[ntp:questions] multiple instances of NTP on different interfaces

Rob nomail at example.com
Wed Mar 6 08:47:23 UTC 2013


unruh <unruh at invalid.ca> wrote:
> On 2013-03-05, Rob <nomail at example.com> wrote:
>> unruh <unruh at invalid.ca> wrote:
>>> On 2013-03-05, Rob <nomail at example.com> wrote:
>>>> David Woolley <david at ex.djwhome.demon.invalid> wrote:
>>>>> Abu Abdullah wrote:
>>>>>
>>>>>> 
>>>>>> Does this mean ntpd is not supposed to be run in parallel? Is there any
>>>>>
>>>>> It is not seen as something anyone would want to do.
>>>>
>>>> I could understand why someone would want to run one instance that
>>>> controls the clock, and another instance that only serves time to
>>>> clients on the (inter)net and cannot control the clock.
>>>
>>> You could? I cannot. ntpd both controls the clock and serves time. Why
>>> would you want to split those?
>>
>> Because the users of the clock service may be able to disturb that
>> service, e.g. by overloading it, by making it crash sending it invalid
>> requests, etc.  Some people may consider the service to keep their own
>> clock correct to be more important than the service to tell time to
>> others.
>>
>> Seeing the reply that the OP posted in the meantime, I was not too far
>> off.  He wants a separation between the internal use of NTP to sync
>> the local and other important systems, from the service to give time
>> to others.
>>
>> I think it is a reasonable wish.  Certainly not something that nobody
>> would want to do.
>
> Well, I would just put the outside service onto some inconsequential
> machine at a higher stratum and have it read time from an inside server. 
> If you are worried about someone crashing it, you do not want it to be
> on the same machine, since that crash is liable not to crash ntpd but
> the whole machine anyway. 
>
> Ie do not run them on the same machine if that is your worry.

He has only one machine.
Running separate processes on a single machine, where you can set different
resource limits for the processes, is better than doing everything in
a single process.

Maybe best for him is to use virtualization and run all the public services
in the virtual machine.  Hacking a virtual machine is another step beyond
disturbing an ntp process.



More information about the questions mailing list