Re: NTP question

[Eric S. Raymond]

Mel Beckman :
> It’s hard to consider messing with signal converters and pricey 
> remotely-powered active antennas when you can solve the problem for $300. :)

The recipe I posted a link to upthread is cheaper.

https://www.ntpsec.org/white-papers/stratum-1-microserver-howto/
-- 
http://www.catb.org/~esr/;>Eric S. Raymond

Re: NTP question

[Eric S. Raymond]

Alejandro Acosta :
> "The built in high sensitivity GPS receiver is able to lock multiple
> satellites from within multiple buildings or from a window location*,
> eliminating the requirement that an outdoor antenna be installed*."

Even relatively low-end GPS hardware can do this now.

https://www.ntpsec.org/white-papers/stratum-1-microserver-howto/

That's my recipe for a GPS-based Stratum 1 server built from a RasPi and
any one of several generally-available GPS daughterboards.  Cost less than
$100.

A window location works just fine.  I have six of these on the
windowsill above my desk - they're my test fleet for NTPsec. The trees
near the outside of that window aren't a problem, and while it isn't
*guaraneed* that you have a 4-satellite lock at any ven time periods
of no tracking tend to be short.
-- 
http://www.catb.org/~esr/;>Eric S. Raymond

Re: NTP question

[Eric S. Raymond]

Brielle Bruns :
> I've got a WWVB clock as well that I'd love to get hooked into my main NTP
> server, but I worry they're going to finally kill that off in the next year
> or so.

Alas, your WWVB clock is probably already almost useless except as a
wall decoration.

The modulation of the subsecond part of the WWVB signal changed in 2012. If
your clock is older than that, the best it can still do is pick up the
low-precision per-second tick.
-- 
http://www.catb.org/~esr/;>Eric S. Raymond

Re: NTP question

[william manning]

well, if they all go down, here is my backup clock.


On Fri, May 3, 2019 at 10:04 AM Seth Mattinen  wrote:

>
> On 5/1/19 8:35 PM, Mel Beckman wrote:
> > But wait. What is the GPS constellation goes down? THEN we have bigger
> problems
>
>
> For timing if we lose the WWV stations and CDMA, then it seems the
> diversity plan is going to be a combination of US GPS, Galileo, and
> GLONASS disciplined sources.
>

Re: NTP question

[Seth Mattinen]

On 5/1/19 8:35 PM, Mel Beckman wrote:

But wait. What is the GPS constellation goes down? THEN we have bigger problems



For timing if we lose the WWV stations and CDMA, then it seems the 
diversity plan is going to be a combination of US GPS, Galileo, and 
GLONASS disciplined sources.

Re: NTP question

[Ge DUPIN]

It is called Galileo :)
Ge

> Le 2 mai 2019 à 22:35, Scott Weeks  a écrit :
> 
> 
> 
>> But wait. What is the GPS constellation goes down? 
>> THEN we have bigger problems :)
>> --
>> 
>> 
>> What if the US military intentionally messes with 
>> the signal to thwart the advances of an enemy who 
>> is using GPS in their attack?  ;-)
> 
> --- m...@beckman.org wrote:
> 
> Enemies aren’t dependent on US GPS, by the way. lol!
> ---
> 
> Oops, but still from the second link: "...which could 
> be disabled or degraded by their operators at any time"
> 
> Most big countries say the same: "...will provide an 
> alternative global navigation satellite system..."
> 
> scott
> 
> 
> 
> Details for the intrested.
> 
> 
> https://en.wikipedia.org/wiki/GLONASS
> 
> "Russian...provides an alternative to GPS and is the 
> second navigational system in operation with global 
> coverage and of comparable precision. 
> 
> 
> https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)
> 
> "...live in 2016,[4] created by the European Union"
> "...so European nations do not have to rely on the 
> U.S. GPS, or the Russian GLONASS systems, which could 
> be disabled or degraded by their operators at any time"
> 
> 
> https://en.wikipedia.org/wiki/BeiDou
> 
> "a Chinese satellite navigation systemBeidou-1 was 
> decommissioned at the end of 2012."
> "BeiDou-2, became operational in China in December 2011 
> with a partial constellation of 10 satellites in orbit.
> Since December 2012, it has been offering services to 
> customers in the Asia-Pacific region."
> "In 2015, China started the build-up of the third 
> generation BeiDou system (BeiDou-3) for global coverage 
> constellation. The first BDS-3 satellite was launched on 
> 30 March 2015.[5] As of October 2018, fifteen BDS-3 
> satellites have been launched[6]. BeiDou-3 will 
> eventually consist of 35 satellites and is expected to 
> provide global services upon completion in 2020. When 
> fully completed, BeiDou will provide an alternative 
> global navigation satellite system to the United States 
> owned Global Positioning System (GPS),[7][8] the Russian 
> GLONASS or European Galileo systems and is expected 
> to be more accurate than these
> 
> 
> 
> https://en.wikipedia.org/wiki/Indian_Regional_Navigation_Satellite_System
> 
> "...is an autonomous regional satellite navigation 
> system that provides accurate real-time positioning 
> and timing services.[4] It covers India and a region 
> extending 1,500 km (930 mi) around it, with plans for 
> further extension."
> 
> 
> https://en.wikipedia.org/wiki/Quasi-Zenith_Satellite_System
> 
> "...a project of the Japanese government for the 
> development of a four-satellite regional time transfer 
> system and a satellite-based augmentation system for the 
> United States operated Global Positioning System (GPS) 
> to be receivable in the Asia-Oceania regions, with a 
> focus on Japan.
> 
> 
> 

Re: NTP question

[Scott Weeks]

> But wait. What is the GPS constellation goes down? 
> THEN we have bigger problems :)
> --
> 
> 
> What if the US military intentionally messes with 
> the signal to thwart the advances of an enemy who 
> is using GPS in their attack?  ;-)

--- m...@beckman.org wrote:

Enemies aren’t dependent on US GPS, by the way. lol!
---

Oops, but still from the second link: "...which could 
be disabled or degraded by their operators at any time"

Most big countries say the same: "...will provide an 
alternative global navigation satellite system..."

scott



Details for the intrested.


https://en.wikipedia.org/wiki/GLONASS

"Russian...provides an alternative to GPS and is the 
second navigational system in operation with global 
coverage and of comparable precision. 


https://en.wikipedia.org/wiki/Galileo_(satellite_navigation)

"...live in 2016,[4] created by the European Union"
"...so European nations do not have to rely on the 
U.S. GPS, or the Russian GLONASS systems, which could 
be disabled or degraded by their operators at any time"


https://en.wikipedia.org/wiki/BeiDou

"a Chinese satellite navigation systemBeidou-1 was 
decommissioned at the end of 2012."
"BeiDou-2, became operational in China in December 2011 
with a partial constellation of 10 satellites in orbit.
Since December 2012, it has been offering services to 
customers in the Asia-Pacific region."
"In 2015, China started the build-up of the third 
generation BeiDou system (BeiDou-3) for global coverage 
constellation. The first BDS-3 satellite was launched on 
30 March 2015.[5] As of October 2018, fifteen BDS-3 
satellites have been launched[6]. BeiDou-3 will 
eventually consist of 35 satellites and is expected to 
provide global services upon completion in 2020. When 
fully completed, BeiDou will provide an alternative 
global navigation satellite system to the United States 
owned Global Positioning System (GPS),[7][8] the Russian 
GLONASS or European Galileo systems and is expected 
to be more accurate than these



https://en.wikipedia.org/wiki/Indian_Regional_Navigation_Satellite_System

"...is an autonomous regional satellite navigation 
system that provides accurate real-time positioning 
and timing services.[4] It covers India and a region 
extending 1,500 km (930 mi) around it, with plans for 
further extension."


https://en.wikipedia.org/wiki/Quasi-Zenith_Satellite_System

"...a project of the Japanese government for the 
development of a four-satellite regional time transfer 
system and a satellite-based augmentation system for the 
United States operated Global Positioning System (GPS) 
to be receivable in the Asia-Oceania regions, with a 
focus on Japan.

Re: NTP question

[Mel Beckman]

Like I said, bigger problems. :)

Enemies aren’t dependent on US GPS, by the way. lol!

-mel via cell

> On May 2, 2019, at 12:31 PM, Scott Weeks  wrote:
> 
> 
> 
> --- m...@beckman.org wrote:
> From: Mel Beckman 
> 
> But wait. What is the GPS constellation goes down? 
> THEN we have bigger problems :)
> --
> 
> 
> What if the US military intentionally messes with 
> the signal to thwart the advances of an enemy who 
> is using GPS in their attack?  ;-)
> 
> scott

Re: NTP question

[Scott Weeks]

--- m...@beckman.org wrote:
From: Mel Beckman 

But wait. What is the GPS constellation goes down? 
THEN we have bigger problems :)
--


What if the US military intentionally messes with 
the signal to thwart the advances of an enemy who 
is using GPS in their attack?  ;-)

scott

Re: NTP question

[James R Cutler]

> On May 2, 2019, at 2:44 PM, Harlan Stenn  wrote:
> 
> 
> 
> On 5/2/2019 9:13 AM, James R Cutler wrote:
>>> On May 2, 2019, at 10:59 AM, William Herrin >> > wrote:
>>> 
>>> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn >> > wrote:
>>> 
>>>It's not clear to me that there's anything *wrong* with using the
>>>pool,
>>>especially if you're using our 'pool' directive in your config file.
>>> 
>>> 
>>> The one time I relied on the pool I lost sync a year later when all
>>> three servers the configuration picked withdrew time services and the
>>> still-running ntp client didn't return to the names to find new ones.
>>> Wonderful if that's fixed now but the pool folks argued just as
>>> strongly for using it back then.
>>> 
>>> Also, telling the security auditor that you have no idea who supplies
>>> your time source is pretty much a non-starter. You can convince them
>>> of a lot of things but you can't convince them it's OK to have no idea
>>> where critical services come from.
>>> 
>>> That's what's wrong with the pool.
>>> 
>>> Regards,
>>> Bill Herrin
>>> 
>>> 
>>> -- 
>>> William Herrin  her...@dirtside.com
>>>   b...@herrin.us 
>>> Dirtside Systems . Web: 
>> 
>> I have only ever used the pool as a supplement to other servers. Here is
>> a snippet from ntp.conf that was found in the bottom of a locked filing
>> cabinet stuck in a disused lavatory with a sign on the door saying
>> 'Beware of the Leopard.’ *
>> 
>>#External Time Synchronization Source Servers
>>#
>>servertick.usno.navy.mil# open access
>>servertime.apple.com # open access
>>serverTime1.Stupi.SE# open access
>>serverntps1-0.uni-erlangen.de # open
>>access
>>server0.pool.ntp.org # open access
>>server1.pool.ntp.org # open access
>>server2.pool.ntp.org # open access
> 
> I recommend you replace the above 3 lines with:
> 
> pool CC.pool.ntp.org
> 
> where CC is an appropriate country code or region.
> 
> H
> --
>>servernist1-nj2-ustiming.org # open
>>access
>>servernist1-chi-ustiming.org # open
>>access
>>servernist1-pa-ustiming.org # open access
>>#
>> 
>> 
>> I have not kept up with pool changes since then.
>> 
>> *Apologies to Douglas Adams
> 
> -- 
> Harlan Stenn, Network Time Foundation
> http://nwtime.org - be a Member!

Harlan,

That is good advice.  

Company($dayjob) no longer exists, but I will remember your advice next time I 
configure 4 or more Mac minis as an NTP peer group in my home office lab — I 
let the last configuration lapse as keeping up with Apple hardware and macOS 
changes was challenge enough and I no longer supported Network Time Services 
for any $dayjob or client.

The only other note is that, for Company($dayjob), I obtained explicit 
permission from each of a set of globally distributed time services (not shown 
above). I recommend that any new NTP peer group be configured with as diverse a 
set of servers as possible, not limited to just pool and not limited to a 
single connection type. 

Thank you.

Jim
-
James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net

Re: NTP question

[Harlan Stenn]

On 5/2/2019 7:59 AM, William Herrin wrote:
> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn  > wrote:
> 
> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool' directive in your config file.
> 
> 
> The one time I relied on the pool I lost sync a year later when all
> three servers the configuration picked withdrew time services and the
> still-running ntp client didn't return to the names to find new ones.
> Wonderful if that's fixed now but the pool folks argued just as strongly
> for using it back then.

Were you using 'server' entries in your ntp.conf file or a 'pool' directive?

> Also, telling the security auditor that you have no idea who supplies
> your time source is pretty much a non-starter. You can convince them of
> a lot of things but you can't convince them it's OK to have no idea
> where critical services come from.

I'm not saying you *should* use the pool, or that you should *only* use
the pool.  The pool *can* be used responsibly.  And I suspect Ask and
his crew have documented things well enough that you could point an
auditor at the docs for the 'pool' directive and the monitoring efforts
that the Pool does, and between that and peering with your other
internal S2 sites and some well-chosen external site and perhaps some
local refclocks you would be in fine shape.

> That's what's wrong with the pool.
> 
> Regards,
> Bill Herrin
> 
> 
> -- 
> William Herrin  her...@dirtside.com
>   b...@herrin.us 
> Dirtside Systems . Web: 

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

Re: NTP question

[Harlan Stenn]

On 5/2/2019 9:13 AM, James R Cutler wrote:
>> On May 2, 2019, at 10:59 AM, William Herrin > > wrote:
>>
>> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn > > wrote:
>>
>> It's not clear to me that there's anything *wrong* with using the
>> pool,
>> especially if you're using our 'pool' directive in your config file.
>>
>>
>> The one time I relied on the pool I lost sync a year later when all
>> three servers the configuration picked withdrew time services and the
>> still-running ntp client didn't return to the names to find new ones.
>> Wonderful if that's fixed now but the pool folks argued just as
>> strongly for using it back then.
>>
>> Also, telling the security auditor that you have no idea who supplies
>> your time source is pretty much a non-starter. You can convince them
>> of a lot of things but you can't convince them it's OK to have no idea
>> where critical services come from.
>>
>> That's what's wrong with the pool.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> -- 
>> William Herrin  her...@dirtside.com
>>   b...@herrin.us 
>> Dirtside Systems . Web: 
> 
> I have only ever used the pool as a supplement to other servers. Here is
> a snippet from ntp.conf that was found in the bottom of a locked filing
> cabinet stuck in a disused lavatory with a sign on the door saying
> 'Beware of the Leopard.’ *
> 
> #External Time Synchronization Source Servers
> #
> servertick.usno.navy.mil# open access
> servertime.apple.com # open access
> serverTime1.Stupi.SE# open access
> serverntps1-0.uni-erlangen.de # open
> access
> server0.pool.ntp.org # open access
> server1.pool.ntp.org # open access
> server2.pool.ntp.org # open access

I recommend you replace the above 3 lines with:

 pool CC.pool.ntp.org

where CC is an appropriate country code or region.

