Does load-balancing make sense for NTP?

I’m planning to setup an NTP service in my lab, and joining it to the pool for public access. My plan is to run an internal/private Statum 1 appliance with a GPS sync, and then below that add one or more stratum 2 servers in my DMZ to join the pool. However, as I only have 1 public IP address, I cannot expose more than one of these directly to the public. One possible solution would be to add a load-balancer in front of the several stratum 2 servers, which would increase availability, but As the various stratum 2 servers are not 100% in sync, I’m wondering, if load-balancing between several tightly syncronized stratum 2 servers would actually do more harm than good?

1 Like

How would you ensure that the same client always arrives at the same server?

TL;DR: Your instincts are right. Load balancing NTP doesn’t make sense, and can do more harm than good.

RFC8633 (NTP Best Current Practice) has a section on anycast, and the same considerations apply to load balancers.

If you have only one public IP address, expose just one stratum 2 server to the pool.

3 Likes

If your main goal is availability, you can use your load balancer’s failover mechanisms to only send traffic to one server at a time.

Previous thread on this: Thinking of joining, is load balancing okay?

1 Like

I use 4 servers and they are all called with ntp.heppen.be, so they devide the load.
My primary server is GPS+PPS and all other connect to stratum1 servers as well.
However, I do not load-balance over 1-IP-adress, that isn’t usefull at all.
I load-balance via DNS over 4 different servers. My load-balance is basically my own ntp-pool.

1 Like

How do you use Round Robin DNS balancing if the pool directly distributes the server’s IP address instead of the domain?

Well it’s quite simple to do.
You just make 4 A-records in your domein for e.g. ntp.yourdomein.org but every entry points to a different IP.

After you done that, you can check your round-robin with nslookup and it will do this:

root@server:~# nslookup ntp.heppen.be
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: ntp.heppen.be
Address: 77.109.90.72
Name: ntp.heppen.be
Address: 176.9.206.139
Name: ntp.heppen.be
Address: 82.161.251.125
Name: ntp.heppen.be
Address: 5.196.189.119

The client will take the fastest server over time anyway.
This is the most basic way of load-balancing, but it works for me.

Funny is, if I signup ntp.heppen.be to the pool it inserts all 4 servers in 1 click.