NTP is often not designed, but rather implemented, in the simplest possible way. Many people mistakenly believe all they need to do is configure a single NTP source, and their time problems will be solved. This idea is perpetuated because it usually works. But what would happen to your network if the original time source stopped responding or became inaccurate?
I learned about NTP the hard way when I configured a single time source for the core switches on a large network. I thought I was being clever by having all the other devices on the network get accurate time from my core switches. This meant that only the core switches needed to take up Internet bandwidth with NTP requests, instead of potentially hundreds of other devices.
One day, the time source stopped responding to our requests, but we never knew about the problem. The core switches (6509s) were still acting as NTP servers, so everyone appeared to have accurate time. In this case, the devices were all close in time to one another, but not to the real time (Coordinated Universal Time, or UTC). Still, the difference between UTC and the time being reported was minor—perhaps a minute different over the course of a few months.
Lesson #1: Always have more than one time source. Not only will NTP failover to another source in the event of a failure, but it will choose the most accurate one available. Configure a minimum of three NTP servers for core devices.
At some point, we needed to reboot the core switches for ...