[ntp:questions] Re: synch clock using SNTP on embedded system
brad.knowles at skynet.be
Thu Oct 16 02:22:46 UTC 2003
At 11:42 PM +0000 2003/10/15, Kenneth Porter wrote:
> Another idea: (I don't know what downsides there are to this. NTP gurus?)
> If the above ideas fail, as a last resort, traceroute to a well-known
> public server and look for NTP service on each router along the way,
> using that of the closest router.
Bad idea. From
Some routers run ntpd and can be used to distribute time to the
subnets that connect to them.
However, keep in mind that routers are primarily designed to route
packets in one interface and out another, and they usually have lots
of custom silicon chips to help them perform this role very well and
very quickly. They are not typically well-suited to the role of
providing general-purpose services.
In many cases, these kinds of functions are handed off to an internal
shared CPU which is asked to perform all sorts of less common tasks
on the router, and doing excessive amounts of work with NTP may cause
it to be less able to do "real work" as a router, or may cause it to
perform poorly as an NTP server.
If you wish to configure your routers as an NTP client, we suggest
that you use information on this subject from the vendor, or from
documentation written specifically for that vendor. In the case of
cisco routers, you can see the O'Reilly books Hardening Cisco Routers
by Thomas Akin or Cisco Cookbook by Kevin Dooley and Ian J. Brown.
Both have chapters on NTP, but the former has a chapter on NTP that
is available online at
> It's also not uncommon to run NTP on
> DNS servers, so you could look for it on your configured DNS server.
Basically, you should *NOT*, UNDER ANY CIRCUMSTANCES WHATSOEVER,
configure your machine or your clients to use an NTP server that you
do not control yourself, or that you have not explicitly confirmed
that it is okay for you to use them in the way you are planning.
Advertising a machine in pool.ntp.org is generally taken to be an
indication that the machine is open for public use, but if you will
be configuring this address in clients that will be sold to the
public, you should contact the pool.ntp.org coordinator and confirm
that your plans are within acceptable limits.
The machines listed at
<http://www.eecis.udel.edu/~mills/ntp/servers.html> are also
generally open to the public, but again you should always get
explicit permission to use them if you are going to be putting them
into use on more than just a small handful of clients.
Otherwise, you risk re-creating yet another UWisc/Netgear
debacle. See <http://www.cs.wisc.edu/~plonka/netgear-sntp/> for more
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the questions