H
--
> servernist1-nj2-ustiming.org # open
> access
> servernist1-chi-ustiming.org # open
> access
> servernist1-pa-ustiming.org # open access
> #
> 
> 
> I have not kept up with pool changes since then.
> 
> *Apologies to Douglas Adams

-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

Re: NTP question

[Alain Hebert]

    First sorry for the gender goof, I did a lazy analog translation 
from "pompiers".


    It is a true story that happened to a buddy of mine a few years back.

    People saw smoke (diesel exhaust) coming from the roof of the 
building during a power outage and called 911.


    They did follow protocol, and turn off both fuel and electrical 
system first :(.  The solution was to move them to his parking lot to 
make it more definitive where the smoke is coming from =D.


On 2019-05-02 12:37, Grant Taylor via NANOG wrote:

On 5/2/19 9:32 AM, Alain Hebert wrote:
Unless the Firemen turn your roof generator off because someone in 
the street yelled fire =D


The firemen & women that I've had the pleasure of working with did 
have more brains than that.


Despite their reputation of brute force, they do think.

Building Integrated Timing System (was Re: NTP question)

[Sean Donelan]

On Thu, 2 May 2019, Carsten Bormann wrote:

Why don’t data centers provide a GPS signal along with power and air 
conditioning?
Installing a distribution amplifier for 1.5 GHz is not rocket science.

(Or an Ethernet with IEEE1588 precise time, but that is probably asking too 
much.)


They should :-)

I tried to include time (i.e. Buiding Integrated Timing System) as part of 
the basic data center services (hvac, power, access control, etc) when I 
worked at Equinix many, many years ago. Your data center operator can 
install its GPS (or other time source) antennas, drive the building master 
clock, and distribute time to customers using several different protocols.


For folks with firewall/security concerns, the building master clock can 
drive non-Internet protocols (IRIG-B, IEE1588 PTP, etc) or connections in 
addition to NTP.  You can still have your own NTP server. The difference 
is instead of a GPS antenna connection, your clock box uses the BITS

connection as one of the time sources.

Unfortunately, I was ahead of my time and customers (and sales people) 
didn't really understand the advantages. Yes, the DC operator can screw up 
the BITS just like the DC operator can screw up the power, hvac and access 
control systems.  Everyone wanted a separate GPS antenna, and the sales 
people made more commission selling space on the antenna platform :-(

Re: NTP question

[Grant Taylor via NANOG]

On 5/2/19 9:32 AM, Alain Hebert wrote:
Unless the Firemen turn your roof generator off because someone in 
the street yelled fire =D


The firemen & women that I've had the pleasure of working with did have 
more brains than that.


Despite their reputation of brute force, they do think.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: NTP question

[James R Cutler]

> On May 2, 2019, at 10:59 AM, William Herrin  wrote:
> 
> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn  > wrote:
> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool' directive in your config file.
> 
> The one time I relied on the pool I lost sync a year later when all three 
> servers the configuration picked withdrew time services and the still-running 
> ntp client didn't return to the names to find new ones. Wonderful if that's 
> fixed now but the pool folks argued just as strongly for using it back then.
> 
> Also, telling the security auditor that you have no idea who supplies your 
> time source is pretty much a non-starter. You can convince them of a lot of 
> things but you can't convince them it's OK to have no idea where critical 
> services come from.
> 
> That's what's wrong with the pool. 
> 
> Regards,
> Bill Herrin
> 
> 
> -- 
> William Herrin  her...@dirtside.com 
>   b...@herrin.us 
> Dirtside Systems . Web:  >

I have only ever used the pool as a supplement to other servers. Here is a 
snippet from ntp.conf that was found in the bottom of a locked filing cabinet 
stuck in a disused lavatory with a sign on the door saying 'Beware of the 
Leopard.’ *

#   External Time Synchronization Source Servers
#
server  tick.usno.navy.mil  # open access
server  time.apple.com  # open access
server  Time1.Stupi.SE  # open access
server  ntps1-0.uni-erlangen.de # open access
server  0.pool.ntp.org  # open access
server  1.pool.ntp.org  # open access
server  2.pool.ntp.org  # open access
server  nist1-nj2-ustiming.org  # open access
server  nist1-chi-ustiming.org  # open access
server  nist1-pa-ustiming.org   # open access
#

I have not kept up with pool changes since then.

*Apologies to Douglas Adams

Re: NTP question

[Mike Hammett]

What sort of products are people using to provide timing services to third 
parties in datacenters? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "James Harrison"  
To: nanog@nanog.org 
Sent: Wednesday, May 1, 2019 5:27:38 PM 
Subject: Re: NTP question 

On 01/05/2019 20:29, Job Snijders wrote: 
> The trick is to order a spot on the roof of the datacenter, have the 
> facility staff place the antenna there, and run a cable to the NTP 
> server in your rack. 

Some DCs also offer GPS antenna feeds fed from a splitter, though it's 
important to get the total cable length from the antenna to your 
receiver so you can set your propagation delay offset accordingly. I've 
also been in facilities that distribute IRIG and 10MHz references so you 
can feed a reference directly, but that's fairly rare. 

It's worth asking what your facilities can provide, in either case. Many 
DCs don't want a dozen GPS antennae cluttering the roof up but are happy 
to provide the service from one they look after (for a cost, of course). 

If you have external facilities, of course, so long as you can run 
PTP/1588 back from them, you can always host your clocks there and 
distribute to 1588 masters in the DC. 
-- 
Cheers, 
James Harrison 

Re: NTP question

[Mel Beckman]

Bill,

I did say _today’s_ RTP chips :)

Although as a Mac user with multiple types, many not Internet-connected, I’ve 
never seen any lose minutes per day. You might have a dead clock battery.

 -mel

On May 2, 2019, at 7:57 AM, William Herrin 
mailto:b...@herrin.us>> wrote:

On Wed, May 1, 2019 at 8:35 PM Mel Beckman 
mailto:m...@beckman.org>> wrote:
I can tell you how the GPS server behaves when it loses it signal: it stops 
giving out verified time and lapses into Stratum-“goners” mode. But today’s RTP 
chips don’t start losing seconds-per-day when they are free running. Typically 
they might lose ten seconds per week on cheap systems. That’s of little concern 
if you have two GPS clocks.

The macbook my employer issued gains about 20 minutes a day when not synced. 
Easier to not replace it because oh look, the drive is soldered to the 
motherboard.

I've taken to calling it my crapbook. Really disappointed with the quality out 
of Apple lately.

-Bill


--
William Herrin  her...@dirtside.com 
 b...@herrin.us
Dirtside Systems . Web: 

Re: NTP question

[James Harrison]

On 01/05/2019 20:29, Job Snijders wrote:
> The trick is to order a spot on the roof of the datacenter, have the
> facility staff place the antenna there, and run a cable to the NTP
> server in your rack.

Some DCs also offer GPS antenna feeds fed from a splitter, though it's
important to get the total cable length from the antenna to your
receiver so you can set your propagation delay offset accordingly. I've
also been in facilities that distribute IRIG and 10MHz references so you
can feed a reference directly, but that's fairly rare.

It's worth asking what your facilities can provide, in either case. Many
DCs don't want a dozen GPS antennae cluttering the roof up but are happy
to provide the service from one they look after (for a cost, of course).

If you have external facilities, of course, so long as you can run
PTP/1588 back from them, you can always host your clocks there and
distribute to 1588 masters in the DC.
-- 
Cheers,
James Harrison



signature.asc
Description: OpenPGP digital signature

Re: NTP question

[Andy Smith]

The link you provided answers that question:
"The built in high sensitivity GPS receiver is able to lock multiple
satellites from within multiple buildings or from a window location,
eliminating the requirement that an outdoor antenna be installed".  If
you're still worried about your specific use-case, I recommend contacting
the manufacturer.


On Wed, May 1, 2019 at 2:25 PM Mehmet Akcin  wrote:

> hey there Nanog,
>
> I am trying to buy a GPS based NTP server like this one
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an actual
> view of a sky to be able to get signal or will they work fine inside a data
> center building? if you have any other hardware requirements to be able to
> provide stable time service for hundreds of customers, please let me know.
>
> mehmet
>
>
>

Re: NTP question

[Alain Hebert]

    Unless the Firemen turn your roof generator off because someone in 
the street yelled fire =D


On 2019-05-02 11:21, Grant Taylor via NANOG wrote:

On 5/2/19 8:03 AM, Kain, Rebecca (.) wrote:

Or the fbi shuts off the power grid


Na.

Battery backup and generators with days ~> weeks worth of fuel.  }:-)

Re: NTP question

[Chris Adams]

Once upon a time, William Herrin  said:
> The one time I relied on the pool I lost sync a year later when all three
> servers the configuration picked withdrew time services and the
> still-running ntp client didn't return to the names to find new ones.
> Wonderful if that's fixed now but the pool folks argued just as strongly
> for using it back then.

Current versions of both ntpd and chrony support a "pool" config option
as an alternative to the "server" option, and I believe both will
monitor the reachability and quality of the sources and periodically
refresh from DNS.

-- 
Chris Adams 

Re: NTP question

[Grant Taylor via NANOG]

On 5/2/19 8:03 AM, Kain, Rebecca (.) wrote:

Or the fbi shuts off the power grid


Na.

Battery backup and generators with days ~> weeks worth of fuel.  }:-)



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: NTP question

[William Herrin]

On Wed, May 1, 2019 at 7:03 PM Harlan Stenn  wrote:

> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool' directive in your config file.
>

The one time I relied on the pool I lost sync a year later when all three
servers the configuration picked withdrew time services and the
still-running ntp client didn't return to the names to find new ones.
Wonderful if that's fixed now but the pool folks argued just as strongly
for using it back then.

Also, telling the security auditor that you have no idea who supplies your
time source is pretty much a non-starter. You can convince them of a lot of
things but you can't convince them it's OK to have no idea where critical
services come from.

That's what's wrong with the pool.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: NTP question

[William Herrin]

On Wed, May 1, 2019 at 8:35 PM Mel Beckman  wrote:

> I can tell you how the GPS server behaves when it loses it signal: it
> stops giving out verified time and lapses into Stratum-“goners” mode. But
> today’s RTP chips don’t start losing seconds-per-day when they are free
> running. Typically they might lose ten seconds per week on cheap systems.
> That’s of little concern if you have two GPS clocks.
>

The macbook my employer issued gains about 20 minutes a day when not
synced. Easier to not replace it because oh look, the drive is soldered to
the motherboard.

I've taken to calling it my crapbook. Really disappointed with the quality
out of Apple lately.

-Bill


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

RE: NTP question

[Kain, Rebecca (.)]

Or the fbi shuts off the power grid

-Original Message-
From: NANOG  On Behalf Of Valdis Kletnieks
Sent: Thursday, May 02, 2019 10:00 AM
To: Tom Beecher 
Cc: NANOG list 
Subject: Re: NTP question

On Thu, 02 May 2019 08:59:19 -0400, Tom Beecher said:

> Passes the backhoe test, but might have an issue with the Die Hard 
> Elevator Shaft Fight Scene checks.

If your data center is suffering from both backhoe face and a Die Hard Fight 
Scene, the *real* question is whether you're going to care about NTP when the 
Halon dumps and the emergency power interlock shuts down all your hardware...

In other words, you got bigger problems. :)

Re: NTP question

[Valdis Klētnieks]

On Thu, 02 May 2019 08:59:19 -0400, Tom Beecher said:

> Passes the backhoe test, but might have an issue with the Die Hard Elevator
> Shaft Fight Scene checks.

If your data center is suffering from both backhoe face and a Die Hard Fight 
Scene,
the *real* question is whether you're going to care about NTP when the Halon 
dumps
and the emergency power interlock shuts down all your hardware...

In other words, you got bigger problems. :)



pgpLSlBTyFGid.pgp
Description: PGP signature

Re: NTP question

[Tom Beecher]

Passes the backhoe test, but might have an issue with the Die Hard Elevator
Shaft Fight Scene checks.

:)

On Thu, May 2, 2019 at 07:34 william manning 
wrote:

> for our PCI-DSS audit, the rational for at least -one- local source,
> instead of depending on pool.ntp.org, was "backhoe fade".
> it was worth the $135 for an NTP source using GPS.  the cable run up the
> elevator shaft for the antenna works without needing OSHPD permits.
>
> We are very happy with the result.
>
> /Wm
>
> On Wed, May 1, 2019 at 3:01 PM Andreas Ott  wrote:
>
>> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
>> > - Why do folks want to have one or more NTP server masters that have at
>> > least 1 refclock on them in a data center, instead of having their data
>> > center NTP server masters that only get time over the internet?
>>
>> I had that discussion before with the QSA for a compliance audit, pointing
>> to requirement "10.4.3 Time settings are received from industry-accepted
>> time sources" and "verify that the time server(s) accept time updates from
>> specific, industry-accepted external sources (to prevent a malicious
>> individual from changing the clock)" in the PCI-DSS document. He
>> non-jokingly suggested "why don't you use pool.ntp.org?", not really
>> realizing how many servers are in fact just someone's PC behind a cable
>> modem in their home, which negated the "do I trust the time I am
>> receiving?". My immediate answer was "we could use NIST servers",
>> but the easiest way out of this is "we operate our own NTP appliance
>> with a GPS receiver" and provide that as evidence.
>>
>> Don't get me wrong, I support pool.ntp.org by operating and contributing
>> servers to it, but it is not deemed good enough if you need traceability
>> of your NTP time source(s), even though the pool will only admit members
>> above a certain quality threshold.
>>
>>
>> > - What % of data center operators provide time servers in their data
>> > centers for their tenants (or for the general public)?
>>
>> My $employer does that in our datacenters and points of presence for
>> our customers.
>>
>> -andreas
>> --
>> Andreas Ott   K6OTT   +1.408.431.8727   andr...@naund.org
>>
>

Re: NTP question

[william manning]

for our PCI-DSS audit, the rational for at least -one- local source,
instead of depending on pool.ntp.org, was "backhoe fade".
it was worth the $135 for an NTP source using GPS.  the cable run up the
elevator shaft for the antenna works without needing OSHPD permits.

