I’m planning to set up a rack server to contribute to the NTP pool and would love to get some input on the best configurations for a reliable and efficient NTP server.
I know that NTP servers need to prioritize network connectivity and stability, but I’m curious to hear about the configurations that work best for a rack server used in this capacity. Specifically:
CPU: What kind of processor works best for NTP servers? Do I need something high-end, or will a more mid-range option be just fine?
RAM: How much memory should I allocate for smooth operation and optimal performance?
Network Interface: For NTP servers, how important is the choice between 1GbE and 10GbE network interfaces? Does the speed make a noticeable difference?
Storage: Is SSD storage a must for NTP servers, or are HDD solutions still effective for this kind of setup?
Redundancy: Are there specific features like dual power supplies or RAID configurations that can boost reliability for NTP server operations?
I’d really appreciate any suggestions or experiences you have regarding rack server setups for NTP servers!
I have very good experience with these kind of servers. They are very reliable even when warranty period is over. Very performant, @bas was recently referring to as BIG GUN servers that helped pulling out the Belgium zone from a small trouble.
Welcome! Happy to help out and privide some suggestions.
In general providing time is not a particularly hard task for rack servers.
Most problems server owners are experiencing are related to bandwidth, but that usually only occurs in countries where bandwidth is expensive and where there are few servers (e.g. Singapore, China). What country are you planning these rack servers to be in?
CPU: High-end is not required. Intel/AMD are both fine.
RAM: While i don’t know exact amounts, running NTPd or chrony is not memory intensive.
Network interface: For most servers i think 1GbE should be fine. 10GbE/SFP+ is better
Storage: Same storage requirements as for most Linux distro’s.
Redundancy: None of the things you mention are strictly required.
Personally i run 6 servers (3 physical NTP applicances and 3 virtual servers) from my home using a professional Opnsense router and a symmetric 200MBit fiber connection.
I run with Intel Celeron J1900 @ 1.99GHz, this is a quad-core, plenty fast.
Freq is locked to max, it’s fanless anyway and doesn’t get hot.
As for a nic, I love Intels as they have hardware-stamping and you can feed them with PPS if you like, that’s even faster then RS-232. But most onboard NIC’s will do just fine.
Memory 4GB is plenty, my server is 8GB and 6GB is free.
Redundancy is not needed.
Storage, I would advice SSD, cheap one, 16GB! is enough. But use a NAS-SSD as they can handle more writes.
Long answer….there is no long answer….but needed to have enough letters to reply
I just got this from my Leuven friend….if it works, have to test it.
I have iptables rules for IPv4/6 that drop when a certain packet rate is reached. It's a simple solution but an affective one.
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -m hashlimit --hashlimit-upto 100/second --hashlimit-burst 115 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name ntp -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 123 -m hashlimit --hashlimit-above 100/second --hashlimit-burst 115 --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name ntp -j DROP
This drops connections that exceed 100 pkts/s with a burst of 115. You can use it for both IPv4 and v6
So I don't have to worry about that! 🙂
Is this for a rack at home or in a datacentre? If it’s in a datacentre, how do you plan to connect a time source? You typically won’t receive GPS inside a datacentre hall and external access requires permission and usually vast expense.
At home, probably you have easier access to window or roof.
If you’re only going to be using other NTP servers over Internet as time sources then it feels pretty overkill to me to dedicate real hardware to this, unless it’s just lying around or you have some other interest (like running NTP appliances, or playing with single board computers). Virtual machines will do fine for that level of accuracy.
As others have mentioned, being able to correctly handle network flows in your routers will be the most critical thing, especially if you are going to participate in an under-served zone, as you are going to see tens of thousands of UDP flows. It is a good idea to disable connection tracking for NTP traffic if you can (trivial on Linux).
