[ntp:questions] NTP and NAT

Steve Kostecke kostecke at ntp.org
Thu Nov 8 16:17:31 UTC 2007


On 2007-11-08, Svein Skogen <svein at d80.iso100.no> wrote:

> Daniel Guerrero wrote:
>
>> I'm a newbie on NTP, and i would like to know if there is any problem
>> in configuring more than one machine with the same NTP server on
>> a LAN that connects to the internet through a NAT (with the same
>> outgoing IP for everyone).
>
> To start with the one that isn't: A lot of the public servers (those in
> the pool) have several kinds of rate limiting to reduce the chances of
> DoS (Denial of Service/Destroy our Sanity) attacks. Many of these can be
> translated to human as "for unknown IP's, allow only 1 sync session per
> given time period".

Which is why using a "local master" ntpd makes sense. As an alternative
make sure that your ntpds are all polling different remote time servers.

> The second thing, is that ntp through NAT would get a variable latency
> point (since NAT speed of most routers vary with router traffic load).

Although the point about variable latency may be technically true, in
practice your router is unlikely to add significantly to the network
latency between you and your chosen remote time servers. There is a
point of diminishing returns ...

If latency is an issue you really ought to have your own local
ref-clock.

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/




More information about the questions mailing list