We are very happy with the result.

/Wm

On Wed, May 1, 2019 at 3:01 PM Andreas Ott  wrote:

> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
> > - Why do folks want to have one or more NTP server masters that have at
> > least 1 refclock on them in a data center, instead of having their data
> > center NTP server masters that only get time over the internet?
>
> I had that discussion before with the QSA for a compliance audit, pointing
> to requirement "10.4.3 Time settings are received from industry-accepted
> time sources" and "verify that the time server(s) accept time updates from
> specific, industry-accepted external sources (to prevent a malicious
> individual from changing the clock)" in the PCI-DSS document. He
> non-jokingly suggested "why don't you use pool.ntp.org?", not really
> realizing how many servers are in fact just someone's PC behind a cable
> modem in their home, which negated the "do I trust the time I am
> receiving?". My immediate answer was "we could use NIST servers",
> but the easiest way out of this is "we operate our own NTP appliance
> with a GPS receiver" and provide that as evidence.
>
> Don't get me wrong, I support pool.ntp.org by operating and contributing
> servers to it, but it is not deemed good enough if you need traceability
> of your NTP time source(s), even though the pool will only admit members
> above a certain quality threshold.
>
>
> > - What % of data center operators provide time servers in their data
> > centers for their tenants (or for the general public)?
>
> My $employer does that in our datacenters and points of presence for
> our customers.
>
> -andreas
> --
> Andreas Ott   K6OTT   +1.408.431.8727   andr...@naund.org
>

Re: NTP question

[Marco Davids via NANOG]

Op 02-05-19 om 02:00 schreef Ask Bjørn Hansen:


Though, on the topic of unusual requirements there are a bunch of
contributors to the NTP Pool using this curious device 


It continues to surprise me that there is still hardware being sold that 
doesn't even support IPv6.


--
Marco

Re: NTP question

[Valdis Klētnieks]

On Thu, 02 May 2019 00:29:32 -0400, Keith Wallace said:

> Good stuff, never had an issue with rollovers, software was upgradable.

Did the vendor ever ship an actual software upgrade?


pgpn6eFWHI5i6.pgp
Description: PGP signature

Re: NTP question

[Keith Wallace]

I'd like to give a plug for Symetricom products like the Time Provider 1100. I 
used these in my previous life at a half dozen sites.
They function as ntp servers and peer with each other over a network. In 
addition (and most important to me) they provided BITS clocks to our optical 
gear and pbx's. Very reliable and you could waste all sorts of money by 
equipping them with 1 or 2 oscillators, rubidium if you liked. The antenna 
needed a clear  view of the sky and  we mounted these at roof level to avoid 
lightning. They were heated to avoid icing.
Good stuff, never had an issue with rollovers, software was upgradable.

Sent from my android device.

-Original Message-
From: "Ask Bjørn Hansen" 
To: Mehmet Akcin 
Cc: nanog 
Sent: Wed, 01 May 2019 19:43
Subject: Re: NTP question



> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
> 
> I am trying to buy a GPS based NTP server like this one 
> 
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
> 
> but I will be placing this inside a data center, do these need an actual view 
> of a sky to be able to get signal or will they work fine inside a data center 
> building? if you have any other hardware requirements to be able to provide 
> stable time service for hundreds of customers, please let me know.

[ with my hobby-hat on … ]

tl;dr: if any of the below is too much work, just run reasonably well monitored 
NTP server syncing from other NTP servers. If you want more than that, you need 
to see the sky. Don’t do the CDMA thing.

Depending on your requirements having the antenna in the window may or may not 
be satisfactory. If it’s fine you probably could just have done a regular NTP 
server in the first place.  For long swaths of the day you might not see too 
many satellites which will add to the uncertainty of the signal.

Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 300 
meters on RG58 or 700 meters on RG213.  (They also have products that use 
regular L1 antennas with the limitations Bryan mentioned).

https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm

They also have a multi-mode fiber box to have the antenna be up to 2km from the 
box or 20km with their single mode fiber box, if you have fiber to somewhere 
else where you can see the sky and place an antenna.

It will be more than the one you linked to, but their systems are very 
reasonably priced, too. For “hundreds of customers” whatever is the 
smallest/cheapest box they have will work fine. Even their smallest models have 
decent oscillators (for keeping the ticks accurate between GPS signals).

The Meinberg time server products (I am guessing all of them, but I’m not sure) 
also have a mode where they poll an upstream NTP server aggressively and then 
steer the oscillator after it. I haven’t used it in production, but it worked a 
lot better than it sounded like it would.  (In other words, even without GPS 
it’s a better time server than most systems).


Ask

Re: NTP question

[Carsten Bormann]

On May 2, 2019, at 00:41, Alejandro Acosta  
wrote:
> 
>   As other have commented before, it looks you need an outdoor antenna, 
> however, reading the specs it says:
> 
> 
> 
> “The built in high sensitivity GPS receiver is able to lock multiple 
> satellites from within multiple buildings or from a window location, 
> eliminating the requirement that an outdoor antenna be installed."

Why don’t data centers provide a GPS signal along with power and air 
conditioning?
Installing a distribution amplifier for 1.5 GHz is not rocket science.

(Or an Ethernet with IEEE1588 precise time, but that is probably asking too 
much.)

Grüße, Carsten

Re: NTP question

[Mel Beckman]

For those wondering what a GPS certification letter for the rollover bug looks 
like, here’s Garmin’s. Note the phrase “for many years, Garmin has anticipated 
and prepared for this event...”:

Garmin GPS Week Number Rollover Statement

What is the GPS Week Number Rollover (WNRO)?

The GPS system is world renowned for its ability to provide accurate and 
reliable positioning and timing information worldwide. The GPS satellites 
transmit to users the date and time accurate to nanoseconds. However, back in 
1980, when the GPS system first began to keep track of time, the date and time 
was represented by a counter that could only count forward to a maximum of 1024 
weeks, or about 19.7 years. After 1024 weeks had elapsed, this counter “rolled 
over” to zero, and GPS time started counting forward again.  This first 
rollover occurred in August of 1999. The second rollover will occur on April 6, 
2019.

Is My Device Affected?

For many years, Garmin has anticipated and prepared for this event. Regardless, 
Garmin has been performing exhaustive testing of current and legacy devices to 
determine if they will be affected by the GPS week number rollover.  Our 
testing shows the vast majority of Garmin GPS devices will handle the WNRO 
without issues.

What is the Effect of a GPS Week Number Rollover Issue?

For GPS devices that are affected, after the rollover occurs, an incorrect date 
and time will be displayed. This incorrect time will also be used to timestamp 
track logs, compute sunrise and sunset, and other functions that rely upon the 
correct date and time. However, the positioning accuracy will not be affected. 
The device will continue to deliver the same positioning performance as before 
the rollover.

 -mel

On May 1, 2019, at 8:56 PM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Gary, Gary, Gary,

You don’t need a $30,000 GPS simulator to verify if a GPS product in your 
inventory has the rollover bug. You simply ask the supplier to certify that 
they don’t have the rollover bug. They use their _$100,000_ GPS simulator If 
needed, but usually it’s done with a trivial code review.

If the supplier can’t provide such a certification, then they are no longer a 
supplier. This tends to persuade them to certify.

If you as an air carrier (or any other critical GPS consumer) fail to ask for 
such a certification in time to field a replacement, that’s your fault.

You might not be aware, but zero US air carriers had any unplanned  downtime 
from the GPS rollover. I can’t say the same thing for certain Asian air 
carriers :)

-mel via cell

On May 1, 2019, at 8:39 PM, Gary E. Miller 
mailto:g...@rellim.com>> wrote:

Yo Mel!

On Thu, 2 May 2019 03:30:03 +
Mel Beckman mailto:m...@beckman.org>> wrote:

I’m also an FAA licensed A mechanic, and have worked for airlines
in fleet maintenance.  Air carriers have extremely thorough systems
reviews, by law, through the Airworthiness Directive program, which
started identifying 2019 GPS rollover vulnerabilities in ... 2009!
Nobody was surprised.  If any GPS systems “went nuts”, it was through
the incompetence and negligence of their owners.

How many GPS owners happen to have $30,000 GPS simulators to check
their $300 GPS/NTP servers?  Some of mine did, most did not.

Seems to me the negligence is in the GPS manufacturer that failed to
notify their customers.

To be fair, Avidyne and Telit did notify their customers, but not with
a fix or enough lead time to swap out the units.

RGDS
GARY
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
  g...@rellim.com  Tel:+1 541 382 8588

  Veritas liberabit vos. -- Quid est veritas?
  "If you can’t measure it, you can’t improve it." - Lord Kelvin

Re: NTP question

[Mel Beckman]

I’m talking about _my_ GPS server. I have no idea what you’ve cobbled up :)

 -mel 

> On May 1, 2019, at 8:41 PM, Gary E. Miller  wrote:
> 
> Yo Mel!
> 
> On Thu, 2 May 2019 03:35:31 +
> Mel Beckman  wrote:
> 
>> I can tell you how the GPS server behaves when it loses it signal: it
>> stops giving out verified time and lapses into Stratum-“goners” mode.
> 
> I happen to have a few GPS in my lab that do not agree with your
> statement.  I'll spare this list the details...
> 
> RGDS
> GARY
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
>g...@rellim.com  Tel:+1 541 382 8588
> 
>Veritas liberabit vos. -- Quid est veritas?
>"If you can’t measure it, you can’t improve it." - Lord Kelvin

Re: NTP question

[Mel Beckman]

Gary, Gary, Gary,

You don’t need a $30,000 GPS simulator to verify if a GPS product in your 
inventory has the rollover bug. You simply ask the supplier to certify that 
they don’t have the rollover bug. They use their _$100,000_ GPS simulator If 
needed, but usually it’s done with a trivial code review. 

If the supplier can’t provide such a certification, then they are no longer a 
supplier. This tends to persuade them to certify. 

If you as an air carrier (or any other critical GPS consumer) fail to ask for 
such a certification in time to field a replacement, that’s your fault.

You might not be aware, but zero US air carriers had any unplanned  downtime 
from the GPS rollover. I can’t say the same thing for certain Asian air 
carriers :)

-mel via cell

> On May 1, 2019, at 8:39 PM, Gary E. Miller  wrote:
> 
> Yo Mel!
> 
> On Thu, 2 May 2019 03:30:03 +
> Mel Beckman  wrote:
> 
>> I’m also an FAA licensed A mechanic, and have worked for airlines
>> in fleet maintenance.  Air carriers have extremely thorough systems
>> reviews, by law, through the Airworthiness Directive program, which
>> started identifying 2019 GPS rollover vulnerabilities in ... 2009!
>> Nobody was surprised.  If any GPS systems “went nuts”, it was through
>> the incompetence and negligence of their owners.
> 
> How many GPS owners happen to have $30,000 GPS simulators to check
> their $300 GPS/NTP servers?  Some of mine did, most did not.
> 
> Seems to me the negligence is in the GPS manufacturer that failed to
> notify their customers.
> 
> To be fair, Avidyne and Telit did notify their customers, but not with
> a fix or enough lead time to swap out the units.
> 
> RGDS
> GARY
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
>g...@rellim.com  Tel:+1 541 382 8588
> 
>Veritas liberabit vos. -- Quid est veritas?
>"If you can’t measure it, you can’t improve it." - Lord Kelvin

Re: NTP question

[Gary E. Miller]

Yo Mel!

On Thu, 2 May 2019 03:35:31 +
Mel Beckman  wrote:

> I can tell you how the GPS server behaves when it loses it signal: it
> stops giving out verified time and lapses into Stratum-“goners” mode.

I happen to have a few GPS in my lab that do not agree with your
statement.  I'll spare this list the details...

RGDS
GARY
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com  Tel:+1 541 382 8588

Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin


pgphcVI3rX0Xn.pgp
Description: OpenPGP digital signature

Re: NTP question

[Gary E. Miller]

Yo Mel!

On Thu, 2 May 2019 03:30:03 +
Mel Beckman  wrote:

> I’m also an FAA licensed A mechanic, and have worked for airlines
> in fleet maintenance.  Air carriers have extremely thorough systems
> reviews, by law, through the Airworthiness Directive program, which
> started identifying 2019 GPS rollover vulnerabilities in ... 2009!
> Nobody was surprised.  If any GPS systems “went nuts”, it was through
> the incompetence and negligence of their owners.

How many GPS owners happen to have $30,000 GPS simulators to check
their $300 GPS/NTP servers?  Some of mine did, most did not.

Seems to me the negligence is in the GPS manufacturer that failed to
notify their customers.

To be fair, Avidyne and Telit did notify their customers, but not with
a fix or enough lead time to swap out the units.

RGDS
GARY
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com  Tel:+1 541 382 8588

Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin


pgpvGFgkWDTHo.pgp
Description: OpenPGP digital signature

Re: NTP question

[Mel Beckman]

I can tell you how the GPS server behaves when it loses it signal: it stops 
giving out verified time and lapses into Stratum-“goners” mode. But today’s RTP 
chips don’t start losing seconds-per-day when they are free running. Typically 
they might lose ten seconds per week on cheap systems. That’s of little concern 
if you have two GPS clocks.

