Routers are not a good choice for time servers as it complicates configuration and, to some extent, constrains deployment methodology for routers to be effective with time service. We don't run DNS on routers, it is a service. Time service via NTP is a service as well. The NTP daemon in a router is not implemented in hardware and requires CPU resources better dedicated to RIB management. In my experience, a reliable NTP peer group can be implemented on the same set of boxes as DNS (bind, etc.) with little or no impact on DNS performance. If you can count to four or more, you can make a reliable peer group of time servers. On Oct 24, 2010, at 8:15 PM, Brandon Kim wrote:
Hi Sean:
By local I meant in-house, on-site in our datacenter. As far as what applications could use our NTP service, I would leave that up to each client and what they are running. For my own personal purposes, it would just be for log purposes. (error logs, syslogs, etc etc)
I have heard that routers don't make good NTP servers since they weren't designed to keep track of time. This, I have read from a Cisco source. Can't remember where though. Or maybe they were just referring to older less powerful routers like 2500 series...
Brandon
Date: Sun, 24 Oct 2010 14:42:24 -0400 From: sean@donelan.com To: nanog@nanog.org Subject: Re: NTP Server
On Sun, 24 Oct 2010, Brandon Kim wrote:
1) How necessary do you believe in local NTP servers? Do you really need the logs to be perfectly accurate? 2) If you do have a local NTP server, is it only for local internal use, or do you provide this NTP server to your clients as an added service? 3) If you do have a local NTP server, do you have a standby local NTP server or do you use the internet as your standby server?
First terminology. What do you mean by a local NTP server?
Almost any Cisco/Juniper router, Unix server and some recent Windows servers have NTP server software and can synchronize clocks in your network. So you may already have a NTP server capable device. You just need to configure it, and give it a good source of time. It would be a Stratum 2 or greater NTP server because the good source of time is another NTP server. Left to itself, NTP is pretty good at keeping clocks in arbitrary networks synchronized with each other. But most people are also interested in synchronizing clocks with some official time source.
The Network Time Protocol doesn't really have the notion of a "standby" server. It uses multiple time sources together, and works best with about four time sources. But for many end-systems, the Simple Network Time Protocol with a single time source may be sufficient.
If you are in a regulated industry (stock broker, electric utility, 9-1-1 answering point, etc) there are specific time and frequency standards you must follow.
On the other hand, are you are asking about a local clock receiver (radio, satellite, etc) for a stratum 1 NTP server? Clock receivers are getting cheaper, the problem is usually the antenna location.
Or on the third hand, are you asking about local primary reference clock (caesium, rubium, etc) for a stratum 1 NTP server? These are still relatively expensive up to extremely expensive.
Or on the fourth hand, are you a time scientist working to improve international time standards. If you are one of these folks, you already know.
Most major ISPs use NTP across their router backbone, and incidently provide it to their customers. The local ISP router connected to your circuit probably has NTP enabled.
Required accuracy is in the eye of the beholder. NASDAQ requires brokers to have their clocks synchronized within 3 seconds of UTC(NIST). 9-1-1 centers are required to have their clocks synchronized within 0.5 seconds of UTC. Kerberos/Active Directory requires clocks to be synchronized within 5 minutes of each other.
If your log files have a resolution of 1 second, you probably won't see much benefit of sub-second clock precision or accuracy. If you are conducting distributed measurements with sub-microsecond resolution, you probably will want something more.
=
James R. Cutler james.cutler@consultant.com
On Sun, 24 Oct 2010, Cutler James R wrote:
In my experience, a reliable NTP peer group can be implemented on the same set of boxes as DNS (bind, etc.) with little or no impact on DNS performance. If you can count to four or more, you can make a reliable peer group of time servers.
There are lots of alternatives. CableLabs' designs tend to tie together DHCP, DNS, NTP, TFTP and headends. DSL forum designs tend to split them apart. If you have a set of systems which are already configured and accessed by end-user systems, such as DNS or DHCP or Active Directory, then NTP is just one more protocol with many of the same risks on those systems. Shared fate also makes trouble shooting easier, because a problem will usually affect all of the services. Other alternatives such as multicast NTP tend to work better with a device on each LAN (such as a router). And still other alternatives tend to work better with specialized servers if you need hardware assist or auditing. But again, it comes back to what are your requirements. For some people, the built-in WindowsTime service meets their needs. Other people need specialized clock hardware connected directly to their systems.
participants (2)
-
Cutler James R -
Sean Donelan