Solved

NTP Client clarification

Posted on 2006-11-21
7
559 Views
Last Modified: 2013-12-27
Hello Experts,

One of NTP client conf file look like this and in which I found only one line is enabled (multicastclient). I'm not clear about this. What I understood (assumed) is that, using this multicast address (224.0.1.1) the NTP client will query a bunch of internet NTP servers present in this network and try to get the time information. If it works in this way, will it not hang the internet as there could be billions of NTP clients querying at regular intervals of time. Please claify me.


> cat /etc/inet/ntp.client
# ident "@(#)ntp.client 1.3     00/07/17 SMI"
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#

multicastclient 224.0.1.1              <---------



Thanks,
Ashok
0
Comment
Question by:rdashokraj
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
bpeterse earned 200 total points
ID: 17988942
You should have one server on your WAN that synchs to an outside time server - all the other servers in your 'farm' will synch to that one master time server on your WAN.

The clients on your WAN will copy their /etc/inet/ntp.client file to /etc/inet/ntp.conf:

# ident "@(#)ntp.client 1.3     00/07/17 SMI"
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#

#multicastclient 224.0.1.1
server {ip_of_your_internal_time_server}

The server is handled similarly, but ntp.server is copied to ntp.conf

HUP or start your /usr/lib/inet/xntpd

Verify the synching with 'ntpq -p'
0
 

Author Comment

by:rdashokraj
ID: 17989057
Thanks for your response. You mean to say that having setup like this is inefficient and will it flood our network/Internet traffic ? Please clarify.  The ntp.conf file of one of the NTP client is given below:

> cat /etc/inet/ntp.conf
# NTP Configuration file for Brookhaven National Laboratory

# Use the three BNL clockserver machines as servers.  Note that these
# are DNS aliases for real machines.  You should always specify the
# clockserver aliases rather than the canonical names in case the clockservers
# should move to another machine at some future date.

# Server Internal Clock
# Take out the comment for the server of this file
#server 127.127.1.0 prefer         # local clock driver
#fudge 127.127.12.0 stratum 7

#
# Setup outside Stratum 1 servers. NTP will use these first
#server tick.ucla.edu
#server ntp.nasa.gov
#server time.nist.gov
#server tick.usnogps.navy.mil

# Setup inside Stratum 2 servers. These servers are used when all Stratum 1
# servers are down
server clock1.cypress.com

# Setup outside Stratum 3  servers. These servers are used when all Stratum 1
# servers are down
#
server clock3.cypress.com
server clock2.cypress.com

# Configure to be a multicast client
multicastclient 224.0.1.1
0
 
LVL 6

Expert Comment

by:bpeterse
ID: 17989501
If you're asking whether or not to use multicast - then no - don't use it as it is inefficient and very 'chatty' for your bandwidth.  

This is how our server - on the dmz - is configured (ntp.conf):

server 10.0.1.1
server 127.127.1.0
fudge 127.127.1.0 stratum 0

broadcast 224.0.1.1 ttl 4

enable auth monitor
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 48

Expert Comment

by:Tintin
ID: 17989942
See http://en.wikipedia.org/wiki/Multicast for more information on multicast.


As bpeterse says, most people specify 1 or more NTP servers specifically.


0
 

Author Comment

by:rdashokraj
ID: 17990053
Tintin, just to confirm:   Shall I recommend my management to disable the 'multicast' option in all the NTP Servers and Clients (execpt the Master server) and have only the server option enabled which points to the master time server in our WAN?
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 200 total points
ID: 17990127
The most common set up is:

A server in the DMZ (this might be your DNS or mail server) is set up to source NTP from various public Internet NTP servers.  The easiest way is to use the pool addresses, see

http://ntp.isc.org/bin/view/Servers/NTPPoolServers

for details.

Then you you either have all your other hosts source their time from your DMZ NTP server, or alternatively, you may have 1 or more additional NTP servers sitting on your LAN that reference the DMZ server and NTP clients reference the LAN NTP servers.

0
 

Author Comment

by:rdashokraj
ID: 17990256
Thanks a lot for your explanation !!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now