But wait. What is the GPS constellation goes down? THEN we have bigger problems 
:)

It’s possible to over-think the clock problem, just as it’s possible to 
overthink RAID storage protection. Sometimes a manual restore from backup is 
just fine.

 -mel

> On May 1, 2019, at 8:13 PM, Harlan Stenn  wrote:
> 
> 
> 
>> On 5/1/19 7:54 PM, Mel Beckman wrote:
>> Harlan,
>> 
>> Why? The GPS NTP Server is Stratum-1.  If it fails computer clocks will 
>> freewheel for hours or days before losing significant time, during which 
>> period you can simply order a replacement unit. If that isn’t fast enough, 
>> buy two $300 boxes. The “consensus” issue is moot, since a GPS server gets a 
>> consensus of clock time from the GPS satellite constellation. 
>> 
>> The “enough NTP peers” you speak of are simply not necessary. 
> 
> You might be right about the GPS server.  It depends on how your $300
> box behaves if it loses the GPS signal.
> 
> The consensus issue isn't about the number of satellites the GPS
> receiver sees, it's about the number of time sources your NTP servers see.
> 
> H
> --
>> -mel via cell
>> 
>>> On May 1, 2019, at 6:49 PM, Harlan Stenn  wrote:
>>> 
>>> 
>>> 
 On 5/1/19 4:53 PM, Mel Beckman wrote:
 Ask,
 
 But with a small compact server like the DC-powered TimeMachines Inc unit, 
 which costs something like $300, you simply put the server where the 
 visibility is and connect back to the nearest Ethernet port in your 
 network, up to 300’ away, or virtually any distance with fiber 
 transceivers. We’ve installed these in Cantex boxes on a windy, rainy 
 tenth-story rooftop in upstate NY and it runs flawlessly, warmed by its 
 own internal heat at sub-zero temps, and perfectly happy at ambient temps 
 of 110F. 
 
 It’s hard to consider messing with signal converters and pricey 
 remotely-powered active antennas when you can solve the problem for $300. 
 :)
>>> 
>>> I sure hope you have ntpd set up to peer or get time with enough other
>>> servers.
>>> 
>>> H
>>> --
 -mel 
 
> On May 1, 2019, at 4:44 PM, Ask Bjørn Hansen  wrote:
> 
> 
> 
>> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
>> 
>> I am trying to buy a GPS based NTP server like this one 
>> 
>> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>> 
>> but I will be placing this inside a data center, do these need an actual 
>> view of a sky to be able to get signal or will they work fine inside a 
>> data center building? if you have any other hardware requirements to be 
>> able to provide stable time service for hundreds of customers, please 
>> let me know.
> 
> [ with my hobby-hat on … ]
> 
> tl;dr: if any of the below is too much work, just run reasonably well 
> monitored NTP server syncing from other NTP servers. If you want more 
> than that, you need to see the sky. Don’t do the CDMA thing.
> 
> Depending on your requirements having the antenna in the window may or 
> may not be satisfactory. If it’s fine you probably could just have done a 
> regular NTP server in the first place.  For long swaths of the day you 
> might not see too many satellites which will add to the uncertainty of 
> the signal.
> 
> Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 
> 300 meters on RG58 or 700 meters on RG213.  (They also have products that 
> use regular L1 antennas with the limitations Bryan mentioned).
> 
> https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm
> 
> They also have a multi-mode fiber box to have the antenna be up to 2km 
> from the box or 20km with their single mode fiber box, if you have fiber 
> to somewhere else where you can see the sky and place an antenna.
> 
> It will be more than the one you linked to, but their systems are very 
> reasonably priced, too. For “hundreds of customers” whatever is the 
> smallest/cheapest box they have will work fine. Even their smallest 
> models have decent oscillators (for keeping the ticks accurate between 
> GPS signals).
> 
> The Meinberg time server products (I am guessing all of them, but I’m not 
> sure) also have a mode where they poll an upstream NTP server 
> aggressively and then steer the oscillator after it. I haven’t used it in 
> production, but it worked a lot better than it sounded like it would.  
> (In other words, even without GPS it’s a better time server than most 
> systems).
> 
> 
> Ask

Re: NTP question

[Mel Beckman]

Yo Gary!

Not only did I not sleep through it, I was one of the engineers who verified 
that every GPS clock source in a very large aviation support network didn’t 
have have this bug. 

I’m also an FAA licensed A mechanic, and have worked for airlines in fleet 
maintenance.  Air carriers have extremely thorough systems reviews, by law, 
through the Airworthiness Directive program, which started identifying 2019 GPS 
rollover vulnerabilities in ... 2009! Nobody was surprised.  If any GPS systems 
“went nuts”, it was through the incompetence and negligence of their owners.

 -mel 

> On May 1, 2019, at 8:03 PM, Gary E. Miller  wrote:
> 
> Yo Mel!
> 
> On Thu, 2 May 2019 02:54:25 +
> Mel Beckman  wrote:
> 
>> Why? The GPS NTP Server is Stratum-1.  If it fails computer clocks
>> will freewheel for hours or days before losing significant time,
>> during which period you can simply order a replacement unit. If that
>> isn’t fast enough, buy two $300 boxes. The “consensus” issue is moot,
>> since a GPS server gets a consensus of clock time from the GPS
>> satellite constellation. 
> 
> I guess you slept through GPS Week Roll Over day last April 6th?
> 
> Some GPS went nuts, others did not.  Many 777 and 787 were grounded that
> weekend for software updates to their expensive Honeywell GPS.  I'll
> spare you the many more examples that hapened.
> 
> Not nice when yoar clock rolls back to 1999, or forward to 2035.
> 
> RGDS
> GARY
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
>g...@rellim.com  Tel:+1 541 382 8588
> 
>Veritas liberabit vos. -- Quid est veritas?
>"If you can’t measure it, you can’t improve it." - Lord Kelvin

Re: NTP question

[Harlan Stenn]

On 5/1/19 7:54 PM, Mel Beckman wrote:
> Harlan,
> 
> Why? The GPS NTP Server is Stratum-1.  If it fails computer clocks will 
> freewheel for hours or days before losing significant time, during which 
> period you can simply order a replacement unit. If that isn’t fast enough, 
> buy two $300 boxes. The “consensus” issue is moot, since a GPS server gets a 
> consensus of clock time from the GPS satellite constellation. 
> 
> The “enough NTP peers” you speak of are simply not necessary. 

You might be right about the GPS server.  It depends on how your $300
box behaves if it loses the GPS signal.

The consensus issue isn't about the number of satellites the GPS
receiver sees, it's about the number of time sources your NTP servers see.

H
--
> -mel via cell
> 
>> On May 1, 2019, at 6:49 PM, Harlan Stenn  wrote:
>>
>>
>>
>>> On 5/1/19 4:53 PM, Mel Beckman wrote:
>>> Ask,
>>>
>>> But with a small compact server like the DC-powered TimeMachines Inc unit, 
>>> which costs something like $300, you simply put the server where the 
>>> visibility is and connect back to the nearest Ethernet port in your 
>>> network, up to 300’ away, or virtually any distance with fiber 
>>> transceivers. We’ve installed these in Cantex boxes on a windy, rainy 
>>> tenth-story rooftop in upstate NY and it runs flawlessly, warmed by its own 
>>> internal heat at sub-zero temps, and perfectly happy at ambient temps of 
>>> 110F. 
>>>
>>> It’s hard to consider messing with signal converters and pricey 
>>> remotely-powered active antennas when you can solve the problem for $300. :)
>>
>> I sure hope you have ntpd set up to peer or get time with enough other
>> servers.
>>
>> H
>> --
>>> -mel 
>>>
 On May 1, 2019, at 4:44 PM, Ask Bjørn Hansen  wrote:



> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
>
> I am trying to buy a GPS based NTP server like this one 
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an actual 
> view of a sky to be able to get signal or will they work fine inside a 
> data center building? if you have any other hardware requirements to be 
> able to provide stable time service for hundreds of customers, please let 
> me know.

 [ with my hobby-hat on … ]

 tl;dr: if any of the below is too much work, just run reasonably well 
 monitored NTP server syncing from other NTP servers. If you want more than 
 that, you need to see the sky. Don’t do the CDMA thing.

 Depending on your requirements having the antenna in the window may or may 
 not be satisfactory. If it’s fine you probably could just have done a 
 regular NTP server in the first place.  For long swaths of the day you 
 might not see too many satellites which will add to the uncertainty of the 
 signal.

 Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 
 300 meters on RG58 or 700 meters on RG213.  (They also have products that 
 use regular L1 antennas with the limitations Bryan mentioned).

 https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm

 They also have a multi-mode fiber box to have the antenna be up to 2km 
 from the box or 20km with their single mode fiber box, if you have fiber 
 to somewhere else where you can see the sky and place an antenna.

 It will be more than the one you linked to, but their systems are very 
 reasonably priced, too. For “hundreds of customers” whatever is the 
 smallest/cheapest box they have will work fine. Even their smallest models 
 have decent oscillators (for keeping the ticks accurate between GPS 
 signals).

 The Meinberg time server products (I am guessing all of them, but I’m not 
 sure) also have a mode where they poll an upstream NTP server aggressively 
 and then steer the oscillator after it. I haven’t used it in production, 
 but it worked a lot better than it sounded like it would.  (In other 
 words, even without GPS it’s a better time server than most systems).


 Ask
>>
>> -- 
>> Harlan Stenn 
>> http://networktimefoundation.org - be a member!

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Gary E. Miller]

Yo Mel!

On Thu, 2 May 2019 02:54:25 +
Mel Beckman  wrote:

> Why? The GPS NTP Server is Stratum-1.  If it fails computer clocks
> will freewheel for hours or days before losing significant time,
> during which period you can simply order a replacement unit. If that
> isn’t fast enough, buy two $300 boxes. The “consensus” issue is moot,
> since a GPS server gets a consensus of clock time from the GPS
> satellite constellation. 

I guess you slept through GPS Week Roll Over day last April 6th?

Some GPS went nuts, others did not.  Many 777 and 787 were grounded that
weekend for software updates to their expensive Honeywell GPS.  I'll
spare you the many more examples that hapened.

Not nice when yoar clock rolls back to 1999, or forward to 2035.

RGDS
GARY
---
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com  Tel:+1 541 382 8588

Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin


pgpTOG3iUpDFG.pgp
Description: OpenPGP digital signature

Re: NTP question

[Mel Beckman]

Harlan,

Why? The GPS NTP Server is Stratum-1.  If it fails computer clocks will 
freewheel for hours or days before losing significant time, during which period 
you can simply order a replacement unit. If that isn’t fast enough, buy two 
$300 boxes. The “consensus” issue is moot, since a GPS server gets a consensus 
of clock time from the GPS satellite constellation. 

The “enough NTP peers” you speak of are simply not necessary. 

-mel via cell

> On May 1, 2019, at 6:49 PM, Harlan Stenn  wrote:
> 
> 
> 
>> On 5/1/19 4:53 PM, Mel Beckman wrote:
>> Ask,
>> 
>> But with a small compact server like the DC-powered TimeMachines Inc unit, 
>> which costs something like $300, you simply put the server where the 
>> visibility is and connect back to the nearest Ethernet port in your network, 
>> up to 300’ away, or virtually any distance with fiber transceivers. We’ve 
>> installed these in Cantex boxes on a windy, rainy tenth-story rooftop in 
>> upstate NY and it runs flawlessly, warmed by its own internal heat at 
>> sub-zero temps, and perfectly happy at ambient temps of 110F. 
>> 
>> It’s hard to consider messing with signal converters and pricey 
>> remotely-powered active antennas when you can solve the problem for $300. :)
> 
> I sure hope you have ntpd set up to peer or get time with enough other
> servers.
> 
> H
> --
>> -mel 
>> 
>>> On May 1, 2019, at 4:44 PM, Ask Bjørn Hansen  wrote:
>>> 
>>> 
>>> 
 On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
 
 I am trying to buy a GPS based NTP server like this one 
 
 https://timemachinescorp.com/product/gps-time-server-tm1000a/
 
 but I will be placing this inside a data center, do these need an actual 
 view of a sky to be able to get signal or will they work fine inside a 
 data center building? if you have any other hardware requirements to be 
 able to provide stable time service for hundreds of customers, please let 
 me know.
>>> 
>>> [ with my hobby-hat on … ]
>>> 
>>> tl;dr: if any of the below is too much work, just run reasonably well 
>>> monitored NTP server syncing from other NTP servers. If you want more than 
>>> that, you need to see the sky. Don’t do the CDMA thing.
>>> 
>>> Depending on your requirements having the antenna in the window may or may 
>>> not be satisfactory. If it’s fine you probably could just have done a 
>>> regular NTP server in the first place.  For long swaths of the day you 
>>> might not see too many satellites which will add to the uncertainty of the 
>>> signal.
>>> 
>>> Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 
>>> 300 meters on RG58 or 700 meters on RG213.  (They also have products that 
>>> use regular L1 antennas with the limitations Bryan mentioned).
>>> 
>>> https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm
>>> 
>>> They also have a multi-mode fiber box to have the antenna be up to 2km from 
>>> the box or 20km with their single mode fiber box, if you have fiber to 
>>> somewhere else where you can see the sky and place an antenna.
>>> 
>>> It will be more than the one you linked to, but their systems are very 
>>> reasonably priced, too. For “hundreds of customers” whatever is the 
>>> smallest/cheapest box they have will work fine. Even their smallest models 
>>> have decent oscillators (for keeping the ticks accurate between GPS 
>>> signals).
>>> 
>>> The Meinberg time server products (I am guessing all of them, but I’m not 
>>> sure) also have a mode where they poll an upstream NTP server aggressively 
>>> and then steer the oscillator after it. I haven’t used it in production, 
>>> but it worked a lot better than it sounded like it would.  (In other words, 
>>> even without GPS it’s a better time server than most systems).
>>> 
>>> 
>>> Ask
> 
> -- 
> Harlan Stenn 
> http://networktimefoundation.org - be a member!

