NTP Design
NTP is often not designed, but rather implemented in the simplest possible way. Many people mistakenly believe all they need to do is configure a single NTP source and their time problems will be solved. This idea is perpetuated because it usually works. But what would happen to your network if the original time source stopped responding or became inaccurate?
I learned about NTP the hard way. I configured a single time source for the core switches on a large network. I thought I was being clever by having all the other devices on the network get accurate time from my core switches. This meant that only the core switches needed to take up Internet bandwidth with NTP requests, instead of potentially hundreds of other devices.
One day, the time source stopped responding to our requests. However, we never knew of the failure. The core switches (6509s) were still acting as NTP servers, so everyone appeared to have accurate time. In this case, the devices were all close in time to each other, but not to the real time (Coordinated Universal Time, or UTC). Still, the difference between UTC and the time being reported was minorâperhaps a minute different over the course of a few months.
Tip
Lesson #1: Always have more than one time source. Not only will NTP failover to another source in the event of a failure, but it will choose the most accurate one available. A minimum of three NTP servers should be configured for core devices.
At some point, we needed to reboot the core switches ...
Get Network Warrior now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
