[ntp:questions] Number of Stratum 1 & Stratum 2 Peers

E-Mail Sent to this address will be added to the BlackLists Null at BlackList.Anitech-Systems.invalid
Wed Dec 3 17:53:13 UTC 2014


Brian Utterback wrote:
> Be careful with this generalization.
>  While it may be "trivial", it isn't "automatic".
>  I deal with customers all the time that have configured
>   exactly two servers on their clients and then are
>   surprised later when all of the clients become
>   unsynchronized and start free drifting.
>  I always recommend against it.
> I still think that it takes four to guarantee a majority
>  but I don't have proof of that.
> Someday I will spend some time to either prove or disprove it,
>  but alas, time is something I don't generally have extra to spend.
> But you are better off with one than two from an operational standpoint.

While not disagreeing;  Several things can be done to minimize
 the two NTP servers don't agree issue.

 If as Rob pointed out they both get GPS PPS,
  and they are peered with each other,
  they won't get far apart except when one has issues.

  In many cases the TOS mindist would already be increased
   from 1ms due to NEMA vs PPS skew from the GPS.

e.g.
# in ntp.conf for ALL Primary Servers
# Start ntpd with -g, the -g will prevent a panic stop if the time needs to be stepped when started
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict ::1
restrict -4 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict 224.0.1.1 mask 255.255.255.255 nomodify
restrict source nomodify
tos cohort 1 orphan 11  mindist 0.4
keys "/etc/ntp.keys" # e.g. contains: 123 M LAN_MD5_KEY , 321 M Corp_MD5_KEY , ...
trustedkey 123 321
broadcastclient
multicastclient 224.0.1.1 key 123 preempt
manycastserver 224.0.1.1
manycastclient 224.0.1.1 key 123 preempt
# Corp LAN S1/S2(s)
peer a.ntp.lan.corp.example.com key 321 iburst preempt minpoll 4 # 16sec
peer b.ntp.lan.corp.example.com key 321 iburst preempt minpoll 4 # 16sec
pool pool.ntp.remote.corp.example.com key 321 iburst preempt minpoll 7 # 2min
pool ntp.isp.example.net iburst preempt minpoll 7 # 2min
pool ntp.osvendor.example.net iburst preempt minpoll 8 # 4min
pool ntp.regional.timebase.org iburst preempt minpoll 8 # 4min
pool pool.ntp.org preempt minpoll 8 # 4min
... GPS Config prefer minpoll 4 maxpoll 4 # 16sec prefer only the GPS


 If the Clients also had an increased TOS mindist set,
  that would increase the clients likelihood of accepting
  both servers (when the servers don't have issues).

 In addition, if manycast orphan is also configured
  on the servers / clients, they will still follow
  each other around, instead of drifting apart
  if the primary NTP servers have issues;
  {which actually makes it more than 2 servers also}.

e.g.
# in ntp.conf for ALL Clients
# Start ntpd with -g, the -g will prevent a panic stop if the time needs to be stepped when started
restrict -6 default limited kod nomodify notrap nopeer noquery
restrict ::1
restrict -4 default limited kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict 224.0.1.1 mask 255.255.255.255 nomodify
restrict source nomodify
tos cohort 1 orphan 11  mindist 0.4
keys "/etc/ntp.keys" # e.g. contains: 123 M LAN_MD5_KEY , 321 M Corp_MD5_KEY , ...
trustedkey 123 321
broadcastclient
multicastclient 224.0.1.1 key 123 preempt
manycastserver 224.0.1.1
manycastclient 224.0.1.1 key 123 preempt
# Corp LAN S1/S2(s)
server a.ntp.lan.corp.example.com key 321 iburst preempt prefer minpoll 6 # 1min
server b.ntp.lan.corp.example.com key 321 iburst preempt prefer minpoll 6 # 1min
pool pool.ntp.lan.corp.example.com key 321 iburst preempt prefer minpoll 6 # 1min
pool pool.ntp.remote.corp.example.com key 321 iburst preempt minpoll 7 # 2min


-- 
E-Mail Sent to this address <BlackList at Anitech-Systems.com>
  will be added to the BlackLists.



More information about the questions mailing list