Re: [ntp:questions] multiple instances of NTP on different interfaces

Wed, 06 Mar 2013 01:00:12 -0800 

unruh <un...@invalid.ca> wrote:
> On 2013-03-05, Rob <nom...@example.com> wrote:
>> unruh <un...@invalid.ca> wrote:
>>> On 2013-03-05, Rob <nom...@example.com> wrote:
>>>> David Woolley <david@ex.djwhome.demon.invalid> wrote:
>>>>> Abu Abdullah wrote:
>>>>>
>>>>>> 
>>>>>> Does this mean ntpd is not supposed to be run in parallel? Is there any
>>>>>
>>>>> It is not seen as something anyone would want to do.
>>>>
>>>> I could understand why someone would want to run one instance that
>>>> controls the clock, and another instance that only serves time to
>>>> clients on the (inter)net and cannot control the clock.
>>>
>>> You could? I cannot. ntpd both controls the clock and serves time. Why
>>> would you want to split those?
>>
>> Because the users of the clock service may be able to disturb that
>> service, e.g. by overloading it, by making it crash sending it invalid
>> requests, etc.  Some people may consider the service to keep their own
>> clock correct to be more important than the service to tell time to
>> others.
>>
>> Seeing the reply that the OP posted in the meantime, I was not too far
>> off.  He wants a separation between the internal use of NTP to sync
>> the local and other important systems, from the service to give time
>> to others.
>>
>> I think it is a reasonable wish.  Certainly not something that nobody
>> would want to do.
>
> Well, I would just put the outside service onto some inconsequential
> machine at a higher stratum and have it read time from an inside server. 
> If you are worried about someone crashing it, you do not want it to be
> on the same machine, since that crash is liable not to crash ntpd but
> the whole machine anyway. 
>
> Ie do not run them on the same machine if that is your worry.

He has only one machine.
Running separate processes on a single machine, where you can set different
resource limits for the processes, is better than doing everything in
a single process.

Maybe best for him is to use virtualization and run all the public services
in the virtual machine.  Hacking a virtual machine is another step beyond
disturbing an ntp process.

_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
  • [ntp:questions... Abu Abdullah
    • Re: [ntp:... E-Mail Sent to this address will be added to the BlackLists
      • Re: [... Abu Abdullah
        • R... David Woolley
          • ... Rob
            • ... unruh
              • ... E-Mail Sent to this address will be added to the BlackLists
              • ... Rob
                • ... unruh
                • ... Rob
                • ... Abu Abdullah
                • ... unruh
                • ... E-Mail Sent to this address will be added to the BlackLists
                • ... Abu Abdullah
                • ... unruh
                • ... Uwe Klein
                • ... Rob
                • ... Uwe Klein
            • ... David Woolley

Reply via email to