[ale] possibility of running an NTP server

[Brian Mathis]

On Wed, Jan 11, 2012 at 12:55 AM, Ron Frazier
<atllinuxenthinfo at c3energy.com> wrote:
> Hi Guys,
>
> Hope you had a Merry Christmas and a Happy start to the new year.  While
> I'll admit that I haven't read all the 200+ messages on the list since
> vacation, I do have a new question I wanted to ask.  I'll go ahead and
> give the caveat that this falls into the category of something that I
> might like to do but may never get around to, or it may be too costly, etc.
>
> For some time, I've had an amateur interest the science of timekeeping.
> Haven't really pursued it.  I've been recently been doing research into
> time servers, and time signals, etc.  I used some Christmas money to get
> a solar atomic watch made by Casio and a couple of solar atomic wall
> clocks made by LaCrosse Technology.  They're very cool.  They receive
> the WWVB time signal from the NIST in Colorado.  They charge themselves,
> and set themselves.  I never have to set them, and I never have to
> replace the batteries, at least until the rechargeable batteries in them
> die, and as long as I give them an adequate dose of light.  The problem
> with the WWVB signal is that it usually doesn't work in the daytime due
> to the ionosphere and other interference.  So, I was trying to
> synchronize my watch and one clock today and they just refused to
> receive the signal enough to work.  Hopefully, they'll pick it up in the
> middle of the night.
>
> In my research, I ran across the NTP Pool project at
> http://www.pool.ntp.org/en/ .  They and people associated with them
> operate a pool of 2904 servers for the purpose of providing NTP time
> service.  They also say, on their site, that they need more servers.
> So, the thought crossed my mind that I could operate an NTP server and
> associate with the pool.  That brings up a bunch of questions.
>
> As I understand it, the time servers / devices are divided into Stratum
> levels.  Stratum 0 devices are the actual atomic clocks, etc. that run
> the world's timekeeping systems at the highest level.  Stratum 1 devices
> are connected to Stratum 0 devices directly, not through the internet.
> I presume that the computer running the radio transmitter at NIST in
> Colorado is a Stratum 1 device.  Stratum 2 devices are more numerous and
> are connected to Stratum 1 devices through the internet.  Stratum 3
> devices are more numerous and are connected to Stratum 2 devices through
> the internet.  This is a useful article on Wikipedia:
> http://en.wikipedia.org/wiki/Network_Time_Protocol .
>
> This document: http://support.ntp.org/bin/view/Servers/WebHome provides
> access to a list of time servers.
>
> This document: http://support.ntp.org/bin/view/Servers/RulesOfEngagement
> shows the rules for usage of the servers.  It discourages use of Stratum
> 1 servers except where Stratum 2 servers are the clients and where those
> servers provide time synchronization to a large number of lower level
> users.  Thus, I'm presuming that, if I were to operate an NTP server,
> mine would be considered a Stratum 3 server and mine would primarily
> reference Stratum 2 servers to get time data.  So, I would set the
> configuration file on my system to have the NTP daemon reference a
> number of Stratum 2 servers for time synchronization data.  As I
> understand it, each network hop adds up to about 150 mS of delay, so I
> would expect my Stratum 3 server to have it's time delayed about 300 mS
> from the upline Stratum 1 source.  Since the Stratum 1 servers are
> connected directly to the atomic clocks, etc, I would expect that the
> time on the Stratum 1 devices differs very little from the true time.
>
> According to this page: http://www.pool.ntp.org/en/join.html regarding
> joining the NTP pool, Stratum 3 or Stratum 4 servers can join the pool.
>
> Assuming I wanted to set up an NTP server, that brings up yet more
> questions.  Can I do it on a residential 3 Mbps up / 16 Mbps down
> connection from Comcast?  Do I really have to have a static IP or can a
> Dynamic DNS name suffice?
>
> Assuming the answers to the last two are yes and yes, I'm assuming I
> would connect the NTP server outside my home hardware firewall /
> router.  So, could I connect things as follows (assume TCP/IP v4):
>
> Internet --> Cable Modem --> 4 Port Router (WAN Port)
>
> The router provides DHCP service to my internal LAN.
>
> 4 Port Router (Port 1) --> NTP Server - Set this port to reserve the
> same internal LAN IP for this server every time by MAC address.  Set up
> a port forwarding rule to forward incoming NTP packets to this IP.
> 4 Port Router (Port 2) --> My normal other internal computers
> 4 Port Router (Wireless) --> My normal other internal computers
>
> Assuming all this works, the NTP server will essentially be outside the
> firewall.  So, what do I need to run the server, an old Pentium 1 300
> MHz laptop, an old 486 laptop, a router with reflashed firmware, Ubuntu,
> a stand alone NTP utility booting off of a CD?  All I would want this
> particular device to do is run NTP and be accessible to me on the
> Internal LAN for maintenance and configuration.
>
> I know the question is a bit vague, and spread out, but any light you
> guys can shed on the topic is appreciated.  Even though I might not be
> able to set up and run a server, I love to learn about these things
> regardless.
>
> Thanks in advance.
>
> Sincerely,
> Ron


Network time servers can work many different ways, either by syncing
with other time servers or by getting their time directly from a
device like a GPS receiver.  The network protocol is very robust and
has been designed and working for years to be extremely accurate, even
given the "best effort" nature of IP networks.  You don't need to be
worrying about how many milliseconds are added per hop or whatever,
that's what the NTP protocol takes care of.

Running a server at home or in a company for internal use is not
problem and you won't need anything special for that.  Running your
own public server, however, is extremely unlikely to be allowed, at
least as part of the official pool, and definitely not from a home
Internet connection.  You generally need to be a university or some
other large organization to be able to participate in the pool.

One of the main reasons for this is trust.  Time keeping is extremely
critical for security, and anyone who runs a server has the potential
ability to skew the clients' clocks and thus enable reuse of expired
certificates, for example.


❧ Brian Mathis