Re: NTP question

[Harlan Stenn]

Hi Keith,

On 5/1/19 6:17 PM, Keith Medcalf wrote:
> 
>> If your network is air gapped from the Internet then sure. If it's
>> not, you can run NTP against a reasonably reliable set of time
>> sources (not random picks from Pool) and be able to say, "my log
>> timestamps are accurate to +/- 10 milliseconds so it must be you who
>> is farked up." While my milliseconds loses the pecking order contest,
>> it's just as good for practical purposes and a whole lot less
>> expensive.
> 
> You mean something like this, which is relatively easy to achieve:
> 
> ==
> offset -0.09, frequency -0.823, time_const 30, watchdog 238
> synchronised to NTP server (192.5.41.40) at stratum 2
>time correct to within 12 ms
>polling server every 1024 s
> ==
>  remote   refid  st t when poll reach   delay   offset  jitter
> ==
> +clock.sjc.he.ne .CDMA.   1 u  287 1024  377   64.3130.337   0.867
> -tock.usnogps.na .IRIG.   1 u5 1024  377  103.080   -2.097   0.316
> -tick.usnogps.na .IRIG.   1 u  806 1024  377  103.053   -2.328   0.363
> +india.colorado. .NIST.   1 u  270 1024  377   41.214   -0.159   0.113
> +time-b-b.nist.g .NIST.   1 u  984 1024  377   42.6090.200   0.045
> +time-c-b.nist.g .NIST.   1 u  180 1024  377   42.5630.201   0.064
> +time-a-b.nist.g .NIST.   1 u  163 1024  377   42.6390.137   0.032
> *192.5.41.40 .PTP.1 u  235 1024  377   12.756   -0.388  12.479
> -192.5.41.41 .IRIG.   1 u  312 1024  377   13.575   -1.172   2.425
>  LOCAL(0).LOCL.  10 l-   6400.0000.000   0.000
> --
> pll offset:   -8.474e-06 s
> pll frequency:-0.823 ppm
> maximum error:0.123149 s
> estimated error:  0.000122 s
> status:   2001  pll nano
> pll time constant:10
> precision:1e-09 s
> frequency tolerance:  500 ppm
> ==

That all looks great except for the LOCAL clock at S10.  In the event
you lose connectivity to the outside, this system will jump from S2 to
S10.  Depending on the setup of your other systems, groups of them will
go sailing off in their own directions.

http://support.ntp.org/bin/view/Support/OrphanMode is the better solution.

If you cannot do that for some reason, please see the "Dual Time
Servers" case at
http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock .

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Harlan Stenn]

On 5/1/19 5:55 PM, William Herrin wrote:
> On Wed, May 1, 2019 at 5:48 PM Keith Medcalf  wrote:
> 
>> If you have one such installation, then you really do not care about the
>> "accuracy" of the time.  However if you have multiple such installations
>> then you want them all to have the same time (if you will be comparing logs
>> between them, for example).  At some point it becomes "cheaper" to spend
>> thousands of dollars per site to have a single Stratum 0 timesource (for
>> example, the GPS system) at each site (and thus comparable time stamps)
>> than it is to pay someone to go though the rigamarole of computing offsets
>> and slew rates between sites to be able to do accurate comparison.  And if
>> you communicate any of that info to outsiders then being able to say "my
>> log timestamps are accurate to +/- 10 nanoseconds so it must be you who is
>> farked up" (and be able to prove it) has immense value.
>>
> 
> If your network is air gapped from the Internet then sure. If it's not, you
> can run NTP against a reasonably reliable set of time sources (not random
> picks from Pool) and be able to say, "my log timestamps are accurate to +/-
> 10 milliseconds so it must be you who is farked up." While my milliseconds
> loses the pecking order contest, it's just as good for practical purposes
> and a whole lot less expensive.

It's not clear to me that there's anything *wrong* with using the pool,
especially if you're using our 'pool' directive in your config file.

That directive will bring up ~10 associations and continuously evaluate
their quality, throwing out the poor performers and soliciting new
servers of currently-good quality to replace them.

This goes to "have _enough_ good-quality servers, and monitor your ntpd".

> If your system is Internet-connected. If you run an air gapped network then
> yeah, get your time out of band.
> 
> Regards,
> Bill Herrin
> 
> 

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[James R Cutler]

> On May 1, 2019, at 9:45 PM, Harlan Stenn  wrote:
> 
> 
> 
> On 5/1/19 5:39 PM, William Herrin wrote:
>> On Wed, May 1, 2019 at 12:23 PM Mehmet Akcin  wrote:
>> 
>>> I am trying to buy a GPS based NTP server like this one
>>> 
>>> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>>> 
>>> but I will be placing this inside a data center, do these need an actual
>>> view of a sky to be able to get signal or will they work fine inside a data
>>> center building? if you have any other hardware requirements to be able to
>>> provide stable time service for hundreds of customers, please let me know.
>>> 
>> 
>> You buy a powered GPS antenna for it. Which antenna depends on the cable
>> length and type. The amplifier in the antenna amplifies the signal just
>> enough to overcome the cable loss between the antenna and the receiver.
>> Nice thick cables lose less signal. Dinky thin ones are easier to work with.
>> 
>> You sure you need a GPS NTP server? You understand that if you do, you need
>> two for reliability right, and probably at geographically diverse
>> locations? If you're not on an air-gapped network, consider syncing a
>> couple head-end NTP servers against tick and tock (.usno.navy.mil, the
>> naval observatory) and not worrying about it. One less piece of equipment
>> to manage, update, secure, etc.
> 
> Two is not a great number.  If they disagree, there is no majority
> clique to be found.
> 
> Also, there is something to be said for using different models/vendors
> for the time sources.  If you only have the same model from one vendor
> and there is a bug, you can lose all your time sources at once.   The
> GPS week rollover happens every ~19.7 years, and when that problem hits
> is a function of the firmware and a manufacturing date put in the firmware.
> 
> These problems can be mitigated if you have "enough" time sources for
> your internal NTP servers and you peer with enough other, possibly your,
> servers.
> 
>> Regards,
>> Bill Herrin
> 
> -- 
> Harlan Stenn 
> http://networktimefoundation.org - be a member!

To amplify the points made by Harlan Stenn:

Four is a better number locally for ntpd instances. As for different 
models/vendors for the time sources, I consider the GPS constellation as one 
vendor so I add multiple internet-connected sources as well to my ntp.conf 
instances.


James R. Cutler
james.cut...@consultant.com
GPG keys: hkps://hkps.pool.sks-keyservers.net

Re: NTP Question

[Harlan Stenn]

On 5/1/19 4:28 PM, Mel Beckman wrote:
> Harlan and Mehmet,
> 
> I can expand on one important reason that James only alluded to with his 
> “Kepping the Auditors happy” comment.
> 
> Passing NTP through a firewall and then using that as a critical time 
> reference source represents a huge security risk. Here’s one detailed 
> explanation of that risk:
> 
> https://insights.sei.cmu.edu/sei_blog/2017/04/best-practices-for-ntp-services.html

I have some significant disagreements with some of the assumptions and
positions in that posting, for whatever that's worth.  And there are
some good points in there, too.

H
--

>  -mel
> 
> On May 1, 2019, at 3:48 PM, James R Cutler 
> mailto:james.cut...@consultant.com>> wrote:
> 
> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
> - Why do folks want to have one or more NTP server masters that have at
> least 1 refclock on them in a data center, instead of having their data
> center NTP server masters that only get time over the internet?
> 
> Answers to that include:
> 
>   *   Keeping the Auditors happy
>   *   Knowing that “everyone does it” - the vendor told them so
>   *   Bragging rights (expensive hardware)
>   *   Being unbothered by fighting with facilities for building penetrations 
> and antenna mounts
>   *   Misunderstanding the beauty and economy Dave Mills marvelous algorithms 
> for consistent time based on multiple sources, even those connected via 
> internet
>   *   Unwillingness or inability to leverage other local resources capacity 
> to run ntpd with minimal impact in order to have a good constellation of 
> local NTP servers
>   *   Willingness to farm out time service without doing a deep dive into why 
> and how, just leaving the design to the appliance vendors
> 
> This covers most of what I have encountered in providing enterprise time 
> services for $dayjob+clients. I probably left out some significant points, 
> but it has been a few years...
> 
> 
> 
> 

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Harlan Stenn]

On 5/1/19 4:53 PM, Mel Beckman wrote:
> Ask,
> 
> But with a small compact server like the DC-powered TimeMachines Inc unit, 
> which costs something like $300, you simply put the server where the 
> visibility is and connect back to the nearest Ethernet port in your network, 
> up to 300’ away, or virtually any distance with fiber transceivers. We’ve 
> installed these in Cantex boxes on a windy, rainy tenth-story rooftop in 
> upstate NY and it runs flawlessly, warmed by its own internal heat at 
> sub-zero temps, and perfectly happy at ambient temps of 110F. 
> 
> It’s hard to consider messing with signal converters and pricey 
> remotely-powered active antennas when you can solve the problem for $300. :)

I sure hope you have ntpd set up to peer or get time with enough other
servers.

H
--
>  -mel 
> 
>> On May 1, 2019, at 4:44 PM, Ask Bjørn Hansen  wrote:
>>
>>
>>
>>> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
>>>
>>> I am trying to buy a GPS based NTP server like this one 
>>>
>>> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>>>
>>> but I will be placing this inside a data center, do these need an actual 
>>> view of a sky to be able to get signal or will they work fine inside a data 
>>> center building? if you have any other hardware requirements to be able to 
>>> provide stable time service for hundreds of customers, please let me know.
>>
>> [ with my hobby-hat on … ]
>>
>> tl;dr: if any of the below is too much work, just run reasonably well 
>> monitored NTP server syncing from other NTP servers. If you want more than 
>> that, you need to see the sky. Don’t do the CDMA thing.
>>
>> Depending on your requirements having the antenna in the window may or may 
>> not be satisfactory. If it’s fine you probably could just have done a 
>> regular NTP server in the first place.  For long swaths of the day you might 
>> not see too many satellites which will add to the uncertainty of the signal.
>>
>> Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 
>> 300 meters on RG58 or 700 meters on RG213.  (They also have products that 
>> use regular L1 antennas with the limitations Bryan mentioned).
>>
>> https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm
>>
>> They also have a multi-mode fiber box to have the antenna be up to 2km from 
>> the box or 20km with their single mode fiber box, if you have fiber to 
>> somewhere else where you can see the sky and place an antenna.
>>
>> It will be more than the one you linked to, but their systems are very 
>> reasonably priced, too. For “hundreds of customers” whatever is the 
>> smallest/cheapest box they have will work fine. Even their smallest models 
>> have decent oscillators (for keeping the ticks accurate between GPS signals).
>>
>> The Meinberg time server products (I am guessing all of them, but I’m not 
>> sure) also have a mode where they poll an upstream NTP server aggressively 
>> and then steer the oscillator after it. I haven’t used it in production, but 
>> it worked a lot better than it sounded like it would.  (In other words, even 
>> without GPS it’s a better time server than most systems).
>>
>>
>> Ask

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Harlan Stenn]

On 5/1/19 5:39 PM, William Herrin wrote:
> On Wed, May 1, 2019 at 12:23 PM Mehmet Akcin  wrote:
> 
>> I am trying to buy a GPS based NTP server like this one
>>
>> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>>
>> but I will be placing this inside a data center, do these need an actual
>> view of a sky to be able to get signal or will they work fine inside a data
>> center building? if you have any other hardware requirements to be able to
>> provide stable time service for hundreds of customers, please let me know.
>>
> 
> You buy a powered GPS antenna for it. Which antenna depends on the cable
> length and type. The amplifier in the antenna amplifies the signal just
> enough to overcome the cable loss between the antenna and the receiver.
> Nice thick cables lose less signal. Dinky thin ones are easier to work with.
> 
> You sure you need a GPS NTP server? You understand that if you do, you need
> two for reliability right, and probably at geographically diverse
> locations? If you're not on an air-gapped network, consider syncing a
> couple head-end NTP servers against tick and tock (.usno.navy.mil, the
> naval observatory) and not worrying about it. One less piece of equipment
> to manage, update, secure, etc.

Two is not a great number.  If they disagree, there is no majority
clique to be found.

Also, there is something to be said for using different models/vendors
for the time sources.  If you only have the same model from one vendor
and there is a bug, you can lose all your time sources at once.   The
GPS week rollover happens every ~19.7 years, and when that problem hits
is a function of the firmware and a manufacturing date put in the firmware.

These problems can be mitigated if you have "enough" time sources for
your internal NTP servers and you peer with enough other, possibly your,
servers.

> Regards,
> Bill Herrin

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Harald Koch]

On Wed, May 1, 2019, at 19:19, Brandon Martin wrote:
> I've seen things like this when there's a sudden power loss across a 
> small site e.g. a remote PoP.  Think a loss of utility power and UPS 
> fails to transfer for some unanticipated reason.

Or in our case, a Canada Goose lands on the transfer switch, shorting it out 
and disconnecting street, UPS, and generator. TBH I wasn't monitoring NTP at 
the time, being slightly more concerned with critical applications, so I 
concede your point :)

-- 
Harald Koch
c...@pobox.com

Re: NTP question

[Mel Beckman]

Stephen,

LOL. That’s not a real problem with today’s microprocessors. The TM1000A, for 
example:

“...is capable of serving 135+ synchronizations per second. 
That provides support for over 120,000+ devices updating 
every 15 minutes on the network.”

