[ntp:questions] Best practices
mcedwar at gmail.com
Thu Sep 4 08:03:49 UTC 2014
Thank you Chuck,
I will study the docs in depth tomorrow. They are very much on point for what I am looking for.
With two separate data centers, I am thinking a total of four primaries. Two at each DC, but otherwise similar to the model in your first reference, with no secondaries.
My primary goal is reliability, and fault tolerance. I don't need to improve accuracy.
From experimentation, it seems that if all of the primaries loose connectivity to their sources, they will move to stratum 32. I realize that a GPS clock or two would be ideal, but I don't think that is going to happen.
I think that 4 peered primaries will get us what we need in this case, as each DC has a separate egress to the public network.
The DCs support remote offices. I am thinking of configuring the Linux hosts with 3 time servers, the two at the closest DC, and one from the other DC.
> On Sep 3, 2014, at 10:56, Charles Swiger <cswiger at mac.com> wrote:
> Hi, Mike--
>> On May 21, 2014, at 1:38 PM, Mike Edwards <mcedwar at gmail.com> wrote:
>> I'm looking for information on best practices to configure ntp for a medium
>> sized network. I'm looking for something similar to the whitepapers
>> published by Cisco. Cisco outlines several configurations with a mixture
>> of peer and server definitions for a set of internal ntp servers.
> Something like:
> ...perhaps. There's older docs about "Notes on Configuring NTP and Setting up a NTP Subnet":
>> Equally useful might be a document that compares the functionality of the
>> ntp.org implementation, verses the Cisco ios implementation. Does Cisco
>> use the ntp.org code?
> Generally speaking, routers prioritize moving packets around over servicing
> traffic sent to the router itself. They tend to make adequate timeservers
> for low NTP query rates but exhibit higher latency than dedicated timeservers.
>> I'd like to see a configuration that would be resilient to public server
>> failures, and connectivity problems to the public network, as well as
>> failures between sites on the internal network.
>> Do any such documents exist?
> The docs above have some general discussion including multiple internal datacenters.
> Having a mix of decent external stratum-1 or -2 servers, local timeservers running
> from GPS, ACTS, or other primary timesource, and redundant local S2/S3s that clients
> can talk are all part of obtaining highly resilient time service.
> Note that you can provide world-wide NTP service comparable with large OS vendors
> (ie, time.apple.com, time.windows.com) with a dozen machines broken up into peer subnets
> of 4 boxes in the three major regions. Hardware isn't really the constraint--
> it's dealing with bazillions of tiny packets and being able to throttle abusive traffic
> upstream of your connectivity that matters.
More information about the questions