[ntp:questions] Peering and synching over multiple interfaces and subnets.

Danny Mayer mayer at ntp.isc.org
Sun Jul 1 03:25:00 UTC 2007

ulf.norberg at banverket.se wrote:
> Thanks Danny for your comprehensive explanation.
>> I'm not sure where you think you are getting redundancy since the
>> redundancy comes from picking a sufficient number of servers to
>> provide time service to the SCADA systems. You can skip the
>> routers. They don't need to be involved here.
> Just to be clear. The redundancy I mention is not really for the NTP.
> The multiple subnets and interfaces are there to ensure the
> funtionality of the SCADA-system in case of any communication
> faliure. The problem for me then, is that our supplier of the SCADA
> system also wants NTP to use the communication redundancy which
> result in multiple entries per peering neighbours or upstream servers
> in the ntp.conf file. That's why I ask about the risk of sync loops
> or other strange behavior.

Just to be clear, NTP takes advantage of redundancy on in the sense of
any application using UDP. The only affect on NTP is there will likely
be a different delay to get NTP packets back. That's the only real
effect that network topology has on NTP.

> I can't skip the routers because they are a part of the NTP solution.

Not really. If you choose to use the routers to provide a source of NTP
packets, that's fine but it's just a convenience and you are not taking
any advantage of communication redundancy.

> Because of all of the different subnets in this SCADA network (not
> just around these servers) it is not possible to have the Stratum-1
> servers reachable on each subnet. The security guys won't allow it.

Why not? Don't they have enough work to do? There's no security reasn
for this.

> Therefore we are using the management subnet for the routers to
> distribute NTP time to all routers in the network and they can then
> provide NTP for all the subnets they handle respectively.

Then you may as well set up the routers as broadcast/multicast NTP servers.

> Work is in progress to raise all our access routers to Stratum-2 and
> to solve NTP redundancy for clients in need of more than 1 NTP
> source. 

You seem to misunderstand. Each system needs to have multiple servers -
3 or more.  Anything less isn't useful. It's also useful to have those
servers get their own servers from multiple different sources. If it's
only getting from a single source it is not sufficient unless you don't
care about accuracy.

> It would be alot easier if the NTP protocol was VRF-aware.
> Something to work on for version 4.3 ;-)

I have no idea what you mean by VRF.

> Best regards Uffe

More information about the questions mailing list