As for ARP traffic deluges, if that’s happening on your LAN, you have bigger 
problems :)

 -mel 

> On May 1, 2019, at 6:21 PM, Stephen Satchell  wrote:
> 
> One word of caution when using a low-priced NTP appliance: your network
> activity could overwhelm the TCP/IP stack of the poor thing, especially
> if you want to sync your entire shop to it.  In the case of the networks
> I set up, I set up a VLAN specific to the NTP appliance and to the two
> servers that sync up with it.  Everything else in the network is
> configured to talk to the two servers, but NOT on the three-device "NTP
> Appliance VLAN".
> 
> NOTE: Don't depend on the appliance to provide VLAN capability; use a
> configuration in a connected switch.  How you wire from the appliance to
> a port on your network leaves you with a lot of options to reach a
> window with good satellite visibility, as CAT 5 at 10 megabits/s can
> extend a long way successfully.  Watch your cable dress, particularly
> splices and runs against metal. (Or through rooms with MRI machines --
> I'm not joking.)
> 
> The two servers in question also sync up with NTP servers in the cloud
> using whatever baseband or VLANs (other than the "NTP VLAN") you
> configure.  Ditto clients using the two servers as time sources.
> 
> The goal here is to minimize the amount of traffic in the "NTP Appliance
> VLAN".  What killed one installation I did was the huge amount of ARP
> traffic that the appliance had to discard; it wasn't up to the deluge.
> 
> Learn from my mistakes.
> 

Re: NTP question

[Stephen Satchell]

One word of caution when using a low-priced NTP appliance: your network
activity could overwhelm the TCP/IP stack of the poor thing, especially
if you want to sync your entire shop to it.  In the case of the networks
I set up, I set up a VLAN specific to the NTP appliance and to the two
servers that sync up with it.  Everything else in the network is
configured to talk to the two servers, but NOT on the three-device "NTP
Appliance VLAN".

NOTE: Don't depend on the appliance to provide VLAN capability; use a
configuration in a connected switch.  How you wire from the appliance to
a port on your network leaves you with a lot of options to reach a
window with good satellite visibility, as CAT 5 at 10 megabits/s can
extend a long way successfully.  Watch your cable dress, particularly
splices and runs against metal. (Or through rooms with MRI machines --
I'm not joking.)

The two servers in question also sync up with NTP servers in the cloud
using whatever baseband or VLANs (other than the "NTP VLAN") you
configure.  Ditto clients using the two servers as time sources.

The goal here is to minimize the amount of traffic in the "NTP Appliance
VLAN".  What killed one installation I did was the huge amount of ARP
traffic that the appliance had to discard; it wasn't up to the deluge.

Learn from my mistakes.

RE: NTP question

[Keith Medcalf]

>If your network is air gapped from the Internet then sure. If it's
>not, you can run NTP against a reasonably reliable set of time
>sources (not random picks from Pool) and be able to say, "my log
>timestamps are accurate to +/- 10 milliseconds so it must be you who
>is farked up." While my milliseconds loses the pecking order contest,
>it's just as good for practical purposes and a whole lot less
>expensive.

You mean something like this, which is relatively easy to achieve:

==
offset -0.09, frequency -0.823, time_const 30, watchdog 238
synchronised to NTP server (192.5.41.40) at stratum 2
   time correct to within 12 ms
   polling server every 1024 s
==
 remote   refid  st t when poll reach   delay   offset  jitter
==
+clock.sjc.he.ne .CDMA.   1 u  287 1024  377   64.3130.337   0.867
-tock.usnogps.na .IRIG.   1 u5 1024  377  103.080   -2.097   0.316
-tick.usnogps.na .IRIG.   1 u  806 1024  377  103.053   -2.328   0.363
+india.colorado. .NIST.   1 u  270 1024  377   41.214   -0.159   0.113
+time-b-b.nist.g .NIST.   1 u  984 1024  377   42.6090.200   0.045
+time-c-b.nist.g .NIST.   1 u  180 1024  377   42.5630.201   0.064
+time-a-b.nist.g .NIST.   1 u  163 1024  377   42.6390.137   0.032
*192.5.41.40 .PTP.1 u  235 1024  377   12.756   -0.388  12.479
-192.5.41.41 .IRIG.   1 u  312 1024  377   13.575   -1.172   2.425
 LOCAL(0).LOCL.  10 l-   6400.0000.000   0.000
--
pll offset:   -8.474e-06 s
pll frequency:-0.823 ppm
maximum error:0.123149 s
estimated error:  0.000122 s
status:   2001  pll nano
pll time constant:10
precision:1e-09 s
frequency tolerance:  500 ppm
==

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: NTP question

[Rubens Kuhl]

On Wed, May 1, 2019 at 9:56 PM William Herrin  wrote:

> On Wed, May 1, 2019 at 5:48 PM Keith Medcalf  wrote:
>
>> If you have one such installation, then you really do not care about the
>> "accuracy" of the time.  However if you have multiple such installations
>> then you want them all to have the same time (if you will be comparing logs
>> between them, for example).  At some point it becomes "cheaper" to spend
>> thousands of dollars per site to have a single Stratum 0 timesource (for
>> example, the GPS system) at each site (and thus comparable time stamps)
>> than it is to pay someone to go though the rigamarole of computing offsets
>> and slew rates between sites to be able to do accurate comparison.  And if
>> you communicate any of that info to outsiders then being able to say "my
>> log timestamps are accurate to +/- 10 nanoseconds so it must be you who is
>> farked up" (and be able to prove it) has immense value.
>>
>
> If your network is air gapped from the Internet then sure. If it's not,
> you can run NTP against a reasonably reliable set of time sources (not
> random picks from Pool) and be able to say, "my log timestamps are accurate
> to +/- 10 milliseconds so it must be you who is farked up." While my
> milliseconds loses the pecking order contest, it's just as good for
> practical purposes and a whole lot less expensive.
>
>
And while time source stability is a good criteria, the most important NTP
criteria is path latency symmetry between directions. It's better to have a
path that is 100 ms of 1-way latency both ways than a path that is 1 ms one
way, 100 ms the other way.


Rubens

Re: NTP question

[William Herrin]

On Wed, May 1, 2019 at 5:48 PM Keith Medcalf  wrote:

> If you have one such installation, then you really do not care about the
> "accuracy" of the time.  However if you have multiple such installations
> then you want them all to have the same time (if you will be comparing logs
> between them, for example).  At some point it becomes "cheaper" to spend
> thousands of dollars per site to have a single Stratum 0 timesource (for
> example, the GPS system) at each site (and thus comparable time stamps)
> than it is to pay someone to go though the rigamarole of computing offsets
> and slew rates between sites to be able to do accurate comparison.  And if
> you communicate any of that info to outsiders then being able to say "my
> log timestamps are accurate to +/- 10 nanoseconds so it must be you who is
> farked up" (and be able to prove it) has immense value.
>

If your network is air gapped from the Internet then sure. If it's not, you
can run NTP against a reasonably reliable set of time sources (not random
picks from Pool) and be able to say, "my log timestamps are accurate to +/-
10 milliseconds so it must be you who is farked up." While my milliseconds
loses the pecking order contest, it's just as good for practical purposes
and a whole lot less expensive.

If your system is Internet-connected. If you run an air gapped network then
yeah, get your time out of band.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

RE: NTP question

[Keith Medcalf]

On Wednesday, 1 May, 2019 15:36, Harlan Stenn  wrote:

>So I gotta ask, just as a reality check:

>- Why do folks want to have one or more NTP server masters that have
>at least 1 refclock on them in a data center, instead of having their
>data center NTP server masters that only get time over the internet?

That entirely depends on what you need the time for.

For example, in a Continuous Control environment you really do not care about 
the accuracy of the time -- just like a printer will not suddenly fail to print 
documents with dates in them because of Y2K, the printer neither cares nor 
knows what time it is.

What you may care about, however, is that all your Distributed Control and 
Outboard Systems have the SAME TIME and that that time, relative to each other, 
is closely synchronized.  This has a huge impact when comparing log events from 
one system to another.  What is important is that they all have the same time, 
and that they all drift together.

If you have one such installation, then you really do not care about the 
"accuracy" of the time.  However if you have multiple such installations then 
you want them all to have the same time (if you will be comparing logs between 
them, for example).  At some point it becomes "cheaper" to spend thousands of 
dollars per site to have a single Stratum 0 timesource (for example, the GPS 
system) at each site (and thus comparable time stamps) than it is to pay 
someone to go though the rigamarole of computing offsets and slew rates between 
sites to be able to do accurate comparison.  And if you communicate any of that 
info to outsiders then being able to say "my log timestamps are accurate to +/- 
10 nanoseconds so it must be you who is farked up" (and be able to prove it) 
has immense value.

---
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: NTP question

[Chris Adams]

Once upon a time, William Herrin  said:
> You sure you need a GPS NTP server? You understand that if you do, you need
> two for reliability right

That'd be 3 - a man with 2 clocks never know what time it is! :)
-- 
Chris Adams 

Re: NTP question

[William Herrin]

On Wed, May 1, 2019 at 12:23 PM Mehmet Akcin  wrote:

> I am trying to buy a GPS based NTP server like this one
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an actual
> view of a sky to be able to get signal or will they work fine inside a data
> center building? if you have any other hardware requirements to be able to
> provide stable time service for hundreds of customers, please let me know.
>

You buy a powered GPS antenna for it. Which antenna depends on the cable
length and type. The amplifier in the antenna amplifies the signal just
enough to overcome the cable loss between the antenna and the receiver.
Nice thick cables lose less signal. Dinky thin ones are easier to work with.

You sure you need a GPS NTP server? You understand that if you do, you need
two for reliability right, and probably at geographically diverse
locations? If you're not on an air-gapped network, consider syncing a
couple head-end NTP servers against tick and tock (.usno.navy.mil, the
naval observatory) and not worrying about it. One less piece of equipment
to manage, update, secure, etc.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Dirtside Systems . Web: 

Re: NTP question

[Brielle Bruns]

On 5/1/2019 6:12 PM, Mike Hammett wrote:
Anyone know of a solution that doesn't require an external antenna, is 
NEBS compliant, and has T1-type outputs for me to hook into my 
Metaswitch gear?




You forgot 'world peace' in there too.  :)

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: NTP question

[Mike Hammett]

Anyone know of a solution that doesn't require an external antenna, is NEBS 
compliant, and has T1-type outputs for me to hook into my Metaswitch gear? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Alejandro Acosta"  
To: nanog@nanog.org 
Sent: Wednesday, May 1, 2019 5:41:36 PM 
Subject: Re: NTP question 


Hello, 
As other have commented before, it looks you need an outdoor antenna, however, 
reading the specs it says: 


"The built in high sensitivity GPS receiver is able to lock multiple satellites 
from within multiple buildings or from a window location , eliminating the 
requirement that an outdoor antenna be installed ." 



Weird. 


Alejandro, 





El 1/5/19 a las 15:22, Mehmet Akcin escribió: 



hey there Nanog, 


I am trying to buy a GPS based NTP server like this one 


https://timemachinescorp.com/product/gps-time-server-tm1000a/ 



but I will be placing this inside a data center, do these need an actual view 
of a sky to be able to get signal or will they work fine inside a data center 
building? if you have any other hardware requirements to be able to provide 
stable time service for hundreds of customers, please let me know. 


mehmet 

Re: NTP question

[Ask Bjørn Hansen]

> On May 1, 2019, at 16:53, Mel Beckman  wrote:
> 
> It’s hard to consider messing with signal converters and pricey 
> remotely-powered active antennas when you can solve the problem for $300. :)

As I said, it really depends on your requirements and expectations. :-)

For my “normal” use cases there hasn’t been room for a lot of stuff between 
“well run NTP server with networked time source” and “server with fancy clocks 
and frequency input”.

Though, on the topic of unusual requirements there are a bunch of contributors 
to the NTP Pool using this curious device that can do line rate NTP responses 
(100Mbps, but still):

https://store.uputronics.com/index.php?route=product/product_id=92


Ask

Re: NTP question

[Mel Beckman]

Ask,

But with a small compact server like the DC-powered TimeMachines Inc unit, 
which costs something like $300, you simply put the server where the visibility 
is and connect back to the nearest Ethernet port in your network, up to 300’ 
away, or virtually any distance with fiber transceivers. We’ve installed these 
in Cantex boxes on a windy, rainy tenth-story rooftop in upstate NY and it runs 
flawlessly, warmed by its own internal heat at sub-zero temps, and perfectly 
happy at ambient temps of 110F. 

It’s hard to consider messing with signal converters and pricey 
remotely-powered active antennas when you can solve the problem for $300. :)

 -mel 

> On May 1, 2019, at 4:44 PM, Ask Bjørn Hansen  wrote:
> 
> 
> 
>> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
>> 
>> I am trying to buy a GPS based NTP server like this one 
>> 
>> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>> 
>> but I will be placing this inside a data center, do these need an actual 
>> view of a sky to be able to get signal or will they work fine inside a data 
>> center building? if you have any other hardware requirements to be able to 
>> provide stable time service for hundreds of customers, please let me know.
> 
> [ with my hobby-hat on … ]
> 
> tl;dr: if any of the below is too much work, just run reasonably well 
> monitored NTP server syncing from other NTP servers. If you want more than 
> that, you need to see the sky. Don’t do the CDMA thing.
> 
> Depending on your requirements having the antenna in the window may or may 
> not be satisfactory. If it’s fine you probably could just have done a regular 
> NTP server in the first place.  For long swaths of the day you might not see 
> too many satellites which will add to the uncertainty of the signal.
> 
> Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 300 
> meters on RG58 or 700 meters on RG213.  (They also have products that use 
> regular L1 antennas with the limitations Bryan mentioned).
> 
> https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm
> 
> They also have a multi-mode fiber box to have the antenna be up to 2km from 
> the box or 20km with their single mode fiber box, if you have fiber to 
> somewhere else where you can see the sky and place an antenna.
> 
> It will be more than the one you linked to, but their systems are very 
> reasonably priced, too. For “hundreds of customers” whatever is the 
> smallest/cheapest box they have will work fine. Even their smallest models 
> have decent oscillators (for keeping the ticks accurate between GPS signals).
> 
> The Meinberg time server products (I am guessing all of them, but I’m not 
> sure) also have a mode where they poll an upstream NTP server aggressively 
> and then steer the oscillator after it. I haven’t used it in production, but 
> it worked a lot better than it sounded like it would.  (In other words, even 
> without GPS it’s a better time server than most systems).
> 
> 
> Ask

Re: NTP question

[Ask Bjørn Hansen]

> On May 1, 2019, at 12:22, Mehmet Akcin  wrote:
> 
> I am trying to buy a GPS based NTP server like this one 
> 
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
> 
> but I will be placing this inside a data center, do these need an actual view 
> of a sky to be able to get signal or will they work fine inside a data center 
> building? if you have any other hardware requirements to be able to provide 
> stable time service for hundreds of customers, please let me know.

