James -- Well said. I was going to submit the exact same thing. This is what we we do at my company and it works extremely well - we only use three stratum-1 time servers, and three internal servers to go get the time from the three externals, via a one-to-one correspondence. Once all three internals have acquired the time from the three stratum-1 clocks, they all poll each other for the average. every host in the network is pointed to one of the three internals.
On Sun, Oct 24, 2010 at 1:12 PM, Cutler James R <james.cut...@consultant.com > wrote: > Time Service is more complicated than just having a single NTP server. But > it can be useful and is not really a luxury. > > Two primary reasons for local time service are to reliably serve a network > that is relatively or completely isolated from the general internet, and, to > provide a local time source for "dumb" clients that is closer (less jitter) > in network terms. Other reasons can include policy (everything in the > network uses the same identical time service), policy (the time service is > locally controlled), operational simplicity (the routers don't need to run > NTP), and, separation of functions/operational responsibility (your run your > servers, they run the backbone, I tell you the time. > > Implementing a local time service is actually fairly simple, but fewer than > four servers is wasted effort. I can't explain in just a few words how the > servers interact and compute delays and jitter to come to an "accurate" > time. Take my word or ask David Mills for all that. > > Implementation of an internet-referenced time service involves the > following: > 1. Select a set of stratum one servers - pick open access servers or get > permission to use limited access servers. Four to six should do. > 2. Select a set local hosts on your network - DNS servers, for example. > These should be well distributed. Four to six should do. The actual NTP load > is small compared to DNS queries. > 3. Configure the local hosts as peers using the stratum one set as servers. > Use crypto authentication if you feel the need. > 4. Add NTP monitoring to your network management process. > 5. Advertise the local time servers to your network - DHCP, word of mouth, > configuration requirements, configuration scripts, standard builds, etc. > > It is simple enough to do for a five node home network. It is almost that > simple for a network with hundreds of thousands of client nodes. I've done > both. > > > On Oct 24, 2010, at 12:29 PM, Brandon Kim wrote: > > > > > I guess what I'm trying to understand is, is having your own NTP server > just a luxury? > > > > I personally would like to have my own, I just need to pitch its > advantages to my company. Unless everyone here on the NANOG group > > clearly spells it out to me that it's a luxury. > > > > I can see it as an added service/benefit though to our customers..... > > > > > > > >> Date: Sun, 24 Oct 2010 17:55:22 +0200 > >> From: eu...@leitl.org > >> To: nanog@nanog.org > >> Subject: Re: NTP Server > >> > >> On Mon, Oct 25, 2010 at 02:51:24AM +1100, Ben McGinnes wrote: > >> > >>>> How do you knew that your local NTP server knew what time it is? (for > sure) > >>> > >>> By polling as many stratum 1 and 2 time servers as possible. Having > >>> your own stratum 2 server(s) beats nebulous NTP servers out in the big > >>> bad Internet every time. > >> > >> For those you care about that: > >> > >> http://leapsecond.com/time-nuts.htm > >> > > = > > James R. Cutler > james.cut...@consultant.com > > > > > > -- To him who is able to keep you from falling and to present you before his glorious presence without fault and with great joy
