[ntp:questions] Quality vs. Quantity

Jochen Bern Jochen.Bern at LINworks.de
Mon Mar 24 17:27:48 UTC 2014


On 23.03.2014 03:24, questions-request at lists.ntp.org digested:
> From: Daniel Quick <daniel.quick at gmail.com>
> 
> Do we want a Netspeed setting that assists with taking the load off
> some of the more heavily, higher-speed servers? or do we want to keep
> a setting where we serve fewer clients with the highest resolution of
> time given specific setup and let the client queries grow from there?
> I suppose this also takes into the smart dns load-balancing that goes
> on in the background.

IMHO the answer to that question changes *a lot* for different kinds of
clients.

To take one extreme example, if we're talking about appliances which can
possibly run for years without a reboot and decades without getting
updates installed (but still shall be supported indefinitely), the
appropriate precaution would IMHO be to avail yourself of a good-sized
chunk of PI IP addresses and have the clients distributed over them
DNS-round-robin-style right from day one. The option of having all those
different addresses NATed (*) to a farm of servers whose numbers adapt
to the actual load follows trivially.

If those same appliances are manufactured in numbers you can control,
and will mostly or forcibly-all receive and install updates you publish,
on the other hand, you can plan for and maintain hardware- and/or
firmware-generation-specific sub-platforms on the server side. Note that
that also allows you to cleanly transition clients between incompatible
server versions - made-up example, switch data *signing* cryptalgorithms
- if and when required.

Off the other end of the spectrum, dealing with very few software-based
senior-sysadmin-shepherded clients that have very high quality
requirements IMHO strongly suggests that you want to invest the extra
work to set them up with cryptographic authentication and individual
key(pair)s, thus making a "who the $#§ set up the FQDN
'pool.evil-ntp-underground.ddos.me' to point to our server!?" scenario a
lot less probable.

Then there's possibilities like regional anycasts, running a *pool* of
only your own sites, whether you have to deal with
restrictive/static/non-DNS-aware client-side firewall configurations (or
can have your appliances run a P2P NTP network to take load off your
actual *own* servers >;-> ), ...

Regards,
								J. Bern

(*) Or, if you're afraid that the initialization of NAT with the first
    client -> server packet may introduce a net asymmetric delay, set
    up each server with umpteen public IPs.
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel


More information about the questions mailing list