[lug] NTP question

[Bear Giles]

Nate Duehr wrote:
> If you're synching more than one box, run one to the external servers (or
> two if you have a lot of boxes) and sync all the others off of those... if
> you're not looking for ultra-accuracy to the 100ms level type junk and just
> keeping the clocks right and the logs in order.

Another approach is to create a local 'cloud' of servers, then use 
the external clocks to discipline it.  I believe the idea is that 
the low network latency (and your willingness to bump the refresh 
rate) can keep the clocks synchronized to a phenominal level - 
think milliseconds - and the external clocks keep the cloud from 
drifting too far from the true time.

> On a big network, a couple
> of GPS clock sources on a couple of machines with ntp and you have your own
> mini-Stratum-1 clock source!  (GRIN)

Don't laugh - some security protocols require non-fudgable clocks 
to prevent "playback attacks," and the idea of a GPS receiver and 
secure host running NTP is very attractive.  Kerberos normally 
uses a five-minute window for unsynchronized clocks, but if you're 
running NTP across your network you should be able to drop that to 
a second.

But in this area, it makes more sense to use a WWV receiver for 
your Stratum-1 clock source.

On a semi-related note, this is an area where you need to be 
careful to avoid using a hammer to drive a screw.  NTP is great 
for getting a fairly accurate time to use when logging events, but 
if you need to ensure that everyone agrees on the sequence of a 
series of events you need to use other algorithms.