[ntp:questions] Re: A theoretical question

Roy roy at suespammers.org
Mon Nov 10 03:50:04 UTC 2003


Denis Zaitsev wrote in message news:<87znf9kzf5.fsf at natasha.ward.six>...
> There is a small LAN with one Linux machine has a dialup access to the
> internet.  And this machine is also a NTP server for the LAN.  It uses
> the LOCAL (127.127.1.0) clock.  I want to synchronize this machine
> with an external NTP servers thru the PPP sessions.
> 
> a) I do this that way: when the PPP link is up, I run ntpdc and
> unconfig 127.127.1.0 and config some quantity of the external servers.
> When PPP link is down, I do the reverse work.  And it seems that this
> method works.

Like you say, this method works -- in a brute force fashion.  Every
time the link is brought up, the synchronization dance starts from the
beginning.


> b) There is another way: to config the external servers once and do
> not do any swaps.  The NTP server lives happily without the LOCAL
> clock, and just complains sometimes when PPP is off about an
> unreachability of the external servers.  When PPP is on my NTP server
> reestablishes the connections and resets the time, if it is a need.
> And again, it seems that it works.

Without a LOCAL clock driver, your NTP server should decide to stop
serving your local LAN time requests when the external servers are
unreachable.  Not quite the results I thought you wanted.

 
> c) And there is the third way: (b) plus LOCAL clock at low priority,
> to be used at the absence of an access to the "real" servers.

This allows your NTP server to continue providing time to your LAN
network, even when the link is down.

 
> So, my question is: what are the weakness of each of these methods?
> They all seem to work, but I have a paranoid feeling, thet they give
> the different results...
> 
> Thanks in advance.

I personally choose a fourth option.  It is option C except my NTP
server is a different system than the firewall / router where my LAN
connects to the internet.  This provides an additional protective
layer between the NTP server and the internet.  It also isolates the
NTP server from IP address changes.

Have a great time,
 

roy
--
The suespammers.org mail server is located in California.  Please do
not send unsolicited bulk e-mail or unsolicited commercial e-mail to
my suespammers.org address or any of my other addresses.  These are my
opinions, not necessarily my employer's.



More information about the questions mailing list