I’m planning to setup an NTP service in my lab, and joining it to the pool for public access. My plan is to run an internal/private Statum 1 appliance with a GPS sync, and then below that add one or more stratum 2 servers in my DMZ to join the pool. However, as I only have 1 public IP address, I cannot expose more than one of these directly to the public. One possible solution would be to add a load-balancer in front of the several stratum 2 servers, which would increase availability, but As the various stratum 2 servers are not 100% in sync, I’m wondering, if load-balancing between several tightly syncronized stratum 2 servers would actually do more harm than good?
How would you ensure that the same client always arrives at the same server?
TL;DR: Your instincts are right. Load balancing NTP doesn’t make sense, and can do more harm than good.
RFC8633 (NTP Best Current Practice) has a section on anycast, and the same considerations apply to load balancers.
If you have only one public IP address, expose just one stratum 2 server to the pool.
If your main goal is availability, you can use your load balancer’s failover mechanisms to only send traffic to one server at a time.
Previous thread on this: Thinking of joining, is load balancing okay?
I use 4 servers and they are all called with ntp.heppen.be, so they devide the load.
My primary server is GPS+PPS and all other connect to stratum1 servers as well.
However, I do not load-balance over 1-IP-adress, that isn’t usefull at all.
I load-balance via DNS over 4 different servers. My load-balance is basically my own ntp-pool.
How do you use Round Robin DNS balancing if the pool directly distributes the server’s IP address instead of the domain?
Well it’s quite simple to do.
You just make 4 A-records in your domein for e.g. ntp.yourdomein.org but every entry points to a different IP.
After you done that, you can check your round-robin with nslookup and it will do this:
root@server:~# nslookup ntp.heppen.be
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: ntp.heppen.be
Address: 77.109.90.72
Name: ntp.heppen.be
Address: 176.9.206.139
Name: ntp.heppen.be
Address: 82.161.251.125
Name: ntp.heppen.be
Address: 5.196.189.119
The client will take the fastest server over time anyway.
This is the most basic way of load-balancing, but it works for me.
Funny is, if I signup ntp.heppen.be to the pool it inserts all 4 servers in 1 click.