cfan73
asked on
NTP design, reference appliances
I'm looking for input for a customer looking to refine their NTP design, which is currently a bit “all over the place”, and causing issues.
They are a 100% Cisco shop (routing, switching, firewall and voice), and all of their NTP currently rolls up to ntp.pool.org. Their Windows DCs and ESXi hosts point directly to ntp.pool.org, and everything else rolls up to the DCs in a few layers/stratums. They are also a Cisco voice environment (Cisco Communications Manager, etc.) and all of these servers point to the Windows DCs (stratum 3), which is not recommended by Cisco design/SRND docs due to potential issues in synchronizing with MS NTP services.
I think there are possibly a couple quick hits, in maybe reconfiguring the Cisco voice stuff to point to their core Cisco switches. That said, they’ve expressed interest in having their own reference servers/hardware, (maybe with backup to ntp.pool.org) so I’m needing input on ways to provide for that. They have three locations, so a reference source at each would provide the 3x redundancy to anchor time.
So, my specific questions:
• Could I get some input regarding options for reference NTP servers? These could be 3rd-party appliances with GPS, maybe a cellular/CDMA card to go into a Cisco router, etc.?
• Is the stratum of an NTP device dictated purely by the stratum of the device it obtains time from? Meaning, if I have a GPS device at stratum 0, would any other device pointed at that automatically be considered stratum1? (I think the real question here is whether you can actually manually configure the stratum level on an NTP device besides having it “inherited.”)
• Corollary to the above, would it be thus impossible to have two devices at the same stratum level look to each other for time?
Thank you – it’s been a bit of a challenge finding good NTP design docs.
They are a 100% Cisco shop (routing, switching, firewall and voice), and all of their NTP currently rolls up to ntp.pool.org. Their Windows DCs and ESXi hosts point directly to ntp.pool.org, and everything else rolls up to the DCs in a few layers/stratums. They are also a Cisco voice environment (Cisco Communications Manager, etc.) and all of these servers point to the Windows DCs (stratum 3), which is not recommended by Cisco design/SRND docs due to potential issues in synchronizing with MS NTP services.
I think there are possibly a couple quick hits, in maybe reconfiguring the Cisco voice stuff to point to their core Cisco switches. That said, they’ve expressed interest in having their own reference servers/hardware, (maybe with backup to ntp.pool.org) so I’m needing input on ways to provide for that. They have three locations, so a reference source at each would provide the 3x redundancy to anchor time.
So, my specific questions:
• Could I get some input regarding options for reference NTP servers? These could be 3rd-party appliances with GPS, maybe a cellular/CDMA card to go into a Cisco router, etc.?
• Is the stratum of an NTP device dictated purely by the stratum of the device it obtains time from? Meaning, if I have a GPS device at stratum 0, would any other device pointed at that automatically be considered stratum1? (I think the real question here is whether you can actually manually configure the stratum level on an NTP device besides having it “inherited.”)
• Corollary to the above, would it be thus impossible to have two devices at the same stratum level look to each other for time?
Thank you – it’s been a bit of a challenge finding good NTP design docs.
ASKER
@Dr. Klahn
Thanks for your feedback. I guess one use case for a GPS-based appliance would be to protect against an Internet outage.
Thanks for your feedback. I guess one use case for a GPS-based appliance would be to protect against an Internet outage.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We just run 2 simple linux servers in out network. that sync time with pool.ntp.org. and then all network devices sync there time on the linux boxes. this is running now for more than 15 years without any problems.
ASKER
Some additional info, and then I'll close the thread. It turns out the customer (a casino) has a physical surveillance/security system that is independent from their network infrastructure, and keeping the network stuff within as accurate as possible sync with that system is why they were looking for a GPS-based system. Looks like we're going to put in some Microsemi appliances.
Thanks for all of your input!
Thanks for all of your input!
Can you do it? Sure. Is it worth doing it? I/M/O, no, unless you must because your IT Security department is really paranoid about blocking the NTP ports at the firewall.