On 2/9/2014 6:42 PM, James R Cutler wrote:
On Feb 9, 2014, at 3:50 PM, Larry Sheldon <LarrySheldon@cox.net> wrote:
On 2/9/2014 2:45 PM, Jay Ashworth wrote:
Or do I understand NTP less well than I think?
I am of the private opinion that if your name is not "David Mill" (and MAYBE if it IS) the answer is either "42" or "yes". — ...
From http://www.eecis.udel.edu/~mills/database/brief/overview/overview.pdf
Intersection and clustering algorithms pick best true chimers and discard false tickers.
You should look at this presentation and see why Larry Sheldon’s private opinion is spot on.
I won’t begin to try explaining in technical detail how this works. The bottom line is that, within a peer group of NTP servers looking at a reasonably large set of NTP source servers, all kinds of variations in input data are reduced to a coherent local time truth.
In the 1990s I found myself administering a campus network for a University--the only people less prepared than I as everybody else. A need arose to have a uniform notion of time across the campus (my recollection had to do with resolving who did it first squabbles as well as trying to solve some problems having to do with the date and time in emails regarding assignments due. I stumbled across NTP somewhere and decided that was the answer, I didn't know about "42" then. Nobody I was in contact with knew any more about it that I did, so I spent a lot of time on eecis learning how to make it play, and how not to be a rude participant.
My template for NTP service deployment for any organization is very simple:
1. Select four or more local systems and configure them as peer NTP servers. In many instances one can leverage local DNS server machines running almost any OS — the NTP daemon runs on at least Windows, OS X, UNIX, Linux. Don’t forget appropriate restrict commands.
I don't remember now how many boxes I had in my NTP backbone but it was lots--every cisco router I knew the password for (there were a lot of them, supporting frame-relay links to off-campus points), every HP9000 box I had root on, maybe the two Wellfleets -- I don't remember. They all were peers and I connected to a couple of off-network public stratum 1s and 2s not as peers (I had no budget for a stratum 0).
2. Configure ntpd on the local servers to also select as servers a list of 8-10 open access servers like pool.ntp.org, usno.navy.mil, nist-????-ustiming.org. If you can arrange authenticated access to other servers, that is possibly better.
I tried, using "ping", to pick sturdy-sounding servers that were "close" to Omaha.
3. As desired, configure ntpd on selected local servers for local clocks or GPS clocks. This has little effect on accuracy, but may enhance reliability. In many cases, it also requires building penetrations for antennas. (Not easy for network guys.)
4. Configure all local time consumers to select from the list of local NTP servers. Authenticate or not as you see fit. You can even use DHCP to inform end systems of NTP server addresses. The router folks will have to include NTP server addresses as part of each configuration package.
Did that. Told machines and people to use their default gateway address as their NTP (or SNTP) server.
Over the years I have successfully applied this template for NTP service deployments to several large networks. It just works.
It does. It does. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. (Adapted from Stephen Pinker)