[ with my hobby-hat on … ]

tl;dr: if any of the below is too much work, just run reasonably well monitored 
NTP server syncing from other NTP servers. If you want more than that, you need 
to see the sky. Don’t do the CDMA thing.

Depending on your requirements having the antenna in the window may or may not 
be satisfactory. If it’s fine you probably could just have done a regular NTP 
server in the first place.  For long swaths of the day you might not see too 
many satellites which will add to the uncertainty of the signal.

Meinberg’s GPS antenna has a bit more smarts which helps it work on up to 300 
meters on RG58 or 700 meters on RG213.  (They also have products that use 
regular L1 antennas with the limitations Bryan mentioned).

https://www.meinbergglobal.com/english/products/gps-antenna-converter.htm

They also have a multi-mode fiber box to have the antenna be up to 2km from the 
box or 20km with their single mode fiber box, if you have fiber to somewhere 
else where you can see the sky and place an antenna.

It will be more than the one you linked to, but their systems are very 
reasonably priced, too. For “hundreds of customers” whatever is the 
smallest/cheapest box they have will work fine. Even their smallest models have 
decent oscillators (for keeping the ticks accurate between GPS signals).

The Meinberg time server products (I am guessing all of them, but I’m not sure) 
also have a mode where they poll an upstream NTP server aggressively and then 
steer the oscillator after it. I haven’t used it in production, but it worked a 
lot better than it sounded like it would.  (In other words, even without GPS 
it’s a better time server than most systems).


Ask

Re: NTP Question

[Mel Beckman]

Harlan and Mehmet,

I can expand on one important reason that James only alluded to with his 
“Kepping the Auditors happy” comment.

Passing NTP through a firewall and then using that as a critical time reference 
source represents a huge security risk. Here’s one detailed explanation of that 
risk:

https://insights.sei.cmu.edu/sei_blog/2017/04/best-practices-for-ntp-services.html

 -mel

On May 1, 2019, at 3:48 PM, James R Cutler 
mailto:james.cut...@consultant.com>> wrote:

On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
- Why do folks want to have one or more NTP server masters that have at
least 1 refclock on them in a data center, instead of having their data
center NTP server masters that only get time over the internet?

Answers to that include:

  *   Keeping the Auditors happy
  *   Knowing that “everyone does it” - the vendor told them so
  *   Bragging rights (expensive hardware)
  *   Being unbothered by fighting with facilities for building penetrations 
and antenna mounts
  *   Misunderstanding the beauty and economy Dave Mills marvelous algorithms 
for consistent time based on multiple sources, even those connected via internet
  *   Unwillingness or inability to leverage other local resources capacity to 
run ntpd with minimal impact in order to have a good constellation of local NTP 
servers
  *   Willingness to farm out time service without doing a deep dive into why 
and how, just leaving the design to the appliance vendors

This covers most of what I have encountered in providing enterprise time 
services for $dayjob+clients. I probably left out some significant points, but 
it has been a few years...

Re: NTP question

[Harlan Stenn]

On 5/1/2019 4:17 PM, Brandon Martin wrote:
> On 5/1/19 7:03 PM, Harald Koch wrote:
>> Properly deployed NTP should calibrate the local hardware clocks to
>> prevent drift even during connectivity outages. (I'm talking both the
>> low resolution hardware clocks used for timing across power cycles and
>> reboots, and the oscillators used while the OS is running). While most
>> computer hardware is temperature sensitive, if your datacenter is
>> suddenly changing temperature enough to cause clock drift, well, you
>> have bigger problems.:)
> 
> For sure, sudden loss of time "shouldn't" happen, but having a local
> refclock is comparatively cheap insurance against it in many deployments.

BCP these days is "orphan mode", not "local refclock".

> I've seen things like this when there's a sudden power loss across a
> small site e.g. a remote PoP.  Think a loss of utility power and UPS
> fails to transfer for some unanticipated reason.  Everything will come
> back up when either the utility power comes back or generator spins up,
> but it will all be hard reset.  Depending on your NTP implementation,
> the local hardware clock may not be particularly accurate.  Even good
> implementations often lack the necessary hardware capabilities to trim
> the low-resolution hardware reference and have to resort to simply
> flushing the time to hardware every so often.
> 
> Relative inaccuracies of a few seconds are pretty normal in that kind of
> situation in my experience.  Putting everything together from logs where
> there's an unknown time offset of a few seconds after the fact can be
> tough.  Then again, maybe you don't care in this example case since the
> cause of the problem is proximate - the frigging UPS didn't do its job.
>  More complex scenarios might be easily envisioned, though.
> 
> Now, obviously you've still got an issue of the fact that the GPS refclk
> will take a while to lock and start serving time, but at least you've
> potentially got known-good time info before you start bringing
> higher-level network protocols up (and can purposely delay until you do,
> if desired) which is potentially impossible if your only source of time
> is the network itself.

Ah, this is the dance with "have enough sources of time"...
-- 
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!

Re: NTP question

[Brandon Martin]

On 5/1/19 7:03 PM, Harald Koch wrote:

Properly deployed NTP should calibrate the local hardware clocks to prevent 
drift even during connectivity outages. (I'm talking both the low resolution 
hardware clocks used for timing across power cycles and reboots, and the 
oscillators used while the OS is running). While most computer hardware is 
temperature sensitive, if your datacenter is suddenly changing temperature 
enough to cause clock drift, well, you have bigger problems.:)


For sure, sudden loss of time "shouldn't" happen, but having a local 
refclock is comparatively cheap insurance against it in many deployments.


I've seen things like this when there's a sudden power loss across a 
small site e.g. a remote PoP.  Think a loss of utility power and UPS 
fails to transfer for some unanticipated reason.  Everything will come 
back up when either the utility power comes back or generator spins up, 
but it will all be hard reset.  Depending on your NTP implementation, 
the local hardware clock may not be particularly accurate.  Even good 
implementations often lack the necessary hardware capabilities to trim 
the low-resolution hardware reference and have to resort to simply 
flushing the time to hardware every so often.


Relative inaccuracies of a few seconds are pretty normal in that kind of 
situation in my experience.  Putting everything together from logs where 
there's an unknown time offset of a few seconds after the fact can be 
tough.  Then again, maybe you don't care in this example case since the 
cause of the problem is proximate - the frigging UPS didn't do its job. 
 More complex scenarios might be easily envisioned, though.


Now, obviously you've still got an issue of the fact that the GPS refclk 
will take a while to lock and start serving time, but at least you've 
potentially got known-good time info before you start bringing 
higher-level network protocols up (and can purposely delay until you do, 
if desired) which is potentially impossible if your only source of time 
is the network itself.

--
Brandon Martin

Re: NTP question

[Harald Koch]

On Wed, May 1, 2019, at 18:46, Brandon Martin wrote:
> Think about what might happen if you lost time sync as a result of the 
> incident causing said connectivity outage.  Depending on your time 
> sources available, you might see rapid drift or, worst case, lose your 
> time reference entirely as a result of equipment restarts, etc.  GPS, as 
> long as you have a good view of the sky, provides extremely accurate 
> "lights out" time info, both absolute and relative, from a single source 
> with no (mostly) strings attached for that purpose.

Properly deployed NTP should calibrate the local hardware clocks to prevent 
drift even during connectivity outages. (I'm talking both the low resolution 
hardware clocks used for timing across power cycles and reboots, and the 
oscillators used while the OS is running). While most computer hardware is 
temperature sensitive, if your datacenter is suddenly changing temperature 
enough to cause clock drift, well, you have bigger problems. :)

I admit that this is an anecdote, but in our environment, I find that our GPSDO 
loses its GPS signal due to weather more often than we lose our connections to 
internet NTP servers.

On the other hand, we once had a site-wide Kerberos authentication outage 
because all of our Windows clients were using some windows NTP client that by 
default used two NTP sources owned by the software developer; when they both 
suddenly stepped by 20 minutes, Kerberos locked everyone out.

Time is hard :)

-- 
Harald Koch
c...@pobox.com

Re: NTP Question

[James R Cutler]

On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
> - Why do folks want to have one or more NTP server masters that have at
> least 1 refclock on them in a data center, instead of having their data
> center NTP server masters that only get time over the internet?

Answers to that include:
Keeping the Auditors happy
Knowing that “everyone does it” - the vendor told them so
Bragging rights (expensive hardware)
Being unbothered by fighting with facilities for building penetrations and 
antenna mounts
Misunderstanding the beauty and economy Dave Mills marvelous algorithms for 
consistent time based on multiple sources, even those connected via internet
Unwillingness or inability to leverage other local resources capacity to run 
ntpd with minimal impact in order to have a good constellation of local NTP 
servers
Willingness to farm out time service without doing a deep dive into why and 
how, just leaving the design to the appliance vendors 
This covers most of what I have encountered in providing enterprise time 
services for $dayjob+clients. I probably left out some significant points, but 
it has been a few years...

Re: NTP question

[Brandon Martin]

On 5/1/19 5:35 PM, Harlan Stenn wrote:

- Why do folks want to have one or more NTP server masters that have at
least 1 refclock on them in a data center, instead of having their data
center NTP server masters that only get time over the internet?


It can be extremely useful to have known-good timestamps to within 
several milliseconds, even in the event of a connectivity outage, when 
trying to figure out what went wrong from log entries spanning multiple 
systems and sites.


Think about what might happen if you lost time sync as a result of the 
incident causing said connectivity outage.  Depending on your time 
sources available, you might see rapid drift or, worst case, lose your 
time reference entirely as a result of equipment restarts, etc.  GPS, as 
long as you have a good view of the sky, provides extremely accurate 
"lights out" time info, both absolute and relative, from a single source 
with no (mostly) strings attached for that purpose.

--
Brandon Martin

Re: NTP question

[Alejandro Acosta]

Hello,

  As other have commented before, it looks you need an outdoor antenna,
however, reading the specs it says:


"The built in high sensitivity GPS receiver is able to lock multiple
satellites from within multiple buildings or from a window location*,
eliminating the requirement that an outdoor antenna be installed*."


Weird.


Alejandro,



El 1/5/19 a las 15:22, Mehmet Akcin escribió:
> hey there Nanog,
>
> I am trying to buy a GPS based NTP server like this one 
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an
> actual view of a sky to be able to get signal or will they work fine
> inside a data center building? if you have any other hardware
> requirements to be able to provide stable time service for hundreds of
> customers, please let me know.
>
> mehmet
>
>

Re: NTP question

[Mike Hammett]

Accurate timing is also often required for telco gear. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Harlan Stenn"  
To: nanog@nanog.org 
Sent: Wednesday, May 1, 2019 4:35:58 PM 
Subject: Re: NTP question 

So I gotta ask, just as a reality check: 

- Why do folks want to have one or more NTP server masters that have at 
least 1 refclock on them in a data center, instead of having their data 
center NTP server masters that only get time over the internet? 

- What % of data center operators provide time servers in their data 
centers for their tenants (or for the general public)? 

-- 
Harlan Stenn  
http://networktimefoundation.org - be a member! 

Re: NTP question

[Harlan Stenn]

On 5/1/19 2:59 PM, Andreas Ott wrote:
> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
>> - Why do folks want to have one or more NTP server masters that have at
>> least 1 refclock on them in a data center, instead of having their data
>> center NTP server masters that only get time over the internet?
> 
> I had that discussion before with the QSA for a compliance audit, pointing
> to requirement "10.4.3 Time settings are received from industry-accepted
> time sources" and "verify that the time server(s) accept time updates from
> specific, industry-accepted external sources (to prevent a malicious
> individual from changing the clock)" in the PCI-DSS document. He
> non-jokingly suggested "why don't you use pool.ntp.org?", not really
> realizing how many servers are in fact just someone's PC behind a cable
> modem in their home, which negated the "do I trust the time I am 
> receiving?". My immediate answer was "we could use NIST servers", 
> but the easiest way out of this is "we operate our own NTP appliance 
> with a GPS receiver" and provide that as evidence.
> 
> Don't get me wrong, I support pool.ntp.org by operating and contributing 
> servers to it, but it is not deemed good enough if you need traceability
> of your NTP time source(s), even though the pool will only admit members
> above a certain quality threshold.

I have no immediate agenda here.  My sole purpose is to get information
about this, as I mostly work with people who a) believe accurate time is
important, and b) at least have an appreciation for how unexpectedly
difficult it is to synchronize time in a predictable and stable way
across a large population of systems in a diverse set of environments.

In my experience, people who don't fall in to either of those categories
are pretty well invested in their opinions.

>> - What % of data center operators provide time servers in their data
>> centers for their tenants (or for the general public)?
> 
> My $employer does that in our datacenters and points of presence for
> our customers.

Glad to hear it!

> -andreas
> 

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Andreas Ott]

On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
> - Why do folks want to have one or more NTP server masters that have at
> least 1 refclock on them in a data center, instead of having their data
> center NTP server masters that only get time over the internet?

I had that discussion before with the QSA for a compliance audit, pointing
to requirement "10.4.3 Time settings are received from industry-accepted
time sources" and "verify that the time server(s) accept time updates from
specific, industry-accepted external sources (to prevent a malicious
individual from changing the clock)" in the PCI-DSS document. He
non-jokingly suggested "why don't you use pool.ntp.org?", not really
realizing how many servers are in fact just someone's PC behind a cable
modem in their home, which negated the "do I trust the time I am 
receiving?". My immediate answer was "we could use NIST servers", 
but the easiest way out of this is "we operate our own NTP appliance 
with a GPS receiver" and provide that as evidence.

Don't get me wrong, I support pool.ntp.org by operating and contributing 
servers to it, but it is not deemed good enough if you need traceability
of your NTP time source(s), even though the pool will only admit members
above a certain quality threshold.


