Hey guys:
I wanted to open up this question regarding NTP server. I recalled someone had created a posting of this quite awhile back.
From a service provider/ISP standpoint, does anyone think that having a local NTP server is really necessary?
I've asked some of my fellow engineers at work and many of them gives me the same response, "Can't we just use free ones out on the internet?"
1) How necessary do you believe in local NTP servers? Do you really need the logs to be perfectly accurate?
2) If you do have a local NTP server, is it only for local internal use, or do you provide this NTP server to your clients as an added service?
3) If you do have a local NTP server, do you have a standby local NTP server or do you use the internet as your standby server?
Thoughts?
Thanks in advance, and this list is such a valuable wealth of resource....
Brandon
1) How necessary do you believe in local NTP servers? Do you really need th=
e logs to be perfectly accurate?
2) If you do have a local NTP server=2C is it only for local internal use=
=2C or do you provide this NTP server to your clients as an added service?
3) If you do have a local NTP server=2C do you have a standby local NTP ser=
ver or do you use the internet as your standby server?
Thoughts?
How do you knew that your local NTP server knew what time it is? (for sure)
-P
By polling as many stratum 1 and 2 time servers as possible. Having
your own stratum 2 server(s) beats nebulous NTP servers out in the big
bad Internet every time.
Regards,
Ben
Wow ... that's a lot more effort than I'm willing to put in on a time
server.
Regards,
Ben
I guess what I'm trying to understand is, is having your own NTP server just a luxury?
I personally would like to have my own, I just need to pitch its advantages to my company. Unless everyone here on the NANOG group
clearly spells it out to me that it's a luxury.
I can see it as an added service/benefit though to our customers.....
I wanted to open up this question regarding NTP server. I recalled
someone had created a posting of this quite awhile back.
From a service provider/ISP standpoint, does anyone think that
having a local NTP server is really necessary?
It may not be necessary, but it certainly is not a bad thing. Not having to depend on third parties for a service is a good thing.
I've asked some of my fellow engineers at work and many of them gives
me the same response, "Can't we just use free ones out on the
internet?"
1) How necessary do you believe in local NTP servers? Do you really
need the logs to be perfectly accurate?
Perfectly accurate is very helpful when trying to associate several incidents going on at the same time or when trying to figure out the timeline leading up to why a machine had a kernel panic, for example.
2) If you do have a local NTP
server, is it only for local internal use, or do you provide this NTP
server to your clients as an added service?
Our master stratum 1 GPS clock only has ipv6 access to the outside world. Our two 'public' ntp servers can talk directly to it over ipv4 or ipv6, and those are are publicly available via ipv4 or ipv6.
3) If you do have a local
NTP server, do you have a standby local NTP server or do you use the
internet as your standby server?
If the stratum 1 becomes unavailable (its 500 miles away on a different network), the two public NTP servers are peered with one another, and both have a different outside third-party NTP server to sync with (may it be an upstream provider's ntp server, or one of the pool ones from ntp.org).
Never had a problem with this setup, and its worked rather well.
1) How necessary do you believe in local NTP servers? Do you really
need the logs to be perfectly accurate?
what is "perfectly accurate?" perfection is not very realistic. to
what use do you put these logs? what precision and jitter are required
for that use?
imiho, if you are just comparing router and server log files, run off
public. if you are trying to do fine-grained measurement, you are going
to invest a lot in clock and propagation research.
2) If you do have a local NTP server, is it only for local internal
use, or do you provide this NTP server to your clients as an added
service?
i would generally let customers chime off routers which are strat 2 or
3. if a customer has other needs, then they can deal. if they are
really concerned, they should not bet on me anyway.
3) If you do have a local NTP server, do you have a standby local NTP
server or do you use the internet as your standby server?
again, depends on your needs.
randy
Time Service is more complicated than just having a single NTP server. But it can be useful and is not really a luxury.
Two primary reasons for local time service are to reliably serve a network that is relatively or completely isolated from the general internet, and, to provide a local time source for "dumb" clients that is closer (less jitter) in network terms. Other reasons can include policy (everything in the network uses the same identical time service), policy (the time service is locally controlled), operational simplicity (the routers don't need to run NTP), and, separation of functions/operational responsibility (your run your servers, they run the backbone, I tell you the time.
Implementing a local time service is actually fairly simple, but fewer than four servers is wasted effort. I can't explain in just a few words how the servers interact and compute delays and jitter to come to an "accurate" time. Take my word or ask David Mills for all that.
Implementation of an internet-referenced time service involves the following:
1. Select a set of stratum one servers - pick open access servers or get permission to use limited access servers. Four to six should do.
2. Select a set local hosts on your network - DNS servers, for example. These should be well distributed. Four to six should do. The actual NTP load is small compared to DNS queries.
