John Pettitt wrote: > Chuck Swiger wrote: > >>Normally, one should only pick perhaps three remote NTP servers, and set up a >>ring of three NTP peers locally. Trying to talk to ~40 remote servers is >>probably not helpful. > > Actually you need at least four to reliably detect a bad server (3+n to > detect n bad servers) - if you support many clients it's a good idea to > have at least five to allow foe two upstream failures.
The equation is actually 2n+1... http://ntp.isc.org/bin/view/Support/SelectingOffsiteNTPServers 5.3.3 states: > According to Brian Utterback, the math officially goes like this: > > While the general rule is for 2n+1 to protect against "n" > falsetickers, this actually isn't true for the case where n=1. It > actually takes 2 servers to produce a "candidate" time, which is > really an interval. The winner is the shortest interval for which > more than half (counting the two that define the interval) have an > offset (+/- the dispersion) that lies on the interval and that > contains the point of greatest overlap. > > So, in the case of four servers, the truechimer with the largest > offset defines one end of the interval, the truechimer with the > smallest offset defines the other end, and the third truechimer > overlaps these two, with a overlap count of at least two and > possibly three. The falseticker's interval will overlap few if any > of these intervals (or it wouldn't be a falseticker) and will be > eliminated. > > With only three servers, the interval defined by the two > truechimers has no overlap with any other servers, but the > interval defined by one of the truechimers and the falseticker > overlaps the other truechimer, so this is the interval chosen, and > thus the falseticker is still included. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
