[ntp:questions] peer command and clusters

Steve Kostecke kostecke at ntp.org
Mon Mar 28 19:53:17 UTC 2011

On 2011-03-25, Florin Andrei <florin at andrei.myip.org> wrote:

> Two groups of machines in two datacenters, VPN line in between.

A VPN will introduce jitter into any associations between your two data
centers. An unencrypted UDP connection would be better.

> Two NTP servers in each datacenter, sync'ing to public servers. Local
> networks are gig ethernet.

GigE introduces some packet queueing issues ... but that's not relevant to
this article.

> Sometimes there seem to be issues with the public servers, so I figured 
> I may as well use the "peer" command to at least keep the local servers 
> as close to each other as possible, since I've a few clusters where it's 
> more important that all members agree on the same time base, even when 
> that base might not be very accurate.
> So I came up with this configuration for the local NTP servers. Please 
> criticize it.

Assuming that your LAN time servers are behind a firewall (or NAT) and
the NTP port is not forwarded I'd rewrite your configuration as:


driftfile /var/lib/ntp/drift

# Default restrictions
restrict default nomodify notrap noquery

# Authorized clients
restrict XXX.YYY.ZZZ.0 mask nomodify notrap

# Internal peers. ntpd will ignore itsself
peer ntp1
peer ntp2
peer ntp3
peer ntp4

# Remote time servers
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst


You may also wish to consider the use of Orphan Mode (or, depending on
the version of NTP you're using, the Undisciplined Local Clock) to
provision a "local master" in the event you lose your external network

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list