3. Configure the local hosts as peers using the stratum one set as servers. Use crypto authentication if you feel the need.
4. Add NTP monitoring to your network management process.
5. Advertise the local time servers to your network - DHCP, word of mouth, configuration requirements, configuration scripts, standard builds, etc.
It is simple enough to do for a five node home network. It is almost that simple for a network with hundreds of thousands of client nodes. I've done both.
More than likely, it's more important that all your machines are synced
accurately in time to each other, vs. a wider sync range that's
statistically closer to the 'real' value.
-Jack Carrozzo
In a message written on Sun, Oct 24, 2010 at 11:34:12AM -0400, Brandon Kim wrote:
From a service provider/ISP standpoint, does anyone think that having a local NTP server is really necessary?
Do you provide NTP to your customers?
If you do there is probably an obligation there to make a reasonable
effort to have accurate times. I'm not sure relying on random
servers across the internet rises to that standard. I think you
should have at least four clocks getting time not from the internet
to compare.
For instance, for a couple of thousand dollars you can get a
Symmetricom appliance that will do GPS timing with analog dial
backup to NIST. That gives you two non-internet sources at relatively
low cost and low effort. Deploy four in different POP's and you
have redundancy on your own network, and can market that you provide
high quality NTP to your customers. It's nearly fire and forget,
and a check for alarms from the box and make sure you watch for
patches, that's about it.
If you don't offer NTP to your customers whatever you need for your
own internal logging is fine. Generally as long as they all sync
to the same set of servers they will be accurate to each other, so
you can compare times across servers. Set up 4 NTP servers, let
them sync to the outside world, let all of your internal boxes sync
to them.
Notice in both cases I said deploy 4. If you understand the protocol,
and in particular the decision process that really is the minimum
number to have high quality NTP. Syncing everything to one or two
NTP servers really doesn't work so well.
We have one internally because we use private IP'S on some of our own equipment for security reasons and those systems are unable to poll an external NTP server on the Internet. Plus some of our equipment only accepts a single NTP server and in the past we occasionally found external NTP servers to not be up, at least with our own server we know if it's accessible or not. As for pitching one to your company, not sure why that's an issue...talking about 500K app that can run on $50 pc with Linux from ebay
Bret
James --
Well said. I was going to submit the exact same thing. This is what we we
do at my company and it works extremely well - we only use three stratum-1
time servers, and three internal servers to go get the time from the three
externals, via a one-to-one correspondence. Once all three internals have
acquired the time from the three stratum-1 clocks, they all poll each other
for the average. every host in the network is pointed to one of the three
internals.
1) How necessary do you believe in local NTP servers? Do you really need th=
e logs to be perfectly accurate?
2) If you do have a local NTP server=2C is it only for local internal use=
=2C or do you provide this NTP server to your clients as an added service?
3) If you do have a local NTP server=2C do you have a standby local NTP ser=
ver or do you use the internet as your standby server?
Thoughts?
How do you knew that your local NTP server knew what time it is? (for sure)
this question is a trap.
a man with one watch knows what time it is, a man with two is never sure.
I wanted to open up this question regarding NTP server. I recalled
someone had created a posting of this quite awhile back.
>From a service provider/ISP standpoint, does anyone think that
>having a local NTP server is really necessary?
It's not strictly necessary, but I think any serious and
reasonably-sized ISP should probably have their own set of time sources.
This thread might be useful to review for some suggestions, but in
particular Michael's comments are relevant:
<All Recent Discussions - EDUCAUSE Connect;
1) How necessary do you believe in local NTP servers? Do you really
need the logs to be perfectly accurate? 2) If you do have a local NTP
server, is it only for local internal use, or do you provide this NTP
server to your clients as an added service? 3) If you do have a local
NTP server, do you have a standby local NTP server or do you use the
internet as your standby server?
The "perfect accuracy" of log files might be hard to justify and
quantify. I'd say it's more about having your own trustworthy and
reliable source that you can ensure is operational, reachable and
correct. That said, it is perfectly fine and probably useful to use
external sources in addition to your own for backup and time
redundancy in your design.
You probably don't need to provide time to your customers unless you
have a good reason to do so or they've been asking, which I'd find
surprising these days for new installations. The default Microsoft time
service and the pool.ntp.org servers probably work fine for the
majority of end users.
We have some NTP configuration templates here if it helps any:
<http://www.team-cymru.org/ReadingRoom/Templates/>
John
more to the point what's the minimum resolution of a counter in a log
file, if it's 1s or 1ms it's a bit different than if it's 1us.
acquired the time from the three stratum-1 clocks, they all poll each other
for the average.
How many clocks/servers do you need to average from to knew that you
are within say 1ms of UTC(nist)?
-P
Just for log purposes and possibly providing it to our clients as an added service at no charge of course.
I don't see us needing to get very granular in the details of the times on the logs....