pointing to a DNS Round Robin enslaving my 4 NTP servers.
> => This works OK but it does not seem to be the one described in this
> NTP architecture http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm where
> stratum n-1 are peered together
> - Option 2 : Starting from Option 1, I add on each stratum 2 server a
> peer directive pointing to the 3 others. After some time, an NTP
> hierarchy is created stratum 3 and sometimes 4 gets created. For
> exemple ntp03 becomes a stratum 3 poiting to ntp01 which is pointing
> to an upstream stratum 1. ntp03 totally ignores it's configured
> stratum 1 (for many valid reasons I guess)
> => On the client side too, the one ntp the peer "elected" as the best
> is also the one chosed by the client. This Option seems to be more
> aligned with previsously referenced architecture but I can't tell why
> I don't like it (maybe that I'm expecting  that my pool would be
> stratum uniform)
> Do you think that I should be using the same 4 upstream NTP stratum 1
> servers on all my stratum 2 servers? My failure scenario is if one of
> those upstream is faulty, my pool detect it and everything continues
> to work (and if my Internet connection is dead, I have more bigger
> problems than NTP going out of sync)
> How would you do it ? Do you have any pointers to reference NTP architectures ?
> Thank you for your help
> Youssef Ghorbal
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions

Dan Geist dan(@)polter.net

More information about the questions mailing list