[ntp:questions] peer command and clusters

Steve Kostecke kostecke at ntp.org
Mon Mar 28 19:53:17 UTC 2011


On 2011-03-25, Florin Andrei <florin at andrei.myip.org> wrote:

> Two groups of machines in two datacenters, VPN line in between.

A VPN will introduce jitter into any associations between your two data
centers. An unencrypted UDP connection would be better.

> Two NTP servers in each datacenter, sync'ing to public servers. Local
> networks are gig ethernet.

GigE introduces some packet queueing issues ... but that's not relevant to
this article.

> Sometimes there seem to be issues with the public servers, so I figured 
> I may as well use the "peer" command to at least keep the local servers 
> as close to each other as possible, since I've a few clusters where it's 
> more important that all members agree on the same time base, even when 
> that base might not be very accurate.
>
> So I came up with this configuration for the local NTP servers. Please 
> criticize it.

Assuming that your LAN time servers are behind a firewall (or NAT) and
the NTP port is not forwarded I'd rewrite your configuration as:

********************************************************************

driftfile /var/lib/ntp/drift

# Default restrictions
restrict default nomodify notrap noquery
restrict 127.0.0.0

# Authorized clients
restrict XXX.YYY.ZZZ.0 mask 255.255.255.0 nomodify notrap

# Internal peers. ntpd will ignore itsself
peer ntp1
peer ntp2
peer ntp3
peer ntp4

# Remote time servers
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

********************************************************************

You may also wish to consider the use of Orphan Mode (or, depending on
the version of NTP you're using, the Undisciplined Local Clock) to
provision a "local master" in the event you lose your external network
connections.

-- 
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/




More information about the questions mailing list