6

I'm setting up an NTP server (one of what will be five in a cluster). My config file:

restrict default kod nomodify notrap
driftfile /var/lib/ntp/drift

server tick.usno.navy.mil
server ntp.colby.edu
server tick.gatech.edu

#peer local-ntp.server.2
#peer local-ntp.server.3
#peer local-ntp.server.4
#peer local-ntp.server.5

The peers are commented out because a) they aren't yet configured and b) I'm not sure if I should be using them.

The idea is that each of the NTP servers I'm configuring will sync to the USNO sources. Should our outbound connection go down they would sync to each other for the sole purpose of consistent time on the network. Each client will be configured to with all five of the local NTP servers as server directives in its ntp.conf.

Eventually it will be a little more complex using key authentication, but for now I'm starting simple. Am I doing it right?

Braiam
  • 35,991
theillien
  • 1,308

2 Answers2

6

This is just some examples from my own NTP servers, there are many different ways to do this but here is mine:

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap noquery
restrict -6 default kod nomodify notrap noquery
# Set nopeer when not configuring a peer node.
#restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery
  • noquery: prevent dumping status data from ntpd
  • notrap: prevent control message trap service
  • nomodify: prevent all ntpq queries that attempts to modify the server
  • nopeer: prevent all packets that attempts to establish a peer association
  • Kod: set Kiss-o-death packet to reduce unwanted queries
  • -6: informs ntpd that this is a restrict statement for IPV6 hosts (similar to: ping vs ping6)

Allow only trusted network hosts + localhost

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 127.0.0.1 #This is optional depending on your local machine's requirements

Difference between Server & Peer

  • ntpd service requests the time from another server
  • ntpd service exchanges the time with a fellow peer

ntp server A

server 0.pool.ntp.org iburst 
server 1.pool.ntp.org iburst 
peer myntp.server.b

ntp server B

server 2.pool.ntp.org iburst 
server 3.pool.ntp.org iburst
peer myntp.server.a
  • iburst: When the server is unreachable and at each poll interval, send a burst of eight packets instead of the usual one. As long as the server is unreachable, the spacing between packets is about 16s to allow a modem call to complete. Once the server is reachable, the spacing between packets is about 2s.

For the rest of the servers on your network that will connect to your ntp servers you can also use the prefer option:

server 192.168.1.125 prefer # Prefer your own NTP server over others listed

One example of a multi-server/peer ntp network. Notice how each ntp does not have the same servers listed. This is for better use of the peer sync. So peer sync can match against different time results.

1a  1b     1c  1d     1e  1f      outside
. \ / ...... \ / ...... \ / ..............
   2a ---p--- 2b ---p--- 2c        inside
  /|\        /|\        /|\
 / | \      / | \      / | \
3a 3b 3c   3e 3f 3g   3h 3i 3j

Key: 1 = stratum-1, 2 = stratum-2, 3 = stratum-3, p = peer
#Diagram + more info: http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm

More information: http://doc.ntp.org/4.1.1/confopt.htm

Hope that helps.

dfc
  • 1,026
devnull
  • 5,431
  • How do you have them peering if you have the nopeer option? – theillien Jan 22 '15 at 04:33
  • I have a total of 6 ntp servers on many different networks. 4 of them are set to peer, the other 2 are nopeer. I pulled samples from both configs. Sorry for the confusion, to peer you would indeed remove that option, while setting peer host. I edited my post. – devnull Jan 22 '15 at 04:39
2

The idea is that each of the NTP servers I'm configuring will sync to the USNO sources.

So each has a server line for them. That's somewhat reasonable.

Should our outbound connection go down they would sync to each other for the sole purpose of consistent time on the network.

They will attempt to sync with each other, but it won't work. All the clock sources are gone, so the servers will eventually stop giving time. As long as the outage isn't too long, this may be fine.

If you want to have a backup for the internet (and you don't want to put in even a cheap radio/GPS clock), then you can fall back to the local clock on a server. The easiest way is to pick one of the servers and add:

server 127.127.1.0
fudge 127.127.1.0 stratum 10

That server becomes a fallback and everyone will follow it if all the other clock sources disappear. NTP doesn't let you set up a group of machines and just synch them together. Instead it is trying to distribute some source of "real time". The CPU clock is not normally considered as such, so the lines above make it happen.

Now if you put that same thing on all of the servers, each one will think its local clock is better than the neighbor's, and they won't drift together.

BowlOfRed
  • 3,772
  • 1
    I guess I don't understand the point of a peer then. So, what is the point of peers in a group of NTP servers? – theillien Jan 24 '15 at 01:31
  • Your machines all query the same external clocks. If they queried different ones, then the ones working could provide the time to the ones that aren't. Because all your clocks will fail at the same time, a peer relationship isn't useful here. – BowlOfRed Jan 24 '15 at 02:03
  • 1
    If you had servA (which used externA as a clock) and servB (which used externB as a clock), and you had servA and servB peer, then if externA disappeared, servA would get time from servB (which is getting time from externB) – BowlOfRed Jan 24 '15 at 02:04
  • Fowllow-up question for @BowlOfRed: Suppose, by some amazing stroke of bad luck, I not only lose communication with all external clocks, but the one I set up with server 127.127.1.1 also fails. How do the others handle that? Is there not a means to configure them such that they can all act as an authoritative clock with an algorithm determining which of them is to be used when necessary? – theillien Jan 27 '15 at 02:31
  • Then each client would free-drift, with the corrections that NTP normally provides. If that level isn't enough for you, you could set up real clocks (a board with a radio or GPS is easy and cheap), or set up a second local clock at stratum 12 on another machine. Then the 12 will be used only if everything else is down. But you are running out of numbers. Max stratum is 15, so you only get 3 or 4 hops from your secondary. No, there's no "let's all stay together" algorithm with NTP. That's not how it's designed. – BowlOfRed Jan 27 '15 at 02:35
  • Another follow-up question: Since these are VMs that I'm dealing with, the local clock (127.127.1.1) is not particularly desirable since the hardware clock is, for all intents and purposes, imaginary. If instead, we pointed at the NTP hardware within our provider's network, could we point all servers at that, setting it as a higher stratum, and then peer all of the servers to each other or is that more or less the same problem but with the fall-back clock one step removed? (Or is this basically what you were saying with the setting up of a radio or GPS?) – theillien Jan 28 '15 at 01:02
  • This is probably better as another question. Yes, I would not use a VM as a high-stratum server for distribution. You don't set servers as a particular stratum normally. You let them set it. If that's your only clock, "peer" does nothing. Just set them all with a server line to the clock. – BowlOfRed Jan 28 '15 at 01:04
  • 2
    I think that using the tos orphan <stratum> option on all local servers might be bettern than using the "local clock" device. This option is described in https://www.eecis.udel.edu/~mills/ntp/html/orphan.html. I got the idea to use orphan mode from https://blog.rapid7.com/2014/03/17/synchronizing-clocks-in-a-cassandra-cluster-pt-2-solutions/. – Sebastian Marsching Mar 14 '18 at 17:05
  • @SebastianMarsching, while definitely no longer "new", orphan mode wasn't available when many folks were configuring NTP years ago. I in particular am not very familiar with it. Instead of just leaving a comment, I would suggest you write up a full answer that includes a valid configuration using tos orphan. That would be a big benefit. – BowlOfRed Mar 14 '18 at 17:10