Symmetricom S100 manual Other NTP Considerations, Clients

Other NTP Considerations

The following are information modules regarding NTP. They are used here as a FYI.

Clients

An NTP client can have a number of servers, and broadcast and non-broadcast servers can be used by the same client. NTP clients synchronize their time to match NTP servers, while NTP servers never synchronize their time to match NTP clients. However, NTP clients can also be NTP servers to clients of their own.

There are several points to consider for various client configurations. Normal NTP clients are set up with the server keyword, while broadcast and multicast clients are setup with the broadcastclient and multicastclient keywords. There is no client keyword.

Setting up a computer as an NTP client requires adding several lines to the ntp.conf file and restarting ntpd.

For example, configure the NTP client to synchronize with a couple of alternate NTP servers in the event the primary NTP server is unavailable. This is important since an failure of the primary NTP server is unlikely to be noticed promptly.

The client servers should be as independent as possible. The dependency chain of an NTP server can be determined by running the ntptrace command with each server. If possible, servers should not share common NTP parents. To identify a server as preferred, enter the keyword “prefer” to the right of the server name/IP address. A preferred server will be used as a synchronization source if it meets a minimum accuracy level, even if there are other more accurate servers. However, if a preferred server is far outside of the accuracy bounds determined by consulting other servers, it will be discarded. In general, a server will not fall outside these accuracy bounds unless it or the majority of other servers are misconfigured. Using preferred servers allows setting up clients to prefer a clock that is known to be very accurate. The time exchange between the client and server can also be protected with an authentication key.

Clients can also be configured to respond to broadcast or multicast packets sent by a broadcast or multicast NTP server.

Broadcast and multicast are generally used as the primary server on a LAN or subnet. Using broadcast or multicast allows synchronizing a large number of clients without creating large amounts of NTP traffic. In addition, servers can be changed easily, since clients do not listen for a specific server when they are in broadcast mode. Because the links are mostly local, this allows accurate synchronization for the clients. The important NTP servers within an enterprise (generally low stratum numbers) and any servers separated by large distances or low latency links should use non-broadcast mode in order to maintain close synchronization.

If the clients are not configured to synchronize with a specific group of servers, a rogue system can influence the synchronization process by broadcasting invalid time information. To defend against this threat, authentication and access control should be used to help limit potential synchronization sources.