Re: [ntp:questions] Quality vs. Quantity
On Mon, Mar 24, 2014 at 12:26 AM, Danny Mayer ma...@ntp.org wrote: That's a misconception. While I trust Richard Schmidt in what he says, that's is not what you think he says. It's hard to misinterpret 590SG load balancers and : It is the load balancer's duty to assign each incoming NTP request to one of the available servers, balancing the load by round-robin, weighted round-robin, least active connections, or other algorithm. Each NTP server returns packets to the load balancer for forwarding back to the requestor. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
(I inadvertently sent this only to Terje Mathisen) On Sun, Mar 23, 2014 at 12:07 AM, Danny Mayer wrote: What do you mean by load-balancing? NTP cannot be load-balanced. Of course it can (at some cost). On Sun, Mar 23, 2014 at 3:43 AM, Terje Mathisen wrote: You really do NOT want load-balancing of ntp servers!!! Ideally the server would manage this but address based load balancing (presumably as practiced by USNO) solves some problems. DNS balancing (viz. time.nist.gov or pool.ntp.org) is pretty weak but some of that can be mitigated in the server. Still I'd rather have three IP addresses fronting 300 servers than three IP addresses fronting three servers assuming the goal is resilient remote service. But I might still question the assumptions of the OP (the question is unclear) since I expect the number of queries to central public infrastructure to decline over time as the number of clients decrease. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 03/24/2014 03:53 PM, Paul wrote: On Mon, Mar 24, 2014 at 12:26 AM, Danny Mayer ma...@ntp.org wrote: That's a misconception. While I trust Richard Schmidt in what he says, that's is not what you think he says. It's hard to misinterpret 590SG load balancers and : It is the load balancer's duty to assign each incoming NTP request to one of the available servers, balancing the load by round-robin, weighted round-robin, least active connections, or other algorithm. Each NTP server returns packets to the load balancer for forwarding back to the requestor. But I wonder what an active connection is in this context, since NTP sits atop UDP. Do the load balancers track whether an association has been mobilised, and if so do they ensure that a particular client is always served by the same server, at least if the poll interval is reasonable? Jan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On Mon, Mar 24, 2014 at 11:18 AM, Jan Ceuleers jan.ceule...@computer.orgwrote: But I wonder what an active connection is in this context, since NTP sits atop UDP. These are IP based not TCP/IP. Do the load balancers track whether an association has been mobilised They could although the packet inspection code on devices like this (I'm not familiar with the CAI boxes) tends toward HTTP not NTP. , and if so do they ensure that a particular client is always served by the same server, at least if the poll interval is reasonable? That seems unlikely. But we know that the major problems are congestion (which load balancing is fixing) and weak system clocks. Presumably a bit of care would cause the inside-NIST-errors to be swamped by the outside-NIST-errors. And in fact the point of the paper is using PTP with the end result that the intra-farm errors should (it's four years later maybe they are) be in the nano-seconds. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 23.03.2014 03:24, questions-requ...@lists.ntp.org digested: From: Daniel Quick daniel.qu...@gmail.com Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. IMHO the answer to that question changes *a lot* for different kinds of clients. To take one extreme example, if we're talking about appliances which can possibly run for years without a reboot and decades without getting updates installed (but still shall be supported indefinitely), the appropriate precaution would IMHO be to avail yourself of a good-sized chunk of PI IP addresses and have the clients distributed over them DNS-round-robin-style right from day one. The option of having all those different addresses NATed (*) to a farm of servers whose numbers adapt to the actual load follows trivially. If those same appliances are manufactured in numbers you can control, and will mostly or forcibly-all receive and install updates you publish, on the other hand, you can plan for and maintain hardware- and/or firmware-generation-specific sub-platforms on the server side. Note that that also allows you to cleanly transition clients between incompatible server versions - made-up example, switch data *signing* cryptalgorithms - if and when required. Off the other end of the spectrum, dealing with very few software-based senior-sysadmin-shepherded clients that have very high quality requirements IMHO strongly suggests that you want to invest the extra work to set them up with cryptographic authentication and individual key(pair)s, thus making a who the $#§ set up the FQDN 'pool.evil-ntp-underground.ddos.me' to point to our server!? scenario a lot less probable. Then there's possibilities like regional anycasts, running a *pool* of only your own sites, whether you have to deal with restrictive/static/non-DNS-aware client-side firewall configurations (or can have your appliances run a P2P NTP network to take load off your actual *own* servers ;- ), ... Regards, J. Bern (*) Or, if you're afraid that the initialization of NAT with the first client - server packet may introduce a net asymmetric delay, set up each server with umpteen public IPs. -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 03/24/2014 04:58 PM, Paul wrote: On Mon, Mar 24, 2014 at 11:18 AM, Jan Ceuleers jan.ceule...