[ntp:questions] Advice on a private stratum 2 pool
youssef.ghorbal at gmail.com
Fri Jul 5 15:55:45 UTC 2019
On Thu, Jul 4, 2019 at 4:51 PM Jason Rabel <jasonrabel99 at gmail.com> wrote:
> You never mentioned what your "clients" are going to be using? Are
> they running NTP too and will be able to choose multiple sources, or
> are they basically SNTP clients requesting time from only one server?
Mostly servers/hosts running NTP or Chrony services.
But also network devices (switchs routers) that probably will use some
sort of and SNTP client
> As someone else said, using 'peer' really isn't useful or necessary
> *unless* your connection is flaky and expect the S2 servers will need
> to free-run, or you are trying to keep consistent time across multiple
> locations. Also the server(s) will only drop to S3 *if* the S1 sources
> become a worse source of time. 'Peer' doesn't take priority over
> 'Server', it all depends on who has the time with the least amount of
I see clearly now the intended behaviour with the peer directive.
> > Do you think that I should be using the same 4 upstream NTP stratum 1
> > servers on all my stratum 2 servers? My failure scenario is if one of
> > those upstream is faulty, my pool detect it and everything continues
> > to work (and if my Internet connection is dead, I have more bigger
> > problems than NTP going out of sync)
> No! You want diversity for each of your servers! Even though you are
> using multiple upstream servers, it is still best to "spread out the
> risk"... Technically 3 servers would be the bare minimum (which
> provides no redundancy), however generally you want no less than 4 and
> no more than 7 servers. I personally try to stay towards the upper end
> if at all possible (but I do not choose all stratum 1's).
I've gone with Dan's suggestion 2 S1 common to all S2 and have every
S2 have 2 more different S1s
> The general rule is for 2n+1 to protect against "n" falsetickers. So
> with 4 upstream servers, you are really only protected against 1 bad
> server. However, with 5 upstream, then you are protected against 2
> falsetickers, and so on...
> Do not feel like you *must* choose all S1 servers for your primary NTP
> servers. S2, and even a S3 is okay to have in your mix *if* they all
> reasonably agree on the time. The only caveat is you wouldn't want a
> S2 server to be using the same S1 server as you already have in your
> Finally, if you haven't already checked, 'time.apple.com' has been a
> good time source (for my servers at least). On the other hand
> 'time.cloudflare.com' was showing a constant 2ms offset from the rest
> of the group.
I'll take a look. time.apple.com is already used by Apple devices anyway.
More information about the questions