NTPSec, opinions?

hildeb · March 28, 2017, 2:49pm

I just noticed https://www.ntpsec.org/, and their goals look OK to me. Is anybody using their software on pool servers already?

AlisonW · March 28, 2017, 4:01pm

Hadn’t heard of them previously but the idea of reducing attack surfaces and removing cruft is definitely a good one. Next time I’m adding or changing servers I’ll consider the option as an alternative.

ghane0 · March 28, 2017, 4:14pm

I am, on 3 servers in the pool. One of them is Stratum 1, the other two are Stratum 2.

Works well.

Raineer · March 28, 2017, 6:04pm

Yes I use NTPSec, on both my Stratum-0 and Stratum-1. Functionally compatible to the base NTP daemon, and I like the included utilities for monitoring server performance and incoming queries.

hildeb · March 28, 2017, 9:30pm

I’m now using it on a stratum 1 and stratum 2 server. Looking good!

josephb · March 29, 2017, 12:46am

Has anyone given it a try under load, is it multi-threaded?

I’m interested in how it might perform at say 50,000 queries per second.

alica · March 29, 2017, 2:29am

Earlier I have heard that ntpd development is lacking personnel. Why don’t those who behind ntpsec just join the original ntpd team and possibly take over the development?

MarkAtwood · March 29, 2017, 3:21am

Hello Alica. I’m the PM for the NTPsec Project. The relationship between NTPsec and the NTF is complex. We collaborate were we can, but we have no plans to “take over” the NTF.

hildeb · March 29, 2017, 9:45am

So far, all I had to do is to build with refclocks and docs (since I like manpages):

./waf configure --refclock=generic,shm,pps,local --enable-doc
./waf build
./waf install

After that everything was functional; I then changed the reflock definition from:

server 127.127.28.0 minpoll 4 maxpoll 4 iburst
fudge 127.127.28.0 time1 0.001 refid shm0

to:

refclock shm prefer minpoll 0 maxpoll 4

Still fiddling with new stuff to add, like statistics…

hildeb · March 29, 2017, 9:47am

Do you have examples on how to set up the statistics stuff?

gekkie · April 11, 2017, 3:58pm

I looked into NTPsec too. Seems really nice from an admin perspective. I do however currently just lazily use the default ubuntu/debian provided daemons and just go with the flow. And i suspect that as long as the bigger distro’s have such low entry barrier I suspect i’m not the only one sticking with what they know

ask · May 2, 2017, 3:06am

I don’t believe any of the open source NTP implementations are multi-threaded. Meinberg has a clever software solution to use multiple CPU cores in their SyncFire 1100.

They also have network cards that can do NTP “in hardware” for their IMS platform.

josephb · May 2, 2017, 11:49pm

The appliance route can be expensive when compared to running VMs, however as you’ve noted there doesn’t yet seem to be any multithreaded NTP server implementations around.

I’ve had some success with running NTP in docker containers as a way of scaling out to use multiple cores on a box, however this assumes you are ok with using multiple IP’s to load balance the inbound requests.

Next up is to try running a load balancer to try scale NTP compute horizontally but behind the one IP.

ghane0 · May 21, 2017, 1:15pm

Please check out: man ntpviz

My setup (I am running multiple Stratum 0 in the pool with ntpsec, git checkouts weekly:

logfile /var/www/html/ntp/ntpd.log
logconfig =syncall +clockall +peerall +sysall

statsdir /var/www/html/ntp/
filegen loopstats  type day link
filegen peerstats  type day link
filegen protostats type day link
filegen rawstats   type day link
filegen sysstats   type day link
filegen cryptostats   type day link

driftfile /var/lib/ntp/ntp.drift

# Enable this if you want statistics to be logged.
statistics loopstats peerstats clockstats

Then run ntpviz, passing it the /var/www/html/ntp directory

aubergine · October 2, 2023, 10:14am

Debian switched with release 12 called Bookworm to NTPsec by default if the ntp package is installed. Before ntpd was used.

The only things I needed to do after the upgrade is to remove some ntpd leftovers and to align to the new ntpq statistic output.

So far the daemon is running fine and consumes a bit less CPU for the same amount of queries. I don’t have accurate numbers for this and also a lot if things changed in parallel (Kernel, Libs, …).

ask · October 10, 2023, 5:37am

It using less CPU “per query” is indeed interesting. How much difference is it? Are you measuring both queries per second and the CPU per process?

aubergine · October 10, 2023, 7:02am

Unfortunately I don’t have accurate numbers because I don’t save statistics per process.

Badeand · November 26, 2023, 5:43pm

Doing apt install ntp on Debian 12 will get you ntpsec.
Seems to work well pool.ntp.org: Statistics for 2a0d:5600:30:3e::bade

Topic		Replies	Views
Suggestion for http://www.pool.ntp.org/en/join.html Pool Development	5	1292	September 30, 2018
Recommend the superior “pool" not “server” in ntp.conf Server operators	10	1501	January 9, 2023
Fine tuning ntp.conf Server operators	3	1157	April 27, 2019
Airgapped Network - source discarded high stratum, failed sanity Client Configuration and Development	3	1993	June 11, 2019
NTP pool wrong time issue 2/5/20 Client Configuration and Development monitoring , dns	26	3754	February 12, 2020

NTPSec, opinions?

Related Topics