Am 08.10.2013 22:57 schrieb "Ryan Malayter" <[email protected]>: > > On Tue, Oct 8, 2013 at 3:41 PM, Arnold Schekkerman > <[email protected]> wrote: > > Hi Ryan, > > What is the advantage of off-host servers? why not use the host as (single) > > time-source for all virtual client machines? > In a xen environment there is no real need to run the ntpd on "the host". Since dom0 is basically just another guest, there is in my opinion no need to use Dom0 as time server.
Sure, Dom0 must always be available but that's basically all there is... > The security policy of most production virutalization environment's > I've seen explicitly prevents the VMs from talking to the host server > at all via the network. They're usually on separate VLANs with > whatever ACLs/firewalls in-between. If you don't have those same sort > of security requirements, what you describe sounds efficient. > And it could be just another DomU (or guests) on xen... > A second potential problem is that VMs *move* between hosts while > they're live and running. So you never really know which physical host > you're going to be on, so you don't know which server to talk to. This could pose some issues. But if you're using an environment like that than there is for sure some way to provide a bare metal time server. I would be interested in how ntp handles beeing moved around like that anyway (there will for sure be many missed ticks and counters if the VM is migrated life) > Something like VMware DRS moves servers all the time, and even shuts > down hosts automatically at night to save electricity. So you would > need some sort of isolated network with the same IP range configured > in each VM and on each host. Ugly. In such an environment you will for sure have a dedicated management LAN for the VMs and use a jump host for access. Would there be any harm in using this infrastructure for ntp as well? > Or maybe multicast clients with the > hosts acting as multicast servers. > How about broadcast servers? Sure, time keeping is not as good as in client-server mode but with the low latencies on the virtual LAN... > There is always the "time sync" option in the VM tools packages for > various hypervisors, but that doesn't seem to work as well as running > NTPd or the Windows Time Service inside the VM in my experience. Yes. Time keeping is very hard. Dynamic frequency scaling, multi core systems and virtualisation do pose some issues. And processor manufacturers that introduce new counters quite often because they tend to break the existing ones on a regular basis are not really helping either! Best regards, Marco
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
