[c-nsp] NTP Config
Sridhar Ayengar
ploopster at gmail.com
Wed Jul 11 16:28:52 EDT 2007
Justin Shore wrote:
> 1) Always use authentication between your local peers. Ideally you
> would also take advantage of NIST's offer of authenticated NTP (or make
> arrangements with another provider with whom you peer).
This isn't a big deal if all of the devices are behind a firewall. You
can just drop the NTP packets trying to cross the firewall.
> 3) Pick at least a couple stratum 1 or 2 servers external to your
> network, even if you have a local GPS or WWVB radio.
>
> 5) Ask before you use an external NTP server that doesn't give implicit
> permission for everyone to query it (ie, isn't listed on NIST's NTP
> server page).
I tend to use tick and tock (.usno.navy.mil) for my stratum-2 servers.
There are others which allow public access, but why not just go to the
horse's mouth?
Peace... Sridhar
More information about the cisco-nsp
mailing list