[ntp:questions] Re: Sufficient # servers to sync to
brad at stop.mail-abuse.org
Wed Mar 23 07:46:30 UTC 2005
At 1:59 AM +0000 2005-03-23, John Sasso wrote:
> Am I correct in my interpretation of your posts that it is sufficient for an
> NTP client (not a peering server, but purely an NTP client that nobody syncs
> with and that does not peer with anyone), having it sync off of a minimum of
> 3 NTP servers is sufficient?
If they are all correctly operating, three servers will work.
> This way, if 1 out of the 3 was a falseticker,
> the 2 truechimers would essentially "override" (i.e. prove out-of-sync) the
No. Despite all of his claims to the contrary, that is not how
the algorithms work. If you want protection from one falseticker,
you need at least four upstream time sources defined. If you want
protection from "n" falestickers (where n>1), you need at least 2n+1
upstream time sources defined.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the questions