[ednog] Building a cheap NTP stratum-2 network with retired Cisco gear

John Kristoff jtk at northwestern.edu
Thu Jun 23 06:53:26 EDT 2005


On Wed, 22 Jun 2005 20:27:00 -0400
Shumon Huque <shuque at isc.upenn.edu> wrote:

> If there are NTP implementations that repeatedly resolve the
> DNS name of the peer/server, then round robin DNS probably
> causes a problem because it will result in miscalculated jitter,
> delay and error estimates. I'm guessing most NTP implementations
> resolve the DNS name only once on startup though.

That is a good point.  Though I thought either most implements do
resolve the name just once when the daemon starts or in the case of
Microsoft's implementation, they use SNTP so it probably doesn't
matter (though I better check that also).

> Also, what do you do if one of the routers in the round robin
> set is down? Doesn't that result in unreachability of the NTP
> service for a subset of your clients? I think it's best to train
> users to specify multiple time servers if they want reliability.

Yes, that is true also.  We will of course monitor and hopefully
restore service quickly, but there is some thought that NTP isn't
as critical a service as some other services we support.  If a host
is only pointing at failed server, then they obviously don't care
much about reliability either.  :-)

> For distributing authenticated time to clients who want it, we
> are planning to set up public key authentication and distribute 
> the NTP server public keys widely around campus. Pubkey auth is
> supported only in the latest implementations (NTP 4 from UDel).

I had at least one stratum-1 tell me that while they do not support
MD5, they may support NTP4's autokey in the future.

John


More information about the ednog mailing list