[ntp:questions] Best practices

Mike Edwards mcedwar at gmail.com
Thu Sep 4 08:03:49 UTC 2014

Thank you Chuck,

I will study the docs in depth tomorrow. They are very much on point for what I am looking for. 

With two separate data centers, I am thinking a total of four primaries. Two at each DC, but otherwise similar to the model in your first reference, with no secondaries. 

My primary goal is reliability, and fault tolerance. I don't need to improve accuracy. 

From experimentation, it seems that if all of the primaries loose connectivity to their sources, they will move to stratum 32. I realize that a GPS clock or two would be ideal, but I don't think that is going to happen. 

I think that 4 peered primaries will get us what we need in this case, as each DC has a separate egress to the public network. 

The DCs support remote offices. I am thinking of configuring the Linux hosts with 3 time servers, the two at the closest DC, and one from the other DC. 

Mike Edwards

> On Sep 3, 2014, at 10:56, Charles Swiger <cswiger at mac.com> wrote:
> Hi, Mike--
>> On May 21, 2014, at 1:38 PM, Mike Edwards <mcedwar at gmail.com> wrote:
>> I'm looking for information on best practices to configure ntp for a medium
>> sized network.  I'm looking for something similar to the whitepapers
>> published by Cisco.  Cisco outlines several configurations with a mixture
>> of peer and server definitions for a set of internal ntp servers.
> Something like:
>  http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm
> ...perhaps.  There's older docs about "Notes on Configuring NTP and Setting up a NTP Subnet":
>  http://www.eecis.udel.edu/~mills/ntp/html/notes.html
>> Equally useful might be a document that compares the functionality of the
>> ntp.org implementation, verses the Cisco ios implementation.  Does Cisco
>> use the ntp.org code?
> Generally speaking, routers prioritize moving packets around over servicing
> traffic sent to the router itself.  They tend to make adequate timeservers
> for low NTP query rates but exhibit higher latency than dedicated timeservers.
>> I'd like to see a configuration that would be resilient to public server
>> failures, and connectivity problems to the public network, as well as
>> failures between sites on the internal network.
>> Do any such documents exist?
> The docs above have some general discussion including multiple internal datacenters.
> Having a mix of decent external stratum-1 or -2 servers, local timeservers running
> from GPS, ACTS, or other primary timesource, and redundant local S2/S3s that clients
> can talk are all part of obtaining highly resilient time service.
> Note that you can provide world-wide NTP service comparable with large OS vendors
> (ie, time.apple.com, time.windows.com) with a dozen machines broken up into peer subnets
> of 4 boxes in the three major regions.  Hardware isn't really the constraint--
> it's dealing with bazillions of tiny packets and being able to throttle abusive traffic
> upstream of your connectivity that matters.
> Regards,
> -- 
> -Chuck

More information about the questions mailing list