Solved

NTP Client clarification

Posted on 2006-11-21
7
558 Views
Last Modified: 2013-12-27
Hello Experts,

One of NTP client conf file look like this and in which I found only one line is enabled (multicastclient). I'm not clear about this. What I understood (assumed) is that, using this multicast address (224.0.1.1) the NTP client will query a bunch of internet NTP servers present in this network and try to get the time information. If it works in this way, will it not hang the internet as there could be billions of NTP clients querying at regular intervals of time. Please claify me.


> cat /etc/inet/ntp.client
# ident "@(#)ntp.client 1.3     00/07/17 SMI"
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#

multicastclient 224.0.1.1              <---------



Thanks,
Ashok
0
Comment
Question by:rdashokraj
  • 3
  • 2
  • 2
7 Comments
 
LVL 6

Accepted Solution

by:
bpeterse earned 200 total points
ID: 17988942
You should have one server on your WAN that synchs to an outside time server - all the other servers in your 'farm' will synch to that one master time server on your WAN.

The clients on your WAN will copy their /etc/inet/ntp.client file to /etc/inet/ntp.conf:

# ident "@(#)ntp.client 1.3     00/07/17 SMI"
#
# /etc/inet/ntp.client
#
# An example file that could be copied over to /etc/inet/ntp.conf; it
# provides a configuration for a host that passively waits for a server
# to provide NTP packets on the ntp multicast net.
#

#multicastclient 224.0.1.1
server {ip_of_your_internal_time_server}

The server is handled similarly, but ntp.server is copied to ntp.conf

HUP or start your /usr/lib/inet/xntpd

Verify the synching with 'ntpq -p'
0
 

Author Comment

by:rdashokraj
ID: 17989057
Thanks for your response. You mean to say that having setup like this is inefficient and will it flood our network/Internet traffic ? Please clarify.  The ntp.conf file of one of the NTP client is given below:

> cat /etc/inet/ntp.conf
# NTP Configuration file for Brookhaven National Laboratory

# Use the three BNL clockserver machines as servers.  Note that these
# are DNS aliases for real machines.  You should always specify the
# clockserver aliases rather than the canonical names in case the clockservers
# should move to another machine at some future date.

# Server Internal Clock
# Take out the comment for the server of this file
#server 127.127.1.0 prefer         # local clock driver
#fudge 127.127.12.0 stratum 7

#
# Setup outside Stratum 1 servers. NTP will use these first
#server tick.ucla.edu
#server ntp.nasa.gov
#server time.nist.gov
#server tick.usnogps.navy.mil

# Setup inside Stratum 2 servers. These servers are used when all Stratum 1
# servers are down
server clock1.cypress.com

# Setup outside Stratum 3  servers. These servers are used when all Stratum 1
# servers are down
#
server clock3.cypress.com
server clock2.cypress.com

# Configure to be a multicast client
multicastclient 224.0.1.1
0
 
LVL 6

Expert Comment

by:bpeterse
ID: 17989501
If you're asking whether or not to use multicast - then no - don't use it as it is inefficient and very 'chatty' for your bandwidth.  

This is how our server - on the dmz - is configured (ntp.conf):

server 10.0.1.1
server 127.127.1.0
fudge 127.127.1.0 stratum 0

broadcast 224.0.1.1 ttl 4

enable auth monitor
driftfile /var/ntp/ntp.drift
statsdir /var/ntp/ntpstats/
filegen peerstats file peerstats type day enable
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable

0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 48

Expert Comment

by:Tintin
ID: 17989942
See http://en.wikipedia.org/wiki/Multicast for more information on multicast.


As bpeterse says, most people specify 1 or more NTP servers specifically.


0
 

Author Comment

by:rdashokraj
ID: 17990053
Tintin, just to confirm:   Shall I recommend my management to disable the 'multicast' option in all the NTP Servers and Clients (execpt the Master server) and have only the server option enabled which points to the master time server in our WAN?
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 200 total points
ID: 17990127
The most common set up is:

A server in the DMZ (this might be your DNS or mail server) is set up to source NTP from various public Internet NTP servers.  The easiest way is to use the pool addresses, see

http://ntp.isc.org/bin/view/Servers/NTPPoolServers

for details.

Then you you either have all your other hosts source their time from your DMZ NTP server, or alternatively, you may have 1 or more additional NTP servers sitting on your LAN that reference the DMZ server and NTP clients reference the LAN NTP servers.

0
 

Author Comment

by:rdashokraj
ID: 17990256
Thanks a lot for your explanation !!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now