> - What % of data center operators provide time servers in their data
> centers for their tenants (or for the general public)?

My $employer does that in our datacenters and points of presence for
our customers.

-andreas
-- 
Andreas Ott   K6OTT   +1.408.431.8727   andr...@naund.org

Re: NTP question

[Rubens Kuhl]

Perhaps using a rubidium source instead of GPS ? The actual time can be
obtained thru NTP, all you actually need is a precision source to keep time
accurate thereafter.


Rubens


On Wed, May 1, 2019 at 4:24 PM Mehmet Akcin  wrote:

> hey there Nanog,
>
> I am trying to buy a GPS based NTP server like this one
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an actual
> view of a sky to be able to get signal or will they work fine inside a data
> center building? if you have any other hardware requirements to be able to
> provide stable time service for hundreds of customers, please let me know.
>
> mehmet
>
>
>

Re: NTP question

[Harlan Stenn]

So I gotta ask, just as a reality check:

- Why do folks want to have one or more NTP server masters that have at
least 1 refclock on them in a data center, instead of having their data
center NTP server masters that only get time over the internet?

- What % of data center operators provide time servers in their data
centers for their tenants (or for the general public)?

-- 
Harlan Stenn 
http://networktimefoundation.org - be a member!

Re: NTP question

[Brielle Bruns]

Kinda sucks all the good 'backup' methods of time keeping are dwindling.

I've got a WWVB clock as well that I'd love to get hooked into my main 
NTP server, but I worry they're going to finally kill that off in the 
next year or so.


LORAN C clocks still have potential to work well too...


High accuracy time keeping is a fun hobby.  :)



On 5/1/2019 3:05 PM, Mike Hammett wrote:
I looked before at who had spectrum allocations in the frequencies my 
boxes supported. I then used Cell Mapper to figure out what technology 
was deployed on that frequency. IIRC, both US Cellular and Verizon had 
basic CDMA running in my area on those channels. Sprint was running LTE 
and 1x Advanced (or something like that), so probably wouldn't have 
worked out. If Verizon is dropping theirs, then depending on only one 
company seems a bit unwise  which means I gotta find some kind of 
solution by then. *sigh*




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


*From: *"Brielle Bruns" 
*To: *nanog@nanog.org
*Sent: *Wednesday, May 1, 2019 3:58:57 PM
*Subject: *Re: NTP question

On 5/1/2019 2:50 PM, Andreas Ott wrote:
 >> If you can't get a good spot for an antenna, you could be on the lookout
 >> for a CDMA NTP clock.
 > CDMA service is about to be retired in several places, please check
 > in your area before you install a "new" CDMA based time server.
 > C.f.https://www.verizonwireless.com/support/knowledge-base-218813/
 >
 > I looked into the same thing and decided not to go with CDMA.

There's actually a few other CDMA networks in our area (Boise) besides
Verizon, so it wouldn't hurt to look.  I seem to remember Sprint is
planning to go to 2021?  There also appears to be a few smaller
independent CDMA networks around as well.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org    /     http://www.ahbl.org




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: NTP question

[Mike Hammett]

I looked before at who had spectrum allocations in the frequencies my boxes 
supported. I then used Cell Mapper to figure out what technology was deployed 
on that frequency. IIRC, both US Cellular and Verizon had basic CDMA running in 
my area on those channels. Sprint was running LTE and 1x Advanced (or something 
like that), so probably wouldn't have worked out. If Verizon is dropping 
theirs, then depending on only one company seems a bit unwise which means I 
gotta find some kind of solution by then. *sigh* 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Brielle Bruns"  
To: nanog@nanog.org 
Sent: Wednesday, May 1, 2019 3:58:57 PM 
Subject: Re: NTP question 

On 5/1/2019 2:50 PM, Andreas Ott wrote: 
>> If you can't get a good spot for an antenna, you could be on the lookout 
>> for a CDMA NTP clock. 
> CDMA service is about to be retired in several places, please check 
> in your area before you install a "new" CDMA based time server. 
> C.f.https://www.verizonwireless.com/support/knowledge-base-218813/ 
> 
> I looked into the same thing and decided not to go with CDMA. 

There's actually a few other CDMA networks in our area (Boise) besides 
Verizon, so it wouldn't hurt to look. I seem to remember Sprint is 
planning to go to 2021? There also appears to be a few smaller 
independent CDMA networks around as well. 

-- 
Brielle Bruns 
The Summit Open Source Development Group 
http://www.sosdg.org / http://www.ahbl.org 

Re: NTP question

[Brielle Bruns]

On 5/1/2019 2:50 PM, Andreas Ott wrote:

If you can't get a good spot for an antenna, you could be on the lookout
for a CDMA NTP clock.

CDMA service is about to be retired in several places, please check
in your area before you install a "new" CDMA based time server.
C.f.https://www.verizonwireless.com/support/knowledge-base-218813/

I looked into the same thing and decided not to go with CDMA.


There's actually a few other CDMA networks in our area (Boise) besides 
Verizon, so it wouldn't hurt to look.  I seem to remember Sprint is 
planning to go to 2021?  There also appears to be a few smaller 
independent CDMA networks around as well.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: NTP question

[Mel Beckman]

Mehmet,

I use the TimeMachines unit a lot. Usually we deploy these near any outside 
window, typically putting the box in the ceiling and the running the GPS 
antenna on its 20’ cable (or whatever it is) down to the window glass.  Test 
different windows first before committing. Then use any of the may passive POE 
injectors to inject the TM’s power brick into the Cat5 and strip it out on the 
other end, over a little power plug jumper that plugs into the TM box. Works a 
treat!

 -mel beckman

On May 1, 2019, at 12:44 PM, Mehmet Akcin 
mailto:meh...@akcin.net>> wrote:

thank you guys, looks like GPS based NTP is the way to go.

On Wed, May 1, 2019 at 3:36 PM Bryan Fields 
mailto:br...@bryanfields.net>> wrote:
On 5/1/19 3:22 PM, Mehmet Akcin wrote:
> hey there Nanog,
>
> I am trying to buy a GPS based NTP server like this one
>
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
>
> but I will be placing this inside a data center, do these need an actual
> view of a sky to be able to get signal or will they work fine inside a data
> center building?

You will need a clear view to the sky for at least the antenna.

Most GPS "antennas" are an antenna and Low Noise Amplifier (LNA) which is
powered via 5-12v on the coax.  This sets the noise figure and gain of the
system, so you can run 50-100' of RG6 coax if needed.  You'll need a F to sma
adapter for this unit it looks like.  Don't worry about the impedance
mismatch, 50 to 75 ohm is not horrid, the RG-174 thin cable has more loss in
10' than 100' of RG6.

You will not want to use the low gain puck antenna, but rather get a proper
grounded/mounted/weatherproofed antenna such as the ubiquitous 26 dBi
Quadrifilar Helix antenna. https://www.ebay.com/itm/192899151132



--
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: NTP question

[Mike Hammett]

I had inquired with Frontier about installing a GPS antenna and they said they 
don't allow antennas of any kind attached to the building anymore. I didn't 
pursue that any further. I didn't think to check what the signal strength was 
inside. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Andreas Ott"  
To: nanog@nanog.org 
Sent: Wednesday, May 1, 2019 3:50:33 PM 
Subject: Re: NTP question 

Hi, 

On Wed, May 01, 2019 at 02:01:44PM -0600, Brielle Bruns wrote: 
> If you can't get a good spot for an antenna, you could be on the lookout 
> for a CDMA NTP clock. 

CDMA service is about to be retired in several places, please check 
in your area before you install a "new" CDMA based time server. 
C.f. https://www.verizonwireless.com/support/knowledge-base-218813/ 

I looked into the same thing and decided not to go with CDMA. 

A simple check inside a (datacenter) building is to use one of the GPS 
smart phone apps that display you number of Sats and signal strength then 
walk around where you would place the NTP server appliance. Beware of 
server CPUs and memory making RF noise in the same frequency spectrum of 
1.2 - 2 GHz, completely blanking out any GPS indoors. I concur that 
installing an amplified roof-top antenna and running coax to your receiver 
is the best option. 

-andreas 
-- 
Andreas Ott K6OTT +1.408.431.8727 andr...@naund.org 

Re: NTP question

[Andreas Ott]

Hi,

On Wed, May 01, 2019 at 02:01:44PM -0600, Brielle Bruns wrote:
> If you can't get a good spot for an antenna, you could be on the lookout 
> for a CDMA NTP clock.

CDMA service is about to be retired in several places, please check
in your area before you install a "new" CDMA based time server. 
C.f.  https://www.verizonwireless.com/support/knowledge-base-218813/

I looked into the same thing and decided not to go with CDMA.

A simple check inside a (datacenter) building is to use one of the GPS
smart phone apps that display you number of Sats and signal strength then
walk around where you would place the NTP server appliance. Beware of
server CPUs and memory making RF noise in the same frequency spectrum of
1.2 - 2 GHz, completely blanking out any GPS indoors. I concur that
installing an amplified roof-top antenna and running coax to your receiver 
is the best option.

-andreas
-- 
Andreas Ott   K6OTT   +1.408.431.8727   andr...@naund.org

Re: NTP question

[Brielle Bruns]

If you can't get a good spot for an antenna, you could be on the lookout 
for a CDMA NTP clock.


https://endruntechnologies.com/products/ntp-time-servers

We've got one as a backup to our SyncServer S200.  Doesn't need an 
outdoor antenna as long as you can get a cellular signal in the DC.


EndRun's are Linux based and still getting software updates.  As an 
added bonus, they also do IPv6.


Of course, you're putting a lot of trust into the wireless companies 
doing this, but its a nice alternative.



On 5/1/2019 1:43 PM, Mehmet Akcin wrote:

thank you guys, looks like GPS based NTP is the way to go.

On Wed, May 1, 2019 at 3:36 PM Bryan Fields > wrote:


On 5/1/19 3:22 PM, Mehmet Akcin wrote:
 > hey there Nanog,
 >
 > I am trying to buy a GPS based NTP server like this one
 >
 > https://timemachinescorp.com/product/gps-time-server-tm1000a/
 >
 > but I will be placing this inside a data center, do these need an
actual
 > view of a sky to be able to get signal or will they work fine
inside a data
 > center building?

You will need a clear view to the sky for at least the antenna.

Most GPS "antennas" are an antenna and Low Noise Amplifier (LNA)
which is
powered via 5-12v on the coax.  This sets the noise figure and gain
of the
system, so you can run 50-100' of RG6 coax if needed.  You'll need a
F to sma
adapter for this unit it looks like.  Don't worry about the impedance
mismatch, 50 to 75 ohm is not horrid, the RG-174 thin cable has more
loss in
10' than 100' of RG6.

You will not want to use the low gain puck antenna, but rather get a
proper
grounded/mounted/weatherproofed antenna such as the ubiquitous 26 dBi
Quadrifilar Helix antenna. https://www.ebay.com/itm/192899151132



-- 
Bryan Fields


727-409-1194 - Voice
http://bryanfields.net




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: NTP question

[Mehmet Akcin]

thank you guys, looks like GPS based NTP is the way to go.

On Wed, May 1, 2019 at 3:36 PM Bryan Fields  wrote:

> On 5/1/19 3:22 PM, Mehmet Akcin wrote:
> > hey there Nanog,
> >
> > I am trying to buy a GPS based NTP server like this one
> >
> > https://timemachinescorp.com/product/gps-time-server-tm1000a/
> >
> > but I will be placing this inside a data center, do these need an actual
> > view of a sky to be able to get signal or will they work fine inside a
> data
> > center building?
>
> You will need a clear view to the sky for at least the antenna.
>
> Most GPS "antennas" are an antenna and Low Noise Amplifier (LNA) which is
> powered via 5-12v on the coax.  This sets the noise figure and gain of the
> system, so you can run 50-100' of RG6 coax if needed.  You'll need a F to
> sma
> adapter for this unit it looks like.  Don't worry about the impedance
> mismatch, 50 to 75 ohm is not horrid, the RG-174 thin cable has more loss
> in
> 10' than 100' of RG6.
>
> You will not want to use the low gain puck antenna, but rather get a proper
> grounded/mounted/weatherproofed antenna such as the ubiquitous 26 dBi
> Quadrifilar Helix antenna. https://www.ebay.com/itm/192899151132
>
>
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
>

Re: NTP question

[Bryan Fields]

On 5/1/19 3:22 PM, Mehmet Akcin wrote:
> hey there Nanog,
> 
> I am trying to buy a GPS based NTP server like this one
> 
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
> 
> but I will be placing this inside a data center, do these need an actual
> view of a sky to be able to get signal or will they work fine inside a data
> center building? 

You will need a clear view to the sky for at least the antenna.

Most GPS "antennas" are an antenna and Low Noise Amplifier (LNA) which is
powered via 5-12v on the coax.  This sets the noise figure and gain of the
system, so you can run 50-100' of RG6 coax if needed.  You'll need a F to sma
adapter for this unit it looks like.  Don't worry about the impedance
mismatch, 50 to 75 ohm is not horrid, the RG-174 thin cable has more loss in
10' than 100' of RG6.

You will not want to use the low gain puck antenna, but rather get a proper
grounded/mounted/weatherproofed antenna such as the ubiquitous 26 dBi
Quadrifilar Helix antenna. https://www.ebay.com/itm/192899151132



-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: NTP question

[Job Snijders]

Dear Mehmet,

On Wed, May 01, 2019 at 03:22:57PM -0400, Mehmet Akcin wrote:
> I am trying to buy a GPS based NTP server like this one
> 
> https://timemachinescorp.com/product/gps-time-server-tm1000a/
> 
> but I will be placing this inside a data center, do these need an
> actual view of a sky to be able to get signal or will they work fine
> inside a data center building? 

This will *not* work if the antenna is placed *inside* the datacenter.

The trick is to order a spot on the roof of the datacenter, have the
facility staff place the antenna there, and run a cable to the NTP
server in your rack.

It'll depend on the facility what the MRC / NRC is for this service will
be.

Kind regards,

Job