Symmetricom S100 Network Card User Manual


 
96 S100 User Guide – Rev. D – June 2005
SyncServer S100
Basic NTP Configuration
No special configuration is required for a machine with a running NTP to be used by other
network nodes as a standard server (as opposed to a broadcast server or peer). However,
access control is needed to prevent a machine from acting as an NTP server to clients.
Further, operating as a broadcast server or a peer server involves additional configuration.
Basic guidelines for architecting an NTP solution, should include:
1. Limiting single points of failure and maximizing independence
2. Controlling network impact
3. Enabling access control
4. Selecting appropriate reference clocks
Single points of failure can be reduced by assuring that client servers are as independent as
possible. Using a number of independent servers reduces the effectiveness of an incorrectly
configured server spoofing the time, and thus increases security. Verifying NTP server
independence can be difficult. To effectively map the dependencies on an NTP subnet, each
of the peers and servers must be mapped. Use ntptrace to determine the hierarchy of time
sources used by a client. It can then be easily identified if two machines share common time
servers. A client should always receive time from at least four servers. This will reduce the
chances of it losing synchronization when a server fails. If fewer than four servers are used,
the agreement algorithm cannot reliably detect a clique including a majority of trusted
sources. An easy solution is to use three servers from a lower stratum number and one
unrelated peer from the same stratum.
The goals of an NTP architect are two-fold: to limit NTP’s network activity and increase the
accuracy of the clocks. To achieve high clock accuracy, the network latency needs to be low.
NTP can achieve a high level of accuracy and remain a good network citizen if local NTP
servers are used and NTP servers use the appropriate modes.
The easiest way to increase accuracy in an NTP configuration is to reduce the latency
between the connections by putting NTP servers on the same LAN as their clients. If a LAN is
very large, it is a good idea to have multiple servers in different geographic or network
segments. However, if several independent servers are used, the NTP clock selection
algorithms will probably help mitigate the effects of any increased latency. Another advantage
to using local servers is that they tend to reduce the load on the WAN, though NTP is unlikely
to be a big source of network load.
Another way of reducing NTP traffic, while keeping clock accuracy, is to use appropriate
server modes. Central servers (generally stratum 1 and 2 servers) should use non-broadcast
server/client mode or peer mode, which allows more accurate time distribution. These
servers are generally geographically distributed; therefore, the accuracy of the time
distribution is critical.
Broadcasting over high latency links can lead to very inaccurate time, both because of the
latency and because it is likely the latency will be variable and unpredictable. Using
broadcasting or multicasting over relatively local connections is acceptable. In fact, for a local
server with a large number of clients and a fairly constant network latency broadcasting or