On Monday 25 July 2005 21:40, Yedidyah Bar-David wrote:
> > And the netvision server. All seem to sync from that startum 1 server at
> > HUJI.
>
> No, timeserver.iix.net.il has its own gps.
Hello,
Among the public NTP servers available, none is stratum 1, as stratum 1
should never be made public, but instead it should serve a series of stratum 2
servers who serve the public. The legendary ntp.ac.il, which was for a long
period the only stratum 1 NTP server in Israel used to sync from an atomic
clock at the National physics laboratory at HUJI. That clock however is no
longer used, and ntp.ac.il is now ntp.ilan.net.il, to be used by the Academia
but I think it's also public, and it is a GPS based clock. Also, HUJI has
ntp.huji.ac.il, but it can only be used by .ac.il AFAIR (GPS as well). As for
other public clocks, ntp.iix.net.il (also known as timeserver.iix.net.il) is
actually two clocks (both stratum 2, do nslookup and see you get 2 IPs), each
clock is sync'ed by 3 stratum 1 servers, 2 of them mentioned above, and the
remaining one is a GPS clock owned by ISOC-IL.
The standing best practice would be to have the ISPs and large enterprise
organizations install their own NTP server inside their network, which in turn
would sync with ntp.iix.net.il and 2 other sources of choice, and will provide
NTP service to their customers. This server would be stratum 3 (or stratum 2
if the ISP/Enterprise decides to install it's own stratum 1). This model
follows closely the original idea behind the way NTP was designed.
Installing an NTP server for ones clients needs to be done carefully,
in terms of security, in order to not allow someone to change the time on
the NTP server, and to allow the NTP server to only sync with authorized
and if possible authenticated clocks.
--Ariel
--
Ariel Biener
e-mail: [EMAIL PROTECTED]
PGP: http://www.tau.ac.il/~ariel/pgp.html
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
