-----Original Message----- From: Notify Me [mailto:notify.sina@gmail.com] Sent: Thursday, February 06, 2014 4:54 AM To: Aled Morris Cc: nanog@nanog.org; Martin Hotze Subject: Re: Need trusted NTP Sources
Raspberries! Not common currency here either, but let's see!
While I would be using a Pi if I were doing it now, a few years ago I put together a circuit that used a <$100 outdoor mast-mount GPS receiver* with a PPS out, to feed an RS232 connection to 3 FreeBSD 8.1 systems compiled with: options PPS_SYNC # I don't know if that is still required in 10.0, and I understand Linux has since fixed the kernel time resolution issues it was having, so research into current OS configuration is required. To make the local time reference preferred over external references, in ntp conf: server 127.127.20.1 mode 8 minpoll 4 maxpoll 4 prefer The diagram is at http://tndh.net/~tony/GPS-PPS-5v-ttl_232-box.pdf While there is 'some assembly required', the components to feed existing servers may be easier to come by than a Pi, and an outdoor receiver will have better reception than the Adafruit one stuck inside a datacenter. As others have said, several external references help protect against any one source having a bad day, but you should also be aware that network asymmetry WILL impact your results so factor topology into your source selection. Using this setup and OWAMP** I was able to track down a ~20ms "peering asymmetry" between HE & Comcast "inside the Seattle Westin colo", which still persists.*** It would appear from the time delay that one of their intermediaries is not really present in the building, but using a fiber loop to a city about 400 miles away (Boise, or Medford ??). I am not aware of the specific topology, other than traceroute shows different intermediaries in each direction at one IP hop, with one taking 20ms longer than the other to move between the same HE & Comcast routers inside that colo. What I can see is the impact it has of showing the IPv6 connected NTP peers as ~10ms off of the local IPv4 ones & the GPS receiver. Good luck * MR-350P http://www.amazon.com/Globalsat-Waterproof-External-Receiver-without/dp/B001 ENYWJC/ref=sr_sp-atf_title_1_1?ie=UTF8&qid=1391734470&sr=8-1&keywords=mr-350 p ** OWAMP >>> http://software.internet2.edu/owamp/ *** >ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================ == xPPS(1) .PPS. 0 l 7 16 377 0.000 0.001 0.002 oGPS_NMEA(1) .GPS. 0 l 7 16 377 0.000 0.001 0.002 *bigben.cac.wash .GPS. 1 u 69 64 372 13.058 1.638 36.654 +clock.fmt.he.ne .CDMA. 1 u 15 64 373 32.641 1.938 28.828 -chronos6.es.net .CDMA. 1 u 9 64 377 92.321 10.473 2.335 -2001:4f8:2:d::1 129.6.15.29 2 u 31 64 377 35.545 9.912 43.519 -time0.apple.com 17.150.142.121 2 u 2 64 377 44.922 -1.275 26.193
grateful for all the input and responses, this list is amazing as usual.
On Thu, Feb 6, 2014 at 1:41 PM, Aled Morris <aledm@qix.co.uk> wrote:
On 6 February 2014 12:30, Martin Hotze <m.hotze@hotze.com> wrote:
I'm trying to help a company I work for to pass an audit, and we've been told we need trusted NTP sources (RedHat doesn't cut it). Being located in Nigeria, Africa,
[...]
So build your own stratum 1 server (maybe a second one with DCF77 or whatever you can use for redundancy),
I don't think DCF77 is going to reach Nigeria.
Aled