@computer.org mailto:jan.ceule...@computer.org wrote: But I wonder what an active connection is in this context, since NTP sits atop UDP. These are IP based not TCP/IP. So there's even less of a notion of connection. And in fact the point of the paper is using PTP with the end result that the intra-farm errors should (it's four years later maybe they are) be in the nano-seconds. Yes, that's true. The OP wanted to know about NTP clusters, so I guess there are two lessons here: - either do what NIST did and ensure that your NTP cluster servers are so closely synced with each other that they are indistinguishable by clients; - or ensure that your load balancer ensures an association between clients and servers which persists for long enough (given the poll interval, probably to be multiplied by a safe factor, e.g. 3). Jan ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 2014-03-24 08:53, Paul wrote: On Mon, Mar 24, 2014 at 12:26 AM, Danny Mayer ma...@ntp.org wrote: That's a misconception. While I trust Richard Schmidt in what he says, that's is not what you think he says. It's hard to misinterpret 590SG load balancers and : It is the load balancer's duty to assign each incoming NTP request to one of the available servers, balancing the load by round-robin, weighted round-robin, least active connections, or other algorithm. Each NTP server returns packets to the load balancer for forwarding back to the requestor. I hope that description is inaccurate, because of the additional delay and jitter added by passing twice through the front end. I would expect the load balancer to only provide the IP addresses of the currently lowest loaded and highest quality servers closest to the client, as the NTP Pool does. -- Take care. Thanks, Brian Inglis ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
Paul G wrote: (I inadvertently sent this only to Terje Mathisen) On Sun, Mar 23, 2014 at 12:07 AM, Danny Mayer wrote: What do you mean by load-balancing? NTP cannot be load-balanced. Of course it can (at some cost). Obviously. As I noted plain ntp client requests, without signatures or any other stateful features, can indeed be serviced by multiple servers as long as they are all keeping the exact same (within the network timing jitter limits) time. In a national lab I'd assume that those S1 servers are kept at the sub-us level. On Sun, Mar 23, 2014 at 3:43 AM, Terje Mathisen wrote: You really do NOT want load-balancing of ntp servers!!! Ideally the server would manage this but address based load balancing (presumably as practiced by USNO) solves some problems. DNS balancing (viz. time.nist.gov or pool.ntp.org) is pretty weak but some of that can be mitigated in the server. Still I'd rather have three IP addresses fronting 300 servers than three IP addresses fronting three servers assuming the goal is resilient remote service. Even better would be 300 IP addresses fronting those 300 servers, with some form of round-robin DNS and the use of the pool directive by the clients. But I might still question the assumptions of the OP (the question is unclear) since I expect the number of queries to central public infrastructure to decline over time as the number of clients decrease. Huh? I'd rather expect the current trends to continue, with more and more gear starting to use (often very bad subsets of) the ntp protocol for time sync. In an idea world we would have lots lots of S1 and S2 servers all around the world, and all the clients would use 'pool' to automatically detect the best servers to connect to. Terje -- - Terje.Mathisen at tmsw.no almost all programming can be viewed as an exercise in caching ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On Mon, Mar 24, 2014 at 1:42 PM, Terje Mathisen terje.mathi...@tmsw.no wrote: Huh? I'd rather expect the current trends to continue, with more and more gear starting to use (often very bad subsets of) the ntp protocol for time sync. The fastest growing device (and for many many people the only) segment is mobile. They don't use NTP pool* resources. Apple devices use Apple servers (slowly). I expect most mobile devices get time from the mobile network (I don't know about random other tablets). I have appliances that use NTP. Some point to specific places, some use pool, some use DHCP and some let you specify via a web page. I don't think the future is the past where a few thousand misconfigured SOHO routers escape into the wild and grind someone down. It may not be fair to exclude zillions of machines using bootleg copies of windows but I do. In an idea world we would have lots lots of S1 and S2 servers all around the world, and all the clients would use 'pool' to automatically detect the best servers to connect to. In my ideal world the GPS everyone is carrying around would be an SNTP server for that person. *I still don't really understand the original question but perhaps it was about pool.ntp.org. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On Mon, Mar 24, 2014 at 1:37 PM, Brian Inglis brian.ing...@shaw.ca wrote: I hope that description is inaccurate, because of the additional delay and jitter added by passing twice through the front end. It may not be the case now but that would be an enormous error on the part of the authors. Well designed load balancers run at wire speed (at least up to 1G) and shouldn't add any more jitter than any other switch. By the way the 590SG only has four ports. Uplink, Downlink, Mirror and (probably) Manage. It probably has less jitter than the router it's plugged into. I would expect the load balancer to only provide the IP addresses of the currently lowest loaded and highest quality servers closest to the client, as the NTP Pool does. That's not what IP load balancers do. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
Daniel Quick wrote: While this should be obvious, I always have to ask how and why... While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. You really do NOT want load-balancing of ntp servers!!! Put them all in a pool and let the clients connect to all, distributing the load automatically. Terje Any input would be appreciated. Thanks, Daniel -- - Terje.Mathisen at tmsw.no almost all programming can be viewed as an exercise in caching ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
Background: NIST operates a DNS load balancer for NTP: time.nist.gov See http://tf.nist.gov/tf-cgi/servers.cgi USNO operates a server load balancer for NTP. See for example: http://tycho.usno.navy.mil/ptti/2010papers/paper9.pdf On Sun, Mar 23, 2014 at 2:43 AM, Terje Mathisen terje.mathi...@tmsw.nowrote: Daniel Quick wrote: While this should be obvious, I always have to ask how and why... While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. You really do NOT want load-balancing of ntp servers!!! Put them all in a pool and let the clients connect to all, distributing the load automatically. Terje Any input would be appreciated. Thanks, Daniel -- - Terje.Mathisen at tmsw.no almost all programming can be viewed as an exercise in caching ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 3/23/2014 9:43 AM, steven Sommars wrote: Background: NIST operates a DNS load balancer for NTP: time.nist.gov See http://tf.nist.gov/tf-cgi/servers.cgi USNO operates a server load balancer for NTP. See for example: http://tycho.usno.navy.mil/ptti/2010papers/paper9.pdf That's a misconception. While I trust Richard Schmidt in what he says, that's is not what you think he says. A DNS server can only respond with a list of IP addresses and the normal design of most users is to take the first one in the list. That's why most DNS servers will do round-robin of the list, and is certainly true of BIND and Microsoft's DNS servers. However an NTP server (and just about every application that uses DNS) usually takes the first one and holds onto it for the life of the application. In NTP we have started to take a different approach and the pool option will use all of the returned IP addresses. On the drawing boards is the idea that if a server doesn't respond after a while the address can be dropped and another DNS query is done to get a new set of addresses to be used. On the NTP inference engine side, keeping the same address allows it to stabilize since if you get different answers from what is claimed to be the same address you will be receiving entirely diffeent timestamps that will have that address with wildly fluctuating information and that will always get dropped as a candidate for a truechimer. Danny On Sun, Mar 23, 2014 at 2:43 AM, Terje Mathisen terje.mathi...@tmsw.nowrote: Daniel Quick wrote: While this should be obvious, I always have to ask how and why... While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. You really do NOT want load-balancing of ntp servers!!! Put them all in a pool and let the clients connect to all, distributing the load automatically. Terje Any input would be appreciated. Thanks, Daniel -- - Terje.Mathisen at tmsw.no almost all programming can be viewed as an exercise in caching ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] Quality vs. Quantity
While this should be obvious, I always have to ask how and why... While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. Any input would be appreciated. Thanks, Daniel ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On Sat, Mar 22, 2014 at 8:54 PM, Daniel Quick daniel.qu...@gmail.comwrote: While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. What if the number of queries over time is decreasing? ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Quality vs. Quantity
On 3/22/2014 8:54 PM, Daniel Quick wrote: While this should be obvious, I always have to ask how and why... While considering that the number of requests to our time servers will grow over time since the client decides which server to sync with. Do we want a Netspeed setting that assists with taking the load off some of the more heavily, higher-speed servers? or do we want to keep a setting where we serve fewer clients with the highest resolution of time given specific setup and let the client queries grow from there? I suppose this also takes into the smart dns load-balancing that goes on in the background. What do you mean by load-balancing? NTP cannot be load-balanced. NTP does a lookup and gets a specific address and continues to use it every poll interval. If the server is unavailable then it doesn't matter since it also queries other servers and decides based on a number of factors which is likely to give the most accurate and precise timestamp at that moment. That changes as traffic, network congestion, availability changes and NTP will dynamically choose a different source for time. If the DNS has a number of addresses associated with a fully qualified domain name then NTP can take advantage of that and use all of them if you use the pool configuration option. Danny ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions