[ntp:questions] NTP and NAT

Terje Mathisen terje.mathisen at hda.hydro.com
Thu Nov 8 12:36:01 UTC 2007

Svein Skogen wrote:
> If you are running a cisco router with reasonably new IOS, the Cisco
> router itself runs a fairly decent ntp implementation.

This seems obvious, unfortunately it has tended to be wrong. (Things 
might have changed recently though?)

> Thus you can set up the router itself to act as an NTPd, set the router
> to sync with your external NTP servers, and add your two internal boxes
> as NTP peers to the Cisco.

Cisco's NTP process have very low priority, so the timestamps it gets 
are quite bad, and the resulting NTP accuracy suffers.
> You will have a higher stratum, but it will probably actually be more
> accurate than running it through the nat. (Since the router doesn't need
> to traverse the NAT rules when communicating with the external NTP
> servers, the NAT latency won't add to it), and it will reduce traffic
> overall.

Except that the NAT rule traversal is _much_ higher priority/faster than 
the loacl NTP timestamp. :-(


- <Terje.Mathisen at hda.hydro.com>
"almost all programming can be viewed as an exercise in caching"

More information about the questions mailing list