In my wide area company with about 1000 clients, I organized ntp server hierarchy in 2 levels:
level A - n.1 Physical Linux server (Centos 6) - SERVER MASTER
level B - n.3 Physical Linux server (Centos 6) - NTP1, NTP2, NTP3 (for clients)
Server MASTER retrieves time directly from servers of public newtwork.
Server NTP1, NTP2, NTP3 retrieves time from server MASTER and they are the official NTP server used from clients.
What do you think about this ntp server structure? I know NTP server numbers must be 1, 3 or 4,âŚ
I know ntp server must be a physical machine because its clock is more exact. Right ?
Please use higher version, CentOS 6 is unmaintained, it already contains some unpatched security vulnerabilities.
It is enough to have the 3 servers (NTP[1-3]) with vanilla configuration synchronizing to the pool. The clients should all synchronize to these servers. No need for MASTER server.
Yes, it is a good practice to have them as physical servers.
Consider using the one you had planned to be a master as your fourth NTP server and make sure you point all of your clients to all four via a multivalued DNS record.
I would put an NTP-server on both servers, pref Chrony.
Then let both servers access public NTP-servers and connect a link between them so you can see if either is false ticking.
Then make a round-robin DNS and point all clients to both servers.
I have a network where there are two NTP servers. Sometimes clients report âSynchronization lostâ. I have another network, with three NTP servers. I never get âSynchronization lostâ message from the clients there.
Are you referencing to client side, right ?
That is if my clients have set 4 ntp servers and one of them become mad, Itâs possible to keep right time by the three survived servers.
My idea is to destroy Master server and to expose NTP[1-3] server to public network to retrieve time directly from stratum 1 servers of Internet. At this time I would add the fourth server.
What do you want to say with âmultivalued DNS recordâ ?
In every client I will set n.4 different ntp servers which have different names e.g. ntp1, ntp2, ntp3, ntp4
Not just clients; all participants in NTP. The four servers should themselves have at least 4 diverse sources defined.
That is if my clients have set 4 ntp servers and one of them become mad, Itâs possible to keep right time by the three survived servers.
We donât just do this for resilience against a missing/inaccurate/malicious server, we do it for accuracy as well. You should have all four of them active all of the time. (Note that 4 is the minimum described in the RFC; up to 10 can be defined - at least for ntpd - and the more you have the more likely you are to have accurate time.) Read up on the intersection (selection) algorithm and the cluster algorithm for more details about why this is the case.
My idea is to destroy Master server and to expose NTP[1-3] server to public network to retrieve time directly from stratum 1 servers of Internet. At this time I would add the fourth server.
My suggestion is to use all 4 as a group, not just 1-3.
What do you want to say with âmultivalued DNS recordâ ?
In every client I will set n.4 different ntp servers which have different names e.g. ntp1, ntp2, ntp3, ntp4
See the post that @apuls just made to explain this.
If your servers are 192.168.1.123, 192.168.2.123, 192.168.3.123, and 192.168.4.123, you can have a single record, e.g. ntp.example.com which returns all four of those IP addresses, just like the NTP pool does.
I have not used (or even read about) a single NTP client which behaves in this way.
A fully-capable NTP client (e.g. chronyd or ntpd configured with pool ntp.example.com) will use all of the addresses returned in the DNS lookup (up to the value of maxsources) as inputs to the selection and clustering algorithms. A slightly less capable client like ntpdate will look up all of the sources and use a subset of the algorithms to determine the result.
A poor client will just take the first address from the DNS response (which is usually sorted randomly) and attempt to use it, possibly retrying if the address doesnât respond.
Iâd be interested in seeing a (documented) list of clients which act in the âhappy eyeballsâ-like manner you describe.
At first it will connect to all of them, but then chrony adjusts the poll-time if there are no problems.
It will use the most accurate server and slows the polls to others.
Unless you set min/max poll by hand and limit it to e.g. 4/4 then it will keep polling all servers at the same time.
Thatâs quite a bit different to what you said originally:
All of the servers respond (as best they are able, subject to the lossy nature of UDP and the intervening networks), and all of them continue to be polled as peers (possibly at different rates depending on the quality of their responses).
But your original explanation implies that itâs a situation of first reply wins and the others are discarded, which is not accurate.
It just depends on the client.
There are plenty that just takes the first entry and ignore the rest.
For that reason it was advised to provide more âserverâ lines.
With the current âpoolâ line this is no longer needed.
Most people donât care about time at all, only if things go wrong.
Many old clients still running and only query 1 entry out of a pool-DNS, if they get acceptable time they donât bother until the next poll.
Windows is such a clientâŚoff by 20 seconds is not an issue and it doesnât bother to check if itâs running on time more then once a week or more.
Seen it all to often where Hamâs asked why their WSPR of FT-8 wouldnât work
I agree with the suggestion to have all four physical servers use your internet sources directly, preferably with default minimum and maximum poll intervals so the software can tune the poll intervals to the conditions as they change.
I also agree with creating a single domain name which has A/AAAA records for all four servers (one or the other, either 4 As or 4 AAAAs, as the clients should not treat the same server via IPv4 and IPv6 as distinct servers unless the network paths are actually distinct, which I doubt they are).
Further, I would suggest the four use each other as additional sources, using the same pool directive as the clients, e.g.
They will refuse to use their own IP as a source and add the remaining three. Once all servers are referencing each other, I would also suggest enabling orphan mode. Just use âtos orphan 10â in ntp.conf to set the orphan stratum (higher than any normal stratum they operate at, low enough to avoid any downstream clients reaching stratum 15). In case your internet connection is lost, the four servers should then agree on one functioning server the remaining will sync to, providing a single freewheeling clock your entire network will use, rather than 4 different freewheeling clocks which would slowly diverge.