I just noticed https://www.ntpsec.org/, and their goals look OK to me. Is anybody using their software on pool servers already?
Hadn’t heard of them previously but the idea of reducing attack surfaces and removing cruft is definitely a good one. Next time I’m adding or changing servers I’ll consider the option as an alternative.
I am, on 3 servers in the pool. One of them is Stratum 1, the other two are Stratum 2.
Yes I use NTPSec, on both my Stratum-0 and Stratum-1. Functionally compatible to the base NTP daemon, and I like the included utilities for monitoring server performance and incoming queries.
I’m now using it on a stratum 1 and stratum 2 server. Looking good!
Has anyone given it a try under load, is it multi-threaded?
I’m interested in how it might perform at say 50,000 queries per second.
Earlier I have heard that ntpd development is lacking personnel. Why don’t those who behind ntpsec just join the original ntpd team and possibly take over the development?
Hello Alica. I’m the PM for the NTPsec Project. The relationship between NTPsec and the NTF is complex. We collaborate were we can, but we have no plans to “take over” the NTF.
So far, all I had to do is to build with refclocks and docs (since I like manpages):
./waf configure --refclock=generic,shm,pps,local --enable-doc ./waf build ./waf install
After that everything was functional; I then changed the reflock definition from:
server 127.127.28.0 minpoll 4 maxpoll 4 iburst fudge 127.127.28.0 time1 0.001 refid shm0
refclock shm prefer minpoll 0 maxpoll 4
Still fiddling with new stuff to add, like statistics…
Do you have examples on how to set up the statistics stuff?
I looked into NTPsec too. Seems really nice from an admin perspective. I do however currently just lazily use the default ubuntu/debian provided daemons and just go with the flow. And i suspect that as long as the bigger distro’s have such low entry barrier I suspect i’m not the only one sticking with what they know
I don’t believe any of the open source NTP implementations are multi-threaded. Meinberg has a clever software solution to use multiple CPU cores in their SyncFire 1100.
They also have network cards that can do NTP “in hardware” for their IMS platform.
The appliance route can be expensive when compared to running VMs, however as you’ve noted there doesn’t yet seem to be any multithreaded NTP server implementations around.
I’ve had some success with running NTP in docker containers as a way of scaling out to use multiple cores on a box, however this assumes you are ok with using multiple IP’s to load balance the inbound requests.
Next up is to try running a load balancer to try scale NTP compute horizontally but behind the one IP.
Please check out:
My setup (I am running multiple Stratum 0 in the pool with ntpsec, git checkouts weekly:
logfile /var/www/html/ntp/ntpd.log logconfig =syncall +clockall +peerall +sysall statsdir /var/www/html/ntp/ filegen loopstats type day link filegen peerstats type day link filegen protostats type day link filegen rawstats type day link filegen sysstats type day link filegen cryptostats type day link driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. statistics loopstats peerstats clockstats
Then run ntpviz, passing it the /var/www/html/ntp directory