wiki:NTP

Version 1 (modified by dkg@…, 19 years ago) ( diff )

--

NTP: CAL's use of the Network Time Protocol

CAL is using NTP to synchronize the clocks of all our machines. After an overhaul on 21 Sep 2006, the network's NTP structure is as follows:

The machines are divided into 3 classes:

Domain Controllers
This is mars and terra, as usual. These machines synchronize against three public stratum 2 time servers (pool.ntp.org, sundial.columbia.edu, and timex.cs.columbia.edu). They also treat each other as peers. This makes them (or should make them) relatively stable stratum 3 servers. These machines treat their internal clocks as fallback time servers of stratum 9
Other Servers
These are the other full-blooded CAL Servers (not including shell servers, which don't run the cal-server software configuration). They synchronize against the domain controllers, and treat each other as peers. this should make them relatively stable stratum 4 servers (though in practice i've seen them reporting as 5 or 12 occasionally. These machines treat their internal clocks as fallback time servers of stratum 11.
Configured Workstations
These are the Configured Workstations (including shell servers). These machines synchronize against both groups above, and do not consider anyone their peers. They treat their own internal clocks as fallback time servers of stratum 13.

There are several advantages of this scheme:

  • we put very little load on the external time servers we are relying on, which reduces the likelihood that they'll resent our traffic.
  • the domain controllers (which also host the KDCs, which are the most skew-sensitive applications) are the lowest-stratum time servers, which means other machines should prefer them if any skew becomes apparent
  • no machines rely on (or even peer with) the CWs, which may or may not be powered off at various intervals.
  • the decent size of the peering pools should allow for better stabilization of times should we lose connectivity to the external servers (or should they go down)

Still to do:

It would be nice to get NTP cryptographically secured like all other services at CAL.

Note: See TracWiki for help on using the wiki.