Referencing Outside NTP Server in my Environment. - NTP

This is a discussion on Referencing Outside NTP Server in my Environment. - NTP ; Hi, Configured NTP on HP, HP TRU64, Linux and Solaris servers. Each group has NTP Server and configured local clock impersonator and is referenced in NTP clients.Works good. Question is , Can I reference some outside NTP server, like defense ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Referencing Outside NTP Server in my Environment.

  1. Referencing Outside NTP Server in my Environment.

    Hi,

    Configured NTP on HP, HP TRU64, Linux and Solaris servers. Each group
    has NTP Server and configured local clock impersonator and is
    referenced in NTP clients.Works good.

    Question is , Can I reference some outside NTP server, like defense or
    any Educational institute to the NTP servers I configured so that in
    case of a problem, all the clients will be synchronized to that of the
    otside server instead of local clock impersonator . We not have Radio
    Receivers and have firewalls.

    Thanks for your response in advance.

    -Venkat


  2. Re: Referencing Outside NTP Server in my Environment.

    See https://ntp.isc.org/bin/view/Support...siteNTPServers.

    You may need to make in hole in your firewall for port 123 UDP.

    Paul


  3. Re: Referencing Outside NTP Server in my Environment.


    Already there in /etc/services file.

    ntp 123/tcp # Network Time Protocol
    ntp 123/udp # Network Time Protocol

    Thanks,
    Venkat




    Paul.Croome@softwareag.com wrote:
    > See https://ntp.isc.org/bin/view/Support...siteNTPServers.
    >
    > You may need to make in hole in your firewall for port 123 UDP.
    >
    > Paul



  4. Re: Referencing Outside NTP Server in my Environment.

    On 2006-08-01, vb wrote:

    > Configured NTP on HP, HP TRU64, Linux and Solaris servers. Each group
    > has NTP Server and configured local clock impersonator and is
    > referenced in NTP clients.Works good.


    Do you mean that each group has an NTP server which is only configured
    to the Undisciplined Local Clock (i.e. 127.127.1.x) as a source of time?

    > Question is , Can I reference some outside NTP server, like defense or
    > any Educational institute to the NTP servers


    You should read the Rules of Engagement at http://ntp.isc.org/rules and
    choose stratum 2 servers from http://ntp.isc.org/s2 unless you meet the
    criteria for using stratum 1 servers. Please avoid using servers that
    you don't have permission to use.

    > I configured so that in case of a problem, all the clients will be
    > synchronized to that of the outside server instead of local clock
    > impersonator.


    One of the uses for the Undisciplined Local Clock is to provide a clock
    of last resort when all other normal synchronization sources (e.g.
    Remote Time Servers or Local Refclocks) have gone away.

    You seem to have this backwards.

    > We not have Radio Receivers


    You don't need to use a Local Refclock unless Remote Time Servers aren't
    good enough for your application. The Undisciplined Local Clock is _not_
    a Refclock.

    >and have firewalls.


    You need to have port 123/UDP open (bi-directionally) between all of the
    systems running ntpd behind your firewall and your chosen Remote Time
    Servers. If you are using a Stateful firewall your may not need to
    perform any additional configuration.

    BTW: The /etc/services extract you posted in another article has nothing
    to do with your firewall settings.

    --
    Steve Kostecke
    NTP Public Services Project - http://ntp.isc.org/

  5. Re: Referencing Outside NTP Server in my Environment.

    "vb" wrote in message
    news:1154437053.350891.172740@b28g2000cwb.googlegr oups.com...
    > Paul.Croome@softwareag.com wrote:


    >> You may need to make in hole in your firewall for port 123 UDP.


    > Already there in /etc/services file.
    >
    > ntp 123/tcp # Network Time Protocol
    > ntp 123/udp # Network Time Protocol


    That tells the OS to associate the symbolic name 'ntp' with port number
    123 for both TCP and UDP.

    It does _not_ punch a hole in your firewall.

    Groetjes,
    Maarten Wiltink



  6. Re: Referencing Outside NTP Server in my Environment.

    vb wrote:

    > Hi,
    >
    > Configured NTP on HP, HP TRU64, Linux and Solaris servers. Each group
    > has NTP Server and configured local clock impersonator and is
    > referenced in NTP clients.Works good.
    >
    > Question is , Can I reference some outside NTP server, like defense or
    > any Educational institute to the NTP servers I configured so that in
    > case of a problem, all the clients will be synchronized to that of the
    > otside server instead of local clock impersonator . We not have Radio
    > Receivers and have firewalls.
    >
    > Thanks for your response in advance.
    >
    > -Venkat
    >


    What, exactly, is a "local clock impersonator"?

    If you can reference some outside NTP server, you should.

    The simplest configuration is to designate one internal system as an NTP
    server and configure that system to use one external server. Your local
    server will then synchronize to the external server and all your local
    clients will synchronize to your internal server.

    That is not the best configuration, just the simplest. The weakness is
    that both the external and internal server are each single points of
    failure. If either one fails your clocks become unsynchronized.

    A better configuration would be to configure your internal server with
    four external servers. The internal server will select the best of the
    four to synchronize with and the other three will act as an advisory
    committee and sanity check. Any one of the four can have incorrect time
    or shut down completely and your internal server will still select the
    best remaining server.

    This configuration leaves your internal server as a single point of
    failure. A still better configuration would be to have four internal
    servers, each with four external servers, etc, etc. How far you want to
    take this depends on your needs for reliability, accuracy, and
    traceability of your timestamps. Your available resources can also be a
    factor. Some applications do not have very demanding requirements;
    others can be very exacting.

    So start be defining your requirements. Then design a system that meets
    them.

+ Reply to Thread