Hochschule Augsburg
NTP Service
NTP Subnet

This sketch of our NTP subnet shows the relationships
between the various hosts. Lines with one arrowhead point
from the client to the server in a relationship, lines with
arrowheads at both ends mean peer relationships.
The yellow circles in the top row depict the external (stratum 1)
servers we refer to. Clicking on one of them will link to the Web
page of the respective operator. The abbreviations in the circles
tell to which kind of primary (stratum 0) time source the
respective server is connected.
The blue rounded rectangles are our own, simple GPS and DCF77
receivers (forced to stratum 1 or lower). Clicking on one of them
will display a status report of this clock device by calling the
´ntpq -c ps´
command.
The grey rounded rectangles symbolize the NTP Pool membership
of our reference servers. Clicking on one of these symbols will
display a NTP Pool web page showing the monitoring history for
the respective server in a diagram.
The yellow rectangles in the middle row are the NTP reference
(stratum 2) servers for our campus network, and the ones in the
bottom row are the distribution (stratum 3) servers. Those with
solid frames are real servers and the others with dotted frames
are virtual servers.
Clicking on a server's name will display a peer status report of
this host by calling the
´ntpq -c pe´
command.
Clicking on the yellow background around the name links to a statistics
page about the local loop and the servers the host refers to.
Structure
Structuring our campus subnet we followed the recommendations in
'Configuring NTP and Setting up a NTP Subnet'.
Three hosts (the minimum number for robustness) each refer
to three different servers in the internet and peer with
each other. Some other hosts (used mainly for other services)
refer to these three internal NTP reference servers and are
peeked by several clients.
There should be two primary servers and one secondary
(buddy) server per campus reference server. In Germany,
there are some public secondary (stratum 2) servers and
only a few primary
ones. So we need them all, though they are peering
each other and may form disadvantageous loops. Fortunately,
as primary servers, they are normally ruled by primary time
sources (GPS, DCF77, PTB).
Actually,
our GPS and DCF77 receivers should enable us to participate
in the world wide NTP network as a primary reference.
But these devices are rather primitive and unprecise, even the
GPS. Anyway, we use them only as a backup time source,
automatically chosen by the NTP daemon when our connection to
the Internet is down or congested (what sometimes happens).
This is accomplished by forcing down these "clocks"
to stratum 1, the same stratum as that of the external servers,
or even lower. Our reference servers are therefore at stratum 2.
We found out that
our NTP servers usually perform far better when controlled
by the external references than when controlled by one of the
clock receivers. That's why they are only fallback time sources.
The distribution servers referring to the reference servers are
at stratum 3 and still have a decently small clock offset.
They are peeked by several clients at boot time and
regularly, assigning those clients to stratum 4.
NTP broadcast is installed but no multicast.
Reference Servers
The three reference servers (time1, time2, time3)
are simple "industrial" PCs running Linux. They
are connected to the same power supply and network switch.
Despite of this, they are still viewed as backing up each
other, and in fact they are. There is not much to do for
these hosts. Normally servicing NTP, only a few network
daemons are held active.
In case of power power failure, all servers are still
powered by an uninterruptible power supply (UPS), but are
cut off the network since the main switches are down. For
several hours the NTP deamon could survive with only the
internal hardware clock, but the UPS battery will reach
not nearly as long. After a while, the servers will go
down too, as already the rest of our net. In practice,
there is no problem at all. All works very well and makes
a pretty stable and robust NTP network.
Distribution Servers
All workstations should refer to
time.hs-augsburg.de
. It's a fast virtual
machine doing nothing but NTP service and this website, and
delivering pretty accurate time, despite its virtual character
and despite a statement by VMware that virtual machines are
not really good timekeepers.
Servers and workstations in need of system time as accurate as
possible should refer to
time.rz.hs-augsburg.de
.
That's an alias of the main campus server, a fast real
machine running nearly all network services, just including NTP
service. This machine is also the campus NTP broadcast server.
Network
We have a direct Internet connection and a second one as a backup.
Our routers connect to the German Research Network G-WiN.
Speed is good under normal conditions, and connection
is interrupted only rarely for a usually short while.
Network congestion sometimes occurs on weekdays when bandwidth
is exhausted by many on-campus users at the same time.
The reference servers each have a 100 MBit NIC and are attached
to a switch on a 1 GBit line, crossing two switches to the
Internet routers. The distribution servers are on 1 